From MailScanner at ecs.soton.ac.uk Sat Jan 1 12:58:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: An express checkout? [was: Re: Postfix and Mailscanner sitting in a tree k-iss-ing] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] paddy wrote: >Upon reflection I can't see a 'simple criteria' that's cheap enough to be >a no-brainer to use unless you can do some processing before the incoming mail >first goes to disk. > > The message has not been received until it has hit the disk. So you're proposing working on a message using partial information to start with, to try to guess the spammy state of it. > (My first choice would be originating IP. I did briefly, in desperation, > consider size). Anything else is just equivalent to what MailScanner > already does (dispatch RBL queries early, etc) only my suggestions > were weaker :) > > I already split incoming and outgoing mail on my site. Surely just having separate servers for mail going in different directions is the easiest. > I'm also imagining that any processing before the mail hits disk > is at a premium in a DoS/highload situation, although that may not be the > case if the cpu is not the bottleneck ... > > Interesting thought. Would only work with some MTA's though, it depends on how they write the messages to disk. We're assuming here that a message's metadata gets written first, and potentially long before the message body. >I don't think the express checkout idea is necessarily a totally lost cause: > > sure, the cost of scheduling can easily drown the value, but a system > where the order of operations effects the cost is a promising target. > > One of the major factors here, which I don't think you have commented on, is that scanning the queue directory at all is a very expensive operation when the queue is large. Which is why I have the "emergency queue-clearing mode". Just looking at all the queue files at all can take a long time and involve loads of i/o. So the cost of the express checkout tests may well swamp any performance gain you get. > the original intention - differential QoS based on approximate spamminess - > still seems good. The problem is implementing it at acceptable costs. > (remember Magnus Pike?) > > Oh yes. One of my great aunts lived next door to him in Hammersmith. Very funny guy. MailScanner, in a way, already tries to do quite a lot of the checking you mention above if you let it. If you have a good RBL such as SBL+XBL, and use a config like this: Spam List = SBL+XBL Check SpamAssassin If On Spam List = no Spam Lists To Reach High Score = 1 High Scoring Spam Actions = delete (the 3rd setting is just so I can use the High scoring action to delete RBL hits, which will probably fit in to your site policy rather better than using the normal scoring action) Doing this will completely get rid of any messages hitting the RBL without any operation on the message body at all. It is all done based on the content of the headers/envelope. > > I also had this vague idea that using directories for the elevator in the > CriticalQueue condition might be cheaper than sorting by date, but the > problem is obvious .... > >What I realise is: > > I don't really understand the trade-off between batch size and MaxChildren > > I'd certainly appreciate it if you, or anyone for that matter :), could help > me with this. Since they are both limits, I imagine that describing the > limiting conditions will help. > > Smaller batches make virus scanning less efficient, but produce a more "responsive" system under load. The message bandwidth is less (less messages/hour) but the message latency (delay through MS) can be a lot less. So if you inject a message one end, it pops out the other end sooner. The cost is that you can't inject so many messages/hour. MaxChildren should be set so that all the available resources are being used all the time. Set it too high and the machine will spend too much of its time context-switching between children, and too little time actually doing useful work. Set it too low and there will be times when at least one of the i/o, disk or net will be idle, which wastes resources. My initial estimates of 5 per CPU, and possibly 8 per hyper-threaded CPU, were based on some early testing I did on a dual-cpu box I've got. 5 per cpu gave very good throughput, and the system wasn't context-switching excessively. If you have a quiet machine, by all means set it to less. I assume that MailScanner will be running 100% or nearly 100%. After all, if the machine is quiet, who cares if I waste a few resources. No-one else wanted them anyway. > I'm just re-reading the notes in the conf file. > > Does a mailscanner child really consume ~20MB ? Why ? > > If you are running SpamAssassin it can easily be double that. Perl processes are big, as the Perl compiler is very big and needs to be in each process (so you can use cool things like "eval" in your program). Ram is very cheap anyway. > based on your 'try 5 children per CPU' comment, I'm guessing that more > children = more cpu heavy (which makes sense anyway). > (must fix my CPU utlisation logging! :) > > Is there even a BatchSize type option? Is MailScanner even batch-oriented > in the way I had imagined? is MaxUnscannedMessagesPerScan it ? > > There are 4 options there: Max Unscanned Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 This stops batches getting too big by picking up several huge messages all in the same batch. Total batch size = number of messages * average message size So you need to limit both the number of messages and the message size to have control of that calculation. > I'm also amused to discover (see previous mail) I have > > Max Normal Queue Size = 5000 > > I would recommend lowering that, it's pretty big. Try about 1000 or so. > This reminds me of the 'per-user spamsassasin' thread tonight. There are > already so many options, no doubt for each one there is somebody who > really needs it, but nobody could really need them all (could they?), > and the idea that anybody needs a new one should at least attract a > little skepticism. But then, I expect I'm preaching to the priest ! > > would any of the options make sense in multiple units? > for (over)simplified example: 5000 mails or 5 mails per GHz of cpu > perhaps this is best left to admin and configuration tools? > > It's not as simple as just CPU speed. It's a lot more complex than that. >And it's easy to think you (I mean me, of course!) know what going on, until .... > >I wish you a Very Happy New Year ! > > Happy New Year to you too! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 13:18:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: MailScanner ANNOUNCE Stable 4.37 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable release, 4.37.7. The main new features this month include: -- More phishing net improvements -- Spam/MCP archive kept clean of viruses so infected spam cannot be recovered by your users -- Arbitrary headers can be added to non-/low-scoring/high-scoring spam to ease upgrading of other systems to MailScanner -- Sendmail split queues supported Download as usual from www.mailscanner.info The full Change Log is: * New Features and Improvements * - When stripping HTML messages to plain text, the contents of script and style tags are omitted. - Phishing net improved to ignore email addresses. - Now supports split sendmail queues where any incoming mqueue.in directory can have qf, df, xf, tf subdirectories, each containing the appropriate type of file for each message. This will greatly speed operation on big queues as the directories will be less than half the size of a combined queue directory. - New option "Keep Spam And MCP Archive Clean" which forces it to virus scan all spam that is quarantined. Any spam (or MCP messages) found to be virus- infected are removed from the quarantine, so you can safely let your users have access to the spam archive safe in the knowledge that they cannot get any viruses out of it. Note: This feature is disabled by default, as most people won't want the performance hit of all the extra scanning, as they don't their users access to the spam quarantine anyway. - Changed Postfix handling so that "Archive Mail" feature creates files with unique names so that re-used message-ids don't cause overwriting of older files in the same day with the same message-id. - Spam and MCP actions (and of course their non- and high-scoring- alternatives can now include extra headers which are added in each case. These entire headers must be contained in double quotes. So for example, you can have Spam Actions = header "X-Spam-Status: yes" deliver and the message will be delivered but with the extra header X-Spam-Status: yes added to the message. * Fixes * - Fixed sendmail and ZMailer problem where subject lines starting with a line-break were not tagged correctly. - Fixed minor problems with multi-line Subject: headers. - Fixed bugs with some MTAs when keeping spam archive clean. - %vars% in MailScanner.conf are now handled properly in "other" settings. - Fixed problem with correctly removing Phishing frauds from badly formatted html with missing tags before corresponding . - Fixed problem with message duplication on some sendmail systems. - Worked around Perl bug causing crashes with a few bounces from Hotmail. - Fixed problems stopping SPF checks working properly. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From Felix.Schwarz at WEB.DE Sat Jan 1 17:11:59 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:04 2006 Subject: SpamAssassin preferences for every domain Message-ID: Hi Julian, Julian Field wrote: > Amavis (in all 4 split versions) runs at delivery time, so all the > resolution email address ---> user name has been done by the MTA. > MailScanner fits in before this resolution has been done, so would have > to do all the resolution itself, which is "hard". It varies hugely > between different MTAs and is impractical to implement in MailScanner. Different SpamAssassin preferences would be apply on a from/envelope base (not on a "real user" base). > You can change the threshold scores, delivery actions, and black+white > lists per user and per domain within MailScanner anyway. If you take a > look at the Bayes scores in the most recent SA release, you will see > they don't actually have a huge effect any more anyway, as the system > has been largely defeated by spammers. I'm quite suprised to see that Bayes is not very useful to many people. I searched my private mailbox and found that most of my spam mail are tagged with Bayes_99 (403/435 spam mails within the last two days) or at least BAYES_9x (426/435 mails). Because it worked so well I raised the score for Bayes_99 to 4.00 some months ago (1 or 2 two false positives within the last month). I would like to know how useful is Bayes to you all? Is my bayes filter only exceptionally well trained? -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Jan 1 17:14:58 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:04 2006 Subject: [OT] sendmail equivalent of zmailer's MaxSameIpSource ?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Probably better than what we're doing, at least for a single server for realtime blocking. I did something similar earlier in my career and it wasn't pretty - our primary routes went down and I had all the mail flowing through a single T1... the server got clogged up with attachments, connections started crawling and I ended up firewalling every major ISP in the United States :) You might want to resolve those addresses too and check against major providers. I regularly have few hundred connections from legit ISP's (especially foreigners) on production servers so you might want to have an exclusion list and some sort of a backend db to track these drops over time (most of the folks we block are notorious repeat offenders or open relays and such). -Vlad paddy wrote: >netstat -n | grep :25 | cut -c45-65 | sed 's/:.*//' | sort | uniq -c | egrep "^ *[0-9]{2}" > >then I'm thinking, poor man's snort: > >tcpdump -s0 -w host $IP > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 17:23:58 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I was just looking around for a frontend for MS - came across the Webmin module, but the last beta is from February... is it working nicely, or are there any better programs? Tnx, -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 18:31:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] To start with, check out MailWatch. There is also a new product due out very soon, join the announcement list and you will get to hear about it. Should only be a few more weeks (hopefully!) :) Garry Glendown wrote: > Hi, > > I was just looking around for a frontend for MS - came across the Webmin > module, but the last beta is from February... is it working nicely, or > are there any better programs? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 18:37:18 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > To start with, check out MailWatch. Nope, sorry, I meant a tool to allow easier configuration for non-CLI-phile users ;) -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Jan 1 18:45:03 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Garry Glendown wrote: > Julian Field wrote: > >> To start with, check out MailWatch. > > > Nope, sorry, I meant a tool to allow easier configuration for > non-CLI-phile users ;) No offence, but if you can't configure it using MailScanner.conf you shouldn't be using it ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 18:49:30 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: > Garry Glendown wrote: > >> Julian Field wrote: >> >>> To start with, check out MailWatch. >> Nope, sorry, I meant a tool to allow easier configuration for >> non-CLI-phile users ;) > No offence, but if you can't configure it using MailScanner.conf you > shouldn't be using it _I_ can, and I even _do_ (imagine!), but I'm not looking for using it myself, but for a customer site that doesn't have people that should be messing with the main config, but still I want to give the the possibility of modifying site-specific parts (e.g. per-user black/whitelist, file filter, etc.) -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 18:53:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: > Garry Glendown wrote: > >> Julian Field wrote: >> >>> To start with, check out MailWatch. >> >> >> >> Nope, sorry, I meant a tool to allow easier configuration for >> non-CLI-phile users ;) > > > > No offence, but if you can't configure it using MailScanner.conf you > shouldn't be using it Now, now. That was not called for. A GUI tool for configuring it is very much needed, and something will appear in the next few weeks. In the mean time, read MailScanner.conf from start to finish, making a few notes as you go along. If in doubt, leave a setting alone. My supplied defaults are all pretty sane, you shouldn't need to tweak more than 3 or 4 settings in the whole file to start with. Don't try playing with all the settings until you really know what you are doing, change as little as possible for now. The comments above each setting in MailScanner.conf do explain basically how to use each of them, but the MAQ and the FAQ (and the book of course) do explain the more advanced ones, along with how to use rulesets and such subjects. The configuration system is extremely flexible and you can do some very clever things with it. Just don't try to do it all at once! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 18:56:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Garry Glendown wrote: > _I_ can, and I even _do_ (imagine!), but I'm not looking for using it > myself, but for a customer site that doesn't have people that should be > messing with the main config, but still I want to give the the > possibility of modifying site-specific parts (e.g. per-user > black/whitelist, file filter, etc.) The new package should do this for you very nicely. But no more info until it's ready for release. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marco at XSSNET.COM Sat Jan 1 18:52:13 2005 From: marco at XSSNET.COM (Marco Benton - BOFH) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | To start with, check out MailWatch. | There is also a new product due out very soon, join the announcement | list and you will get to hear about it. Should only be a few more weeks | (hopefully!) :) | i am dying of anticipation! can this frontend support multiple instances of MS running on the same server? i'm a CLI freak but some of my customers may like a GUI. :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB1vFd2+PYgoYkw8ERAh7MAKCC51qp3yvDGOZoGKoCsE3er/qjFgCgoPhO qA901Hq0QnKk9FSVaikbEkQ= =cmIP -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 19:18:51 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Garry Glendown wrote: > >> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >> myself, but for a customer site that doesn't have people that should be >> messing with the main config, but still I want to give the the >> possibility of modifying site-specific parts (e.g. per-user >> black/whitelist, file filter, etc.) > The new package should do this for you very nicely. But no more info > until it's ready for release. Tnx, looking forward to it! ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sat Jan 1 19:24:08 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Hi! > can this frontend support multiple instances of MS running on the same > server? i'm a CLI freak but some of my customers may like a GUI. :) Why would you want multiple instances? You can run 1 instance with rulesets, per customer, what do you wanna do wthat cant be done with 1 instance ? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marco at XSSNET.COM Sat Jan 1 19:39:21 2005 From: marco at XSSNET.COM (Marco Benton) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raymond Dijkxhoorn wrote: | Hi! | |> can this frontend support multiple instances of MS running on the |> same server? i'm a CLI freak but some of my customers may like a |> GUI. :) | | | Why would you want multiple instances? You can run 1 instance with | rulesets, per customer, what do you wanna do wthat cant be done | with 1 instance ? for different mail queues that are seperate... under *very* rare situations a site may want multiple queues with multiple priorites and multiple rules for each queue. MS can do 1 queue (unless i am completely wrong) w/ multiple rules. like a multi-homed server with oodles of IP addresses all having their own Sendmail instance and queue priorites and such. i know this sounds insane but i've done this and works well. i'm sure i'll be flamed for saying this. :) - -- Marco Benton - BOFH, BSMFH BOFH excuse #256: The cause of the problem is: That would be because the software doesn't work. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB1vxp2+PYgoYkw8ERAjcIAKDCnfPNNxnMBgM1UtNtz+jQD1iwOQCdFQBw T3J3gD5qZf/F4w2oyckNeAQ= =3/m2 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 19:58:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marco Benton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Raymond Dijkxhoorn wrote: > > | Hi! > | > |> can this frontend support multiple instances of MS running on the > |> same server? i'm a CLI freak but some of my customers may like a > |> GUI. :) > | > | > | Why would you want multiple instances? You can run 1 instance with > | rulesets, per customer, what do you wanna do wthat cant be done > | with 1 instance ? > > > for different mail queues that are seperate... under *very* rare > situations a site may want multiple queues with multiple priorites and > multiple rules for each queue. MS can do 1 queue (unless i am > completely wrong) w/ multiple rules. like a multi-homed server with > oodles of IP addresses all having their own Sendmail instance and > queue priorites and such. MS can do multiple queues. Read the docs about the incoming queue dir setting. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sat Jan 1 20:01:23 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Hi! >> | Why would you want multiple instances? You can run 1 instance with >> | rulesets, per customer, what do you wanna do wthat cant be done >> | with 1 instance ? >> for different mail queues that are seperate... under *very* rare >> situations a site may want multiple queues with multiple priorites and >> multiple rules for each queue. MS can do 1 queue (unless i am >> completely wrong) w/ multiple rules. like a multi-homed server with >> oodles of IP addresses all having their own Sendmail instance and >> queue priorites and such. > MS can do multiple queues. Read the docs about the incoming queue dir > setting. We even use seperate outgoing queues for some domains (thanks Julian), that could also be done with some custom rulesets, on one instance ... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marco at XSSNET.COM Sat Jan 1 20:45:11 2005 From: marco at XSSNET.COM (Marco Benton) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raymond Dijkxhoorn wrote: | | We even use seperate outgoing queues for some domains (thanks | Julian), that could also be done with some custom rulesets, on one | instance ... | that's all fine and nice... but like i said, under very rare situations... i may have mis-spoke when saying 1 queue, i meant it acts like it's 1 queue. lets move on... i have tried what is in the doco (and as Julian pointed out) and priority was unacceptable under ridiculous load of say one queue having 16,000 msgs to be processed and another queue barely empty... you can have a High priority msg waiting for quite some time even tho the rest of the msgs are Normal priority. and which ruleset can do this may i ask (just went through the MailScanner manual again)? unless queueing priority was fixed recently that didnt end up in the changelog? there were other reasons as well but i cant remember as it was a long time ago. and i again reiterate using rulesets... i never said i didnt try nor said it couldnt be done, i am doing amazing things with rulesets. so instead of saying "yeah it works for me woohoo!!!..." try giving me an example of what i said in the previous email/post? :) - -- Marco Benton - BOFH, BSMFH BOFH excuse #256: The cause of the problem is: That would be because the software doesn't work. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB1wvW2+PYgoYkw8ERAmawAJkBWbeBuwx0xrqWipibP1LWQyrXBQCgyGKs ONONmkqUq3tZH51nF2xPUP0= =jc4K -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Sat Jan 1 21:04:11 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:04 2006 Subject: [OT] sendmail equivalent of zmailer's MaxSameIpSource ?? Message-ID: On Sat, Jan 01, 2005 at 12:14:58PM -0500, Vlad Mazek wrote: > Probably better than what we're doing, at least for a single server for > realtime blocking. I did something similar earlier in my career and it > wasn't pretty - our primary routes went down and I had all the mail > flowing through a single T1... the server got clogged up with > attachments, connections started crawling and I ended up firewalling > every major ISP in the United States :) > > You might want to resolve those addresses too and check against major > providers. I regularly have few hundred connections from legit ISP's > (especially foreigners) on production servers so you might want to have > an exclusion list and some sort of a backend db to track these drops > over time (most of the folks we block are notorious repeat offenders or > open relays and such). Vlad, That is such a cool name. I wish I was called Vlad! First I should say this: I just read the part of the snort FAQ where it points out the dangers of combining automated firewalling response with a spoofed source. :) I'm not on top of this yet! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! PLEASE DO _NOT_ USE THE QUOTED SCRIPT TO FEED YOUR FIREWALL !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I have not had time to check that netstat's idea (from /proc/net) of a connection is spoof-proof. That said, I can return to my ordinary verbose conversational maner: I confess I can't follow this, although the war-story element comes through loud and clear. Although I (half-)joke about firewalling the world out of existence, I am extremely reticent about using such devices, not least because the boxes in question are in a cupboard 3000 miles away (I must say, the valueweb reboot service is good). I _do_, currently, intend to implement a simple 'maximum connections from a single souce' service that allows transactions to continue at that maximum level from that source, and I plan to post my solution here when I have it, if for no other reason than you cannot buy peer-review (okay, so I wish to share :). It might be better to return a 4xx smtp code, rather than than just drop the connection. If anyone can explain why this is so, I'm all ears. Based on a philosphy of limiting the number of connections, rather than firewalling sources entirely, I see no obvious reason to discriminate beteween sources, but I'd happily be persuaded otherwise: all grist to the mill. I'm currently looking at the snort related options, to see what I can learn. Happy new year! Regards, Paddy > Vlad reminded me that: > paddy wrote: > > >netstat -n | grep :25 | cut -c45-65 | sed 's/:.*//' | sort | uniq -c | > >egrep "^ *[0-9]{2}" > > > >then I'm thinking, poor man's snort: > > > >tcpdump -s0 -w host $IP -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Sat Jan 1 21:29:57 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Julian, Seems like Marco has a good point, no doubt the info-dept on planet-secret has already heard, but just in case I'll throw my (must-be-negative-karma-by-now;) weight behind this: it is inevitable that admins will do stuff like this on a single box. even if one ignores that, some admins have too deal with more than one box. Regards, Paddy On Sat, Jan 01, 2005 at 03:45:11PM -0500, Marco Benton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Raymond Dijkxhoorn wrote: > > | > | We even use seperate outgoing queues for some domains (thanks > | Julian), that could also be done with some custom rulesets, on one > | instance ... > | > > that's all fine and nice... but like i said, under very rare > situations... i may have mis-spoke when saying 1 queue, i meant it > acts like it's 1 queue. lets move on... > > i have tried what is in the doco (and as Julian pointed out) and > priority was unacceptable under ridiculous load of say one queue > having 16,000 msgs to be processed and another queue barely empty... > you can have a High priority msg waiting for quite some time even tho > the rest of the msgs are Normal priority. and which ruleset can do > this may i ask (just went through the MailScanner manual again)? > unless queueing priority was fixed recently that didnt end up in the > changelog? > > there were other reasons as well but i cant remember as it was a long > time ago. > > and i again reiterate using rulesets... i never said i didnt try nor > said it couldnt be done, i am doing amazing things with rulesets. so > instead of saying "yeah it works for me woohoo!!!..." try giving me > an example of what i said in the previous email/post? :) > > - -- > > Marco Benton - BOFH, BSMFH > > BOFH excuse #256: The cause of the problem is: That would be because > the software doesn't work. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (GNU/Linux) > > iD8DBQFB1wvW2+PYgoYkw8ERAmawAJkBWbeBuwx0xrqWipibP1LWQyrXBQCgyGKs > ONONmkqUq3tZH51nF2xPUP0= > =jc4K > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Sun Jan 2 09:05:36 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Hi list! I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root of my filesystem. When I delete them, they keep coming back. Shouldn't they be in the homedir of the root user? Thanx! Remco ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 2 11:27:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, but where is the home dir of the root user, according to /etc/passwd? Remco Barendse wrote: > Hi list! > > I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root > of my filesystem. > > When I delete them, they keep coming back. Shouldn't they be in the > homedir of the root user? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Sun Jan 2 11:56:03 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: on RH you have to change the /etc/crontab HOME to /root if you run the updates in cron.daily. Maybe on other linux dist. is it the same. Koen Julian Field wrote: Yes, but where is the home dir of the root user, according to /etc/passwd? Remco Barendse wrote: Hi list! I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root of my filesystem. When I delete them, they keep coming back. Shouldn't they be in the homedir of the root user? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Koen Teugels N.V. NEXIS S.A. Chaussee de Namur 79 1300 Wavre Belgium Visit us at http://www.nexis.be e-mail : kte@nexis.be tel.: +32 (0)10 81.81.81 fax: +32 (0)10 81.81.80 visit us at : http://www.nexis.be ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/JPEG 13KB. ] [ Unable to print this part. ] From kte at NEXIS.BE Sun Jan 2 12:00:41 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: sorry about the html signature Message-ID: Just forget to remove it sometimes sorry Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Sun Jan 2 12:01:24 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / no html signature Message-ID: on RH you have to change the /etc/crontab HOME to /root if you run the updates in cron.daily. Maybe on other linux dist. is it the same. Koen Julian Field wrote: Yes, but where is the home dir of the root user, according to /etc/passwd? Remco Barendse wrote: Hi list! I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root of my filesystem. When I delete them, they keep coming back. Shouldn't they be in the homedir of the root user? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Sun Jan 2 17:19:44 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: This is from /etc/passwd root:x:0:0:root:/root:/bin/bash cron:x:16:16:cron:/var/spool/cron:/bin/false Guess that's not it, nor the root of the cron user? I have this behaviour on a gentoo box and on a RHEL box. On Sun, 2 Jan 2005, Julian Field wrote: > Yes, but where is the home dir of the root user, according to /etc/passwd? > > Remco Barendse wrote: > >> Hi list! >> >> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root >> of my filesystem. >> >> When I delete them, they keep coming back. Shouldn't they be in the >> homedir of the root user? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Mon Jan 3 00:29:04 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:04 2006 Subject: An express checkout? [was: Re: Postfix and Mailscanner sitting in a tree k-iss-ing] Message-ID: On Sat, Jan 01, 2005 at 12:58:13PM +0000, Julian Field wrote: > paddy wrote: > > >Upon reflection I can't see a 'simple criteria' that's cheap enough to be > >a no-brainer to use unless you can do some processing before the incoming > >mail > >first goes to disk. > > > > > The message has not been received until it has hit the disk. Being excessively pedantic for a moment: I would put the moment of receipt at the transmission of the 2xx packet responding to the DATA command. Best practice would be that the message is either already commited to non-volatile storage, or is already delivered elsewhere. So, yes! Agreed. > So you're > proposing working on a message using partial information to start with, > to try to guess the spammy state of it. I normally start from the assumption that a test of spaminess is turing-equivalent - that it takes a human being to say what they consider to be spam. Amusingly, shortly after I first read this I came accross a 'not-spam' message in my spam folder, examined the headers to see which rules it had hit, and came to the conclusion 'looks like spam, is spam'. So, my theory is somewhat at odds with my practice. Thanks to Larry McVoy for helping me to feel comfortable with that ;) Trying to guess spamminess from partial info is not new, but for-all-I-know using that information to prioritise workload, rather than outright reject email may be (prior art in mailscanner, etc excepted ;) > > (My first choice would be originating IP. I did briefly, in desperation, > > consider size). Anything else is just equivalent to what MailScanner > > already does (dispatch RBL queries early, etc) only my suggestions > > were weaker :) > > > > > I already split incoming and outgoing mail on my site. Surely just > having separate servers for mail going in different directions is the > easiest. I'm sorry, I don't follow this. A DoS can pick a single server or MX group, and potentially hammer them into the ground. While there are certainly resources outside the bounds of MailScanner that deal with such problems, as you have already indicated, MailScanner does not live on an island where such problems can be totally ignored. It may be that the particular concern that I have chosen is not, in fact, a consideration for mailscanner, and I just haven't seen the light yet. My outgoing mail is a fraction of my incoming mail - neglible in fact. (Although, I appreciate, you may find that hard to believe ;) > > I'm also imagining that any processing before the mail hits disk > > is at a premium in a DoS/highload situation, although that may not be the > > case if the cpu is not the bottleneck ... > > > > > Interesting thought. Would only work with some MTA's though, That postfix thing just keeps haunting this thread! Sendmail is familiar territory to me and I imagine it wouldn't be to diffcult to arrange a milter that caches certain info and makes it available to a mailscanner process later in the pipeline. I spent a little time looking into postfix (I really wanted to write a program called 'prim':) and the same hook appears to exist there. I'd expect to find the possibility in most modern general purpose MTAs, although I wouldn't expect it to be trivial to set up. > it depends on how they write the messages to disk. I don't follow you here. My objective would be to grab the relevent info before it hits disk at all if I could. My speculation on grabbing the buffers still in RAM after a disk commit, was ... interesting, but a bit random - might work though :) > We're assuming here that a > message's metadata gets written first, and potentially long before the > message body. so it could be hard to know when to grab the buffers ? > >I don't think the express checkout idea is necessarily a totally lost > >cause: > > > > sure, the cost of scheduling can easily drown the value, but a system > > where the order of operations effects the cost is a promising target. > > > > > One of the major factors here, which I don't think you have commented > on, is that scanning the queue directory at all is a very expensive > operation when the queue is large. Which is why I have the "emergency > queue-clearing mode". Just looking at all the queue files at all can > take a long time and involve loads of i/o. So the cost of the express > checkout tests may well swamp any performance gain you get. Absolutely. Which is why I'm looking so desperately to avoid that cost. The whole idea doesn't work if you have to read all the files. > > the original intention - differential QoS based on approximate spamminess > > - > > still seems good. The problem is implementing it at acceptable costs. > > (remember Magnus Pike?) > > > > > Oh yes. One of my great aunts lived next door to him in Hammersmith. Cool! > Very funny guy. Absolutely! > MailScanner, in a way, already tries to do quite a lot of the checking > you mention above if you let it. If you have a good RBL such as SBL+XBL, > and use a config like this: > > Spam List = SBL+XBL > Check SpamAssassin If On Spam List = no > Spam Lists To Reach High Score = 1 > High Scoring Spam Actions = delete > > (the 3rd setting is just so I can use the High scoring action to delete > RBL hits, which will probably fit in to your site policy rather better > than using the normal scoring action) > > Doing this will completely get rid of any messages hitting the RBL > without any operation on the message body at all. It is all done based > on the content of the headers/envelope. I started with a pair of RBLs, i think. then just ORBS, then switched to SPAMCOP. SpamCop has given me headaches with mailling-lists. I plan to switch to SBL+XBL, but I regard this as quite a big move. I call the RBL our 'backstop' - its saved me several times in the last year or so. I vaguely recall that when SA times out, we fall back to just RBLs, and that sometimes, thats precisely why I have a long queue anyway. I have been reticent to employ Check SpamAssassin If On Spam List = no because I like to see a score, but I might look at the possibility of a custom function if there is not already a high-load cut-out on this config option. I like that idea! > > > > I also had this vague idea that using directories for the elevator in > > the > > CriticalQueue condition might be cheaper than sorting by date, but the > > problem is obvious .... > > > >What I realise is: > > > > I don't really understand the trade-off between batch size and MaxChildren > > > > I'd certainly appreciate it if you, or anyone for that matter :), could > > help > > me with this. Since they are both limits, I imagine that describing the > > limiting conditions will help. > > > > > Smaller batches make virus scanning less efficient, but produce a more > "responsive" system under load. The message bandwidth is less (less > messages/hour) but the message latency (delay through MS) can be a lot > less. So if you inject a message one end, it pops out the other end > sooner. The cost is that you can't inject so many messages/hour. So, quite counter-intuitively, I suspect that I'd be happier with smaller batches and more children under what for me is 'high load'. ;) > MaxChildren should be set so that all the available resources are being > used all the time. Set it too high and the machine will spend too much > of its time context-switching between children, and too little time > actually doing useful work. Set it too low and there will be times when > at least one of the i/o, disk or net will be idle, which wastes resources. > > My initial estimates of 5 per CPU, and possibly 8 per hyper-threaded > CPU, were based on some early testing I did on a dual-cpu box I've got. > 5 per cpu gave very good throughput, and the system wasn't > context-switching excessively. If you have a quiet machine, by all means > set it to less. I assume that MailScanner will be running 100% or nearly > 100%. After all, if the machine is quiet, who cares if I waste a few > resources. No-one else wanted them anyway. I have a quiet box, except when its not! > > I'm just re-reading the notes in the conf file. > > > > Does a mailscanner child really consume ~20MB ? Why ? > > > > > If you are running SpamAssassin it can easily be double that. I didn't want to say anything! :) > Perl > processes are big, as the Perl compiler is very big and needs to be in > each process (so you can use cool things like "eval" in your program). Ah! Yes, one word: eval! Perl is clearly the language of choice for this problem-space. How vital is eval? I confess I've been promised bigger boxes for the new year, and I'm getting by on raq3's now, so it isn't a big question. probably the answer is that programmer time is worth more. > Ram is very cheap anyway. No, my boss is cheap (God, I hope he doesn't read this :) RAM is like my overdraft limit: not enough but I have to live with it. > > based on your 'try 5 children per CPU' comment, I'm guessing that more > > children = more cpu heavy (which makes sense anyway). > > (must fix my CPU utlisation logging! :) > > > > Is there even a BatchSize type option? Is MailScanner even batch-oriented > > in the way I had imagined? is MaxUnscannedMessagesPerScan it ? > > > > > There are 4 options there: > Max Unscanned Bytes Per Scan = 100000000 > Max Unsafe Bytes Per Scan = 50000000 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > This stops batches getting too big by picking up several huge messages > all in the same batch. > Total batch size = number of messages * average message size > So you need to limit both the number of messages and the message size to > have control of that calculations Gosh! is that 100MB Max Unscanned Bytes Per Scan, I always read it as 10 ! I take it this is a chunk of the ~20MB we've been talking about. Call me lazy ('cos I can always go off and figure it out for myself), but how much memory does a second mailscanner child consume, before it starts to read data? > > I'm also amused to discover (see previous mail) I have > > > > Max Normal Queue Size = 5000 > > > > > I would recommend lowering that, it's pretty big. Try about 1000 or so. You can say that again! 5000 won't kill this box: with mailscanner it'll chew through them eventually, but it'll take a month of sundays! 1000 sounds much more reasonable! I seem to have made a poor adjustment sometime in the past :) > > This reminds me of the 'per-user spamsassasin' thread tonight. There are > > already so many options, no doubt for each one there is somebody who > > really needs it, but nobody could really need them all (could they?), > > and the idea that anybody needs a new one should at least attract a > > little skepticism. But then, I expect I'm preaching to the priest ! > > > > would any of the options make sense in multiple units? > > for (over)simplified example: 5000 mails or 5 mails per GHz of cpu > > perhaps this is best left to admin and configuration tools? > > > > > It's not as simple as just CPU speed. It's a lot more complex than that. best left to admin and configuration tools, then. Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Mon Jan 3 01:05:46 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:04 2006 Subject: bayes database install? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I've got MailScanner 4.36, postfix 2.15 chrooted, and sa 3.01 installed on a FreeBSD 5.3 box. I've downloaded bayes-3.0-starter-freebsd.tar.gz but am uncertain where to place it. I'd like to try this out as i'm hoping it will block even more of this blank blank spam, MS is doing great! Thanks. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ckowarzik at EMAIL.DE Mon Jan 3 11:15:48 2005 From: ckowarzik at EMAIL.DE (Christian Kowarzik) Date: Thu Jan 12 21:28:04 2006 Subject: what are the minimum versions for the perl-modules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Happy New Jear 2005! Hi Julian! Hi List! First of all: Many Thanks for that geat software and your tireless work! I just installed MailScanner-4.37.7-1 on RedHat Enterprise Server ES3. During install.sh the perl-ExtUtils-MakeMaker-6.05-1.src.rpm was rebuild, but not installed, because of file conflicts with the already installed perl-5.8.0-88.9 which provides perl(ExtUtils::MakeMaker-6.03). The install.sh only skips modules if they are already installed with the exact version and otherwise assumes that it can upgrade already installed modules - which is only true is the packagenames correspond. So, should I force the installation of those compiled modules? Are there minimum versions for those modules? Any other solution? Thanks for your help Christian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon Jan 3 16:36:31 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Julian Field wrote: > Garry Glendown wrote: > >> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >> myself, but for a customer site that doesn't have people that should >> be messing with the main config, but still I want to give the the >> possibility of modifying site-specific parts (e.g. per-user >> black/whitelist, file filter, etc.) > > The new package should do this for you very nicely. But no more info > until it's ready for release. How about just a little more info? Like, will it be updated concurrently w/MailScanner? I used webmin when I first started but you add features so darned fast that poor little webmin couldn't keep up! I'd be chuffed to see a GUI that is maintained in parallel to the rest of the system. It tends to impress PHBs. Happy New Year... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jan 3 17:16:39 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:04 2006 Subject: contents of perl-tar vs "MailScanner -v" Message-ID: Julian, I upgraded to MailScanner 4.37.7 this morning, and I compared the output of "MailScanner -v" to the tarfiles in perl-tar. Since I do things by hand and don't use the install-sh script, I take a look at the included perl tarballs to see if something new is out there that I need to install. The output of "MailScanner -v" did not say anything about several of the perl tarballs, specifically no output for: Compress::Zlib Convert::TNEF ExtUtils::MakeMaker File::Spec HTML::Tagset IO::Stringy and the MailTools and TimeDate additions. Maybe the "-v" code needs to be tuned a bit? I use another little tool call "pmdesc", written by Tom Christiansen of O'Reilly Perl-book fame, to figure out what perl modules I have installed on my systems. Maybe that would help? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 17:13:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: SA/MS Testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodney Green wrote: | Thanks Alex. I did as you said. | | Odd how when I run the message through the system, by telneting like you | said, and it gives me an SA score below 5. When I run the same message | through spamassassin using "spamassassin -t < messagefile" I see a much | higher score of 11.9. I noticed that when running "spamassasin -t" that | BAYES_99 is one of the tests listed but when I send the message through the | system I see no BAYES related tests in the message headers. | If you telnetted from a machine you have in a whitelisted ip range, it would probably change the score. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X1IRADw9lziUqQRAgUBAJ4iEJ3cuZhaHTDx8uph4+9F8tPbaQCfVJbO i+JmUqbiCpEqXZ2o9fyfk0E= =27Kr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 17:16:25 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Filchak wrote: | Hello, | | Forgive me as this may or may not be a true MailScanner issue but I | would appreciate some input from the experts on this list. | | My mail server has been periodically rejecting mail with the following | error [logs from sending mail-relay]: | | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: | Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4.5_Insufficient_disk_space;_try_again_later/ | | | | My logs report: | | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in /var/spool/mqueue), max | avail: 0 | | My disk usage looks like: | | Filesystem Size Used Avail Use% Mounted on | /dev/hda2 572M 375M 168M 70% / | /dev/hda1 122M 24M 92M 21% /boot | /dev/hda3 5.4G 2.1G 3.1G 41% /home | none 496M 0 496M 0% /dev/shm | /dev/hda7 28G 15G 12G 56% /usr | /dev/hda5 2.0G 1.8G 101M 95% /var | | So, it is obvious I have a disk space issue in my /var partition. | Someone on the list recently suggested copying my /var/mail directories | to say my /usr partition and then symlinking to it from /var. Any | thoughts on the viability of this? Also, when I first built this | machine, I had not anticipated using MailScanner and Spamassassin and | mail quarantines etc, so what do most of you assign for a partition size | to /var when you are building your machines? | | I greatly appreciate any help anyone has to offer on this as I have some | very agitated clients. Try df -i and check for inode problems. I had this awhile back with a LOT of 0 length log files from a bad samba log rotate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt CBfTrHCkUrnY3Lwo3GLL/BY= =RDRB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 17:53:45 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Search for list archive -- ideas? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Picciotto wrote: | I posted to the other mail-list - but will also do so here (got to | experiment!) | | I like this. The entire archive is here, and is very easy within the news | reader. | I have been using it for 6 months or more and I think it is great! Thunderbird as a newsreader has its own problems, though. But otherwise great. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2YapRADw9lziUqQRAiesAJ95F8gBIU4V6wfwhdoVPhQaLeJmWQCfeJHc jNyiuAXg53jNz6Wi7utNJwE= =25Tr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 18:08:46 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Garry Glendown wrote: > >> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >> myself, but for a customer site that doesn't have people that should be >> messing with the main config, but still I want to give the the >> possibility of modifying site-specific parts (e.g. per-user >> black/whitelist, file filter, etc.) > > > The new package should do this for you very nicely. But no more info > until it's ready for release. > Hmmmm..... I love secrets!! I Julian is involved, it will most likely be; Great!! Kept up to date. Wonderfully powerful but not complex. Did I say Great!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Jan 3 22:25:29 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems Message-ID: I start using LVM now. So I can change my volumes. Koen Scott Silva wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Filchak wrote: | Hello, | | Forgive me as this may or may not be a true MailScanner issue but I | would appreciate some input from the experts on this list. | | My mail server has been periodically rejecting mail with the following | error [logs from sending mail-relay]: | | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: | Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4. _Insufficient_disk_space;_try_again_later/ | | | | My logs report: | | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in /var/spool/mqueue), max | avail: 0 | | My disk usage looks like: | | Filesystem Size Used Avail Use% Mounted on | /dev/hda2 572M 375M 168M 70% / | /dev/hda1 122M 24M 92M 21% /boot | /dev/hda3 5.4G 2.1G 3.1G 41% /home | none 496M 0 496M 0% /dev/shm | /dev/hda7 28G 15G 12G 56% /usr | /dev/hda5 2.0G 1.8G 101M 95% /var | | So, it is obvious I have a disk space issue in my /var partition. | Someone on the list recently suggested copying my /var/mail directories | to say my /usr partition and then symlinking to it from /var. Any | thoughts on the viability of this? Also, when I first built this | machine, I had not anticipated using MailScanner and Spamassassin and | mail quarantines etc, so what do most of you assign for a partition size | to /var when you are building your machines? | | I greatly appreciate any help anyone has to offer on this as I have some | very agitated clients. Try df -i and check for inode problems. I had this awhile back with a LOT of 0 length log files from a bad samba log rotate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt CBfTrHCkUrnY3Lwo3GLL/BY= =RDRB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Koen Teugels N.V. NEXIS S.A. Chaussee de Namur 79 1300 Wavre Belgium Visit us at http://www.nexis.be e-mail : kte@nexis.be tel.: +32 (0)10 81.81.81 fax: +32 (0)10 81.81.80 visit us at : http://www.nexis.be ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/JPEG 13KB. ] [ Unable to print this part. ] From kte at NEXIS.BE Mon Jan 3 22:29:31 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Can It also modify MTA parameters (blacklists, domain relays,...) And system parameters like ip adress, see the used space,...? Monitoring, simple ham and spam possibilities/user, release /usere,... Koen Scott Silva wrote: > Julian Field wrote: > >> Garry Glendown wrote: >> >>> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >>> myself, but for a customer site that doesn't have people that should be >>> messing with the main config, but still I want to give the the >>> possibility of modifying site-specific parts (e.g. per-user >>> black/whitelist, file filter, etc.) >> >> >> >> The new package should do this for you very nicely. But no more info >> until it's ready for release. >> > Hmmmm..... > I love secrets!! > > I Julian is involved, it will most likely be; > Great!! > Kept up to date. > Wonderfully powerful but not complex. > Did I say Great!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Jan 3 22:31:32 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems - no html signature Message-ID: sorry about the html signature I start using LVM now. So I can change my volumes. Koen Scott Silva wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Filchak wrote: | Hello, | | Forgive me as this may or may not be a true MailScanner issue but I | would appreciate some input from the experts on this list. | | My mail server has been periodically rejecting mail with the following | error [logs from sending mail-relay]: | | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: | Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4. _Insufficient_disk_space;_try_again_later/ | | | | My logs report: | | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in /var/spool/mqueue), max | avail: 0 | | My disk usage looks like: | | Filesystem Size Used Avail Use% Mounted on | /dev/hda2 572M 375M 168M 70% / | /dev/hda1 122M 24M 92M 21% /boot | /dev/hda3 5.4G 2.1G 3.1G 41% /home | none 496M 0 496M 0% /dev/shm | /dev/hda7 28G 15G 12G 56% /usr | /dev/hda5 2.0G 1.8G 101M 95% /var | | So, it is obvious I have a disk space issue in my /var partition. | Someone on the list recently suggested copying my /var/mail directories | to say my /usr partition and then symlinking to it from /var. Any | thoughts on the viability of this? Also, when I first built this | machine, I had not anticipated using MailScanner and Spamassassin and | mail quarantines etc, so what do most of you assign for a partition size | to /var when you are building your machines? | | I greatly appreciate any help anyone has to offer on this as I have some | very agitated clients. Try df -i and check for inode problems. I had this awhile back with a LOT of 0 length log files from a bad samba log rotate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt CBfTrHCkUrnY3Lwo3GLL/BY= =RDRB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 23:42:48 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems - no html signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Koen Teugels wrote: > sorry about the html signature > > I start using LVM now. So I can change my volumes. > > Koen > I have been using LVM on Raid1 for redundancy and ease of adjusting partition sizes. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Tue Jan 4 00:50:45 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:04 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 4 00:48:59 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:04 2006 Subject: Deleting spam per user. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK... I know this has been discussed and I realize why it's a bad idea, but... the one who pays the bills does not want *any* emails marked as spam delivered to him. I started by creating a rule in outlook to move spam-identified emails directly to his deleted items folder and this was ok for here in the office but it doesn't work well using OWA. so.... I created a spam.routing.rules file in %rules-dir% and in it have these lines: To: BigBoss@ourdomain.com delete To: default deliver ( between fields) Then I edited MailScanner.conf and set both: Spam Actions = %rules-dir%/spam.routing.rules and High Scoring Spam Actions = %rules-dir%/spam.routing.rules So far so good? I actually used my email address for testing. Then I sent a couple GTUBEs from another domain I administer and it seems like this works fine but I don't see the spam being dropped in the maillog. Is this normal? Here is an example from maillog of a normal delivery... [root@gw-mail log]# grep j03NgrB0012060 maillog Jan 3 15:42:53 gw-mail sendmail[12060]: j03NgrB0012060: from=, size=3180, class=-60, nrcpts=1, msgid=<954817450.20050103154851@surbl.org>, proto=SMTP, daemon=MTA, relay=hermes.apache.org [209.237.227.199] Jan 3 15:42:53 gw-mail sendmail[12060]: j03NgrB0012060: to=, delay=00:00:00, mailer=esmtp, pri=139626, stat=queued Jan 3 15:43:12 gw-mail sendmail[12086]: j03NgrB0012060: to=, delay=00:00:19, xdelay=00:00:01, mailer=esmtp, pri=229626, relay=mail.aiainsurance.com. [66.236.7.2], dsn=2.0.0, stat=Sent (OK) And one with the GTUBE included and email address matching the above rule. [root@gw-mail log]# grep j03NgpB0012059 maillog Jan 3 15:42:51 gw-mail sendmail[12059]: j03NgpB0012059: from=, size=3025, class=0, nrcpts=1, msgid=<002301c4f1ec$8b6deef0$6500000a@HP1>, proto=ESMTP, daemon=MTA, relay=67.108.38.13.ptr.us.xo.net [67.108.38.13] Jan 3 15:42:51 gw-mail sendmail[12059]: j03NgpB0012059: to=, delay=00:00:00, mailer=esmtp, pri=30623, stat=queued It's hard to track the transition between sendmail and MailScanner because I don't see a common identifier, but I normally see "New Batch Found X messages waiting", "New Batch: Scanning 1 messages, XXXX bytes", Spam Checks: Found 1 spam messages", etc.... and nothing looked out of the ordinary there. But it seems that the second example above just disappears... there is no maillog entry showing what MailScanner has done with the message. The last thing I see (that I can track) is that it's "stat=queued". It's very possible (and probable) that it is the next "Spam Checks: Found 1 spam message" but I can't tell for sure. It doesn't get delivered but I'd like to see what happened to it. Am I looking in the wrong log? Do I need to turn up logging somewhere? Also I've never seen this mentioned anywhere... are rules case sensitive? In other words is "BigBoss@ourdoamin.com" equal to "bigboss@ourdomain.com" or would every combination need to be supplied? I know it wouldn't make sense but since this is the bosses account I want to be perfectly clear. :) Config... MailScanner 4.33.3, Sendmail 8.12.?, Spamassassin 3.0000, ClamAV (latest?) Thanks in advance to any and all insights and Happy New Year to all! And a special thanks to Julian for an outstanding piece of genius software... and for making my job a little easier! Kind regards, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Jan 4 02:59:24 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: I'm sure it even makes popcorn!! ;-) Dave Koen Teugels wrote: > Can It also modify MTA parameters (blacklists, domain relays,...) And > system parameters like ip adress, see the used space,...? Monitoring, > simple ham and spam possibilities/user, release /usere,... > > Koen > > Scott Silva wrote: > >> Julian Field wrote: >> >>> Garry Glendown wrote: >>> >>>> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >>>> myself, but for a customer site that doesn't have people that >>>> should be >>>> messing with the main config, but still I want to give the the >>>> possibility of modifying site-specific parts (e.g. per-user >>>> black/whitelist, file filter, etc.) >>> >>> >>> >>> >>> The new package should do this for you very nicely. But no more info >>> until it's ready for release. >>> >> Hmmmm..... >> I love secrets!! >> >> I Julian is involved, it will most likely be; >> Great!! >> Kept up to date. >> Wonderfully powerful but not complex. >> Did I say Great!! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Jan 4 03:08:47 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you expand on this a bit please? Dave Koen Teugels wrote: > I start using LVM now. So I can change my volumes. > > Koen > > Scott Silva wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Dave Filchak wrote: >> | Hello, >> | >> | Forgive me as this may or may not be a true MailScanner issue but I >> | would appreciate some input from the experts on this list. >> | >> | My mail server has been periodically rejecting mail with the following >> | error [logs from sending mail-relay]: >> | >> | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: >> | >> Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4.5_Insufficient_disk_space;_try_again_later/ >> >> >> | >> | >> | >> | My logs report: >> | >> | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space >> | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in >> /var/spool/mqueue), max >> | avail: 0 >> | >> | My disk usage looks like: >> | >> | Filesystem Size Used Avail Use% Mounted on >> | /dev/hda2 572M 375M 168M 70% / >> | /dev/hda1 122M 24M 92M 21% /boot >> | /dev/hda3 5.4G 2.1G 3.1G 41% /home >> | none 496M 0 496M 0% /dev/shm >> | /dev/hda7 28G 15G 12G 56% /usr >> | /dev/hda5 2.0G 1.8G 101M 95% /var >> | >> | So, it is obvious I have a disk space issue in my /var partition. >> | Someone on the list recently suggested copying my /var/mail >> directories >> | to say my /usr partition and then symlinking to it from /var. Any >> | thoughts on the viability of this? Also, when I first built this >> | machine, I had not anticipated using MailScanner and Spamassassin and >> | mail quarantines etc, so what do most of you assign for a partition >> size >> | to /var when you are building your machines? >> | >> | I greatly appreciate any help anyone has to offer on this as I have >> some >> | very agitated clients. >> Try df -i and check for inode problems. I had this awhile back with a >> LOT of 0 length log files from a bad samba log rotate. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.1 (MingW32) >> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org >> >> iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt >> CBfTrHCkUrnY3Lwo3GLL/BY= >> =RDRB >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > -- > Koen Teugels > N.V. NEXIS S.A. > Chaussée de Namur 79 > 1300 Wavre > Belgium > Visit us at http://www.nexis.be > e-mail : kte@nexis.be > tel.: +32 (0)10 81.81.81 > fax: +32 (0)10 81.81.80 > visit us at : http://www.nexis.be > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Jan 4 04:17:58 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: Dave Filchak wrote: > Can you expand on this a bit please? > > Dave > > Koen Teugels wrote: > >> I start using LVM now. So I can change my volumes. >> >> Koen >> http://www.tldp.org/HOWTO/LVM-HOWTO/index.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Jan 4 04:46:41 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: This looks almost too good. Any down side? What about the whole /root partition issue? Dave Mike Kercher wrote: >Dave Filchak wrote: > > >>Can you expand on this a bit please? >> >>Dave >> >>Koen Teugels wrote: >> >> >> >>>I start using LVM now. So I can change my volumes. >>> >>>Koen >>> >>> >>> > > >http://www.tldp.org/HOWTO/LVM-HOWTO/index.html > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Tue Jan 4 06:22:10 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Another great option IMHO is Norton Ghost. I use Corporate version 8, Works perfectly on every linux distro that I have used it on, including Fedora. Snag a big drive, ghost it over and change your partitions to the sizes you want and you are good to go. Ghost will image an ATA IDE drive at around 500mb/min in my experience. The downtime is very minimal. Tracy Greggs ----- Original Message ----- From: "Dave Filchak" To: Sent: Monday, January 03, 2005 10:46 PM Subject: Re: spam: Re: [MAILSCANNER] Mail Server problems > This looks almost too good. Any down side? What about the whole /root > partition issue? > > Dave > > Mike Kercher wrote: > > >Dave Filchak wrote: > > > > > >>Can you expand on this a bit please? > >> > >>Dave > >> > >>Koen Teugels wrote: > >> > >> > >> > >>>I start using LVM now. So I can change my volumes. > >>> > >>>Koen > >>> > >>> > >>> > > > > > >http://www.tldp.org/HOWTO/LVM-HOWTO/index.html > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Jan 4 07:08:46 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Could it be one of the perl modules that is outdated? I do remember seeing something similar on the list. Cheers! Remco On Sun, 2 Jan 2005, Remco Barendse wrote: > This is from /etc/passwd > root:x:0:0:root:/root:/bin/bash > cron:x:16:16:cron:/var/spool/cron:/bin/false > > Guess that's not it, nor the root of the cron user? > > I have this behaviour on a gentoo box and on a RHEL box. > > > > On Sun, 2 Jan 2005, Julian Field wrote: > >> Yes, but where is the home dir of the root user, according to >> /etc/passwd? >> >> Remco Barendse wrote: >> >>> Hi list! >>> >>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>> root >>> of my filesystem. >>> >>> When I delete them, they keep coming back. Shouldn't they be in the >>> homedir of the root user? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Tue Jan 4 07:40:04 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:28:04 2006 Subject: Some messages gets stuck in postfix/hold Message-ID: Good Morning. I have a problem with Mailscanner on Postfix running as a gateway in front of my Groupwise server. Some, very few messages gets stuck in hold directory of postfix spool. It looks like these messages only are spam or virus. Yesterday i had like 20 mails from the past two weeks. Its like 1 or 2 mails per day gets stuck there. So i cleaned it up manually yesterday but this morning i had 1 new. The server is a Compaq DL360 with SuSE Linux Enterprise 9 postfix-2.1.1-1.4 MailScanner 4.36.4 SpamAssassin 3.0.1 Thanks for any help! /Andreas Svensson, Hallsberg, Sweden. -Here comes a cut from the log from tonights: Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: client=unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: header Received: from hallsberg.se (unknown [84.217.26.111])??by mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) from unknown[84.217.26.111]; from= to= proto=SMTP helo= Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from unknown[84.217.26.111] Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content Scanning: Starting Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda found 2 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 viruses Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom init function MailWatchLogging Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content Scanning: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda found 2 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 viruses Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom init function MailWatchLogging Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content Scanning: Starting Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda found 2 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 viruses Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom init function MailWatchLogging Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content Scanning: Starting Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mail at wozenilek.de Tue Jan 4 08:35:12 2005 From: mail at wozenilek.de (Martin Wozenilek) Date: Thu Jan 12 21:28:04 2006 Subject: Some messages gets stuck in postfix/hold Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Permissions? In MailScanner.conf? -- Martin Wozenilek Am Langberg 91a 21033 Hamburg mailto: >mail@wozenilek.de PGP-Key-ID: 0x00105C52 ----- Originalnachricht ----- Betreff: Some messages gets stuck in postfix/hold Von:  Andreas Svensson An:  Datum: 04-01-2005 8:51 Good Morning. I have a problem with Mailscanner on Postfix running as a gateway in front of my Groupwise server. Some, very few messages gets stuck in hold directory of postfix spo ol. It looks like these messages only are spam or virus. Yesterday i had like 20 mails from the past two weeks. Its like 1 or 2 mails per day gets stuck there. So i cleaned it up manually yesterday but this morning i had 1 new. The server is a Compaq DL360 with SuSE Linux Enterprise 9 postfix-2.1.1-1.4 MailScanner 4.36.4 SpamAssassin 3.0.1 Thanks for any help! /Andreas Svensson, Hallsberg, Sweden. -Here comes a cut from the log from tonights: Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: client=unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: header Received: from hallsberg.se (unknown [84.217.26.111])??by mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) from unknown[84.217.26.111]; from= to= proto=SMTP helo= Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from unknown[84.217.26.111] Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content Scanning: Starting Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda found 2 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 viruses Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom init function MailWatchLogging Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content Scanning: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda found 2 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 viruses J an 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom init function MailWatchLogging Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content Scanning: Starting Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda found 2 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 viruses Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom init function MailWatchLoggingJan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content Scanning: Starting Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 08:58:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Deleting spam per user. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: >Also I've never seen this mentioned anywhere... are rules case sensitive? > No, they aren't. That would be silly :-) >Thanks in advance to any and all insights and Happy New Year to all! And a >special thanks to Julian for an outstanding piece of genius software... and >for making my job a little easier! > > No worries. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Jan 4 09:49:56 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: on RH you have to change in the /etc/crontab HOME to /root if you run the updates in cron.. Maybe on other linux dist. is it the same. Koen Remco Barendse wrote: > Could it be one of the perl modules that is outdated? > > I do remember seeing something similar on the list. > > Cheers! > Remco > > On Sun, 2 Jan 2005, Remco Barendse wrote: > >> This is from /etc/passwd >> root:x:0:0:root:/root:/bin/bash >> cron:x:16:16:cron:/var/spool/cron:/bin/false >> >> Guess that's not it, nor the root of the cron user? >> >> I have this behaviour on a gentoo box and on a RHEL box. >> >> >> >> On Sun, 2 Jan 2005, Julian Field wrote: >> >>> Yes, but where is the home dir of the root user, according to >>> /etc/passwd? >>> >>> Remco Barendse wrote: >>> >>>> Hi list! >>>> >>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>>> root >>>> of my filesystem. >>>> >>>> When I delete them, they keep coming back. Shouldn't they be in the >>>> homedir of the root user? >>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 4 09:57:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:04 2006 Subject: Mailserver replacement of exchange Message-ID: Joe Interesting. I thought the OpenMail stuff had been sold off to Samsung a few years ago. Maybe Samsung has given up on this on this (or Scalix is based on a earlier version, pre Samsung) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Harnish, Joe wrote: > I have found a product called Scalix (www.scalix.com) It is not free > but it is very reasonable in cost and it is a drop in replacement for > exchange. It runs on Linux using sendmail as it's base. > > Joe > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Koen Teugels > Sent: Saturday, December 18, 2004 5:13 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mailserver replacement of exchange > > Does anyone has a good alternative for MS exchange (groupware) in the > opensource world? If it is possible an outlook client must be able to > connect to it. > > thanks Koen > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 4 09:56:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Koen and what does /etc/passwd say for the user MailScanner runs as? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Koen Teugels wrote: > on RH you have to change in the /etc/crontab HOME to /root if you run > the updates in cron.. Maybe on other linux dist. is it the same. > > Koen > > Remco Barendse wrote: > >> Could it be one of the perl modules that is outdated? >> >> I do remember seeing something similar on the list. >> >> Cheers! >> Remco >> >> On Sun, 2 Jan 2005, Remco Barendse wrote: >> >>> This is from /etc/passwd >>> root:x:0:0:root:/root:/bin/bash >>> cron:x:16:16:cron:/var/spool/cron:/bin/false >>> >>> Guess that's not it, nor the root of the cron user? >>> >>> I have this behaviour on a gentoo box and on a RHEL box. >>> >>> >>> >>> On Sun, 2 Jan 2005, Julian Field wrote: >>> >>>> Yes, but where is the home dir of the root user, according to >>>> /etc/passwd? >>>> >>>> Remco Barendse wrote: >>>> >>>>> Hi list! >>>>> >>>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>>>> root >>>>> of my filesystem. >>>>> >>>>> When I delete them, they keep coming back. Shouldn't they be in the >>>>> homedir of the root user? >>>> >>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Jan 4 10:46:52 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: I don't have a user mailscanner in etc/passwd. But mailscanner runs on he system as root. And root has as homedir /root Koen Martin Hepworth wrote: > Koen > > and what does /etc/passwd say for the user MailScanner runs as? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Koen Teugels wrote: > >> on RH you have to change in the /etc/crontab HOME to /root if you run >> the updates in cron.. Maybe on other linux dist. is it the same. >> >> Koen >> >> Remco Barendse wrote: >> >>> Could it be one of the perl modules that is outdated? >>> >>> I do remember seeing something similar on the list. >>> >>> Cheers! >>> Remco >>> >>> On Sun, 2 Jan 2005, Remco Barendse wrote: >>> >>>> This is from /etc/passwd >>>> root:x:0:0:root:/root:/bin/bash >>>> cron:x:16:16:cron:/var/spool/cron:/bin/false >>>> >>>> Guess that's not it, nor the root of the cron user? >>>> >>>> I have this behaviour on a gentoo box and on a RHEL box. >>>> >>>> >>>> >>>> On Sun, 2 Jan 2005, Julian Field wrote: >>>> >>>>> Yes, but where is the home dir of the root user, according to >>>>> /etc/passwd? >>>>> >>>>> Remco Barendse wrote: >>>>> >>>>>> Hi list! >>>>>> >>>>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>>>>> root >>>>>> of my filesystem. >>>>>> >>>>>> When I delete them, they keep coming back. Shouldn't they be in the >>>>>> homedir of the root user? >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 4 13:11:55 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:04 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: @font-face { font-family: Verdana; } @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { FONT-WEIGHT: normal; COLOR: windowtext; FONT-STYLE: normal; FONT-FAMILY: Verdana; TEXT-DECORATION: none; mso-style-type: personal-compose } DIV.Section1 { page: Section1 } As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. Do you archive mails? Perhaps to a mailbox? -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: den 4 januari 2005 01:51 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: [root@gw-m log]# grep 6FD731C0008 maillog Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL This seems to be a “new” behavior, maybe inline with the change to “Archive Mail” and unique message-ids ?!? If you need more information, please let me know. Regards ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Tue Jan 4 13:21:11 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rules are set to store and delete. Archive Mail in MailScanner.conf is empty More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. Regards ________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn Sent: Tuesday, January 04, 2005 08:12 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. Do you archive mails? Perhaps to a mailbox?   -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: den 4 januari 2005 01:51 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: [root@gw-m log]# grep 6FD731C0008 maillog Jan  3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com  with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com  (comcast.net  241.136.137.254)??by optonline.net  (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com  (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> Jan  3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) Jan  3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete Jan  3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 Jan  3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? If you need more information, please let me know. Regards ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 4 14:04:25 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: Some messages gets stuck in postfix/hold Message-ID: Do you get anything more interresting if you run it through with just one of the av-scanners? Or if you run it in debug mode? -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andreas Svensson > Sent: den 4 januari 2005 08:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Some messages gets stuck in postfix/hold > > > Good Morning. > I have a problem with Mailscanner on Postfix running as a gateway in > front of my Groupwise server. > Some, very few messages gets stuck in hold directory of postfix spool. > It looks like these messages only are spam or virus. > Yesterday i had like 20 mails from the past two weeks. > Its like 1 or 2 mails per day gets stuck there. > So i cleaned it up manually yesterday but this morning i had 1 new. > > The server is a Compaq DL360 with > SuSE Linux Enterprise 9 > postfix-2.1.1-1.4 > MailScanner 4.36.4 > SpamAssassin 3.0.1 > > Thanks for any help! > /Andreas Svensson, Hallsberg, Sweden. > -Here comes a cut from the log from tonights: > > Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from > unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: > client=unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: > header Received: from hallsberg.se (unknown [84.217.26.111])??by > mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for > ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) > from unknown[84.217.26.111]; from= > to= proto=SMTP helo= > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: > message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> > Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from > unknown[84.217.26.111] > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting > Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content > Scanning: Starting > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: > /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database > connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising > database connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content > Scanning: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: > /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database > connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising > database connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting > Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content > Scanning: Starting > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: > /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: > /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database > connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising > database connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock > Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content > Scanning: Starting > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: > /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 4 14:08:55 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:05 2006 Subject: todays AUSCERT alert, filename.rules.conf tweak Message-ID: Gang, See the AUSCERT bulletin below, if you haven't already. In light of this, I added the following to my filename.rules.conf file: #---added per AUSCERT bulletin AL-2005.001, Jan 4, 2005 deny|\.bmp$|Windows bitmap file|Possible buffer overflow in Explorer/Outlook deny|\.ico$|Windows icon file|Possible buffer overflow in Explorer/Outlook deny|\.ani$|Windows animated cursor file|Possible buffer overflow in Explorer/Outlook deny|\.cur$|Windows cursor file|Possible buffer overflow in Explorer/Outlook deny|\.hlp$|Windows Help file|Possible buffer overflow in Explorer/Outlook I replaced tabs with the pipe symbol (|) for this email. Maybe this should be rolled into the next edition of MailScanner? Jeff Earickson Colby College ---------- Forwarded message ---------- Date: Tue, 4 Jan 2005 05:34:25 UT From: auscert@auscert.org.au Reply-To: national-alerts@auscert.org.au To: national-alerts@auscert.org.au Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.001) Three vulnerabilities in Microsoft Windows and Internet Explorer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== A U S C E R T A L E R T AL-2005.001 -- AUSCERT ALERT Three vulnerabilities in Microsoft Windows and Internet Explorer 4 January 2005 =========================================================================== AusCERT Alert Summary --------------------- Product: Microsoft Internet Explorer Microsoft Outlook Microsoft Outlook Express Microsoft Windows Operating System: Windows Impact: Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2004-1305 CAN-2004-1306 SUMMARY: This alert describes three vulnerabilities in Microsoft Internet Explorer and other Windows components that may allow the remote execution of arbitrary code and denial of service. PROBLEMS: 1. A heap buffer overflow in the LoadImage code that handles .bmp, .ico, .ani and .cur files in Microsoft Internet Explorer, Outlook and Outlook Express allows an attacker to remotely compromise Windows systems. A vulnerable computer may be compromised if Internet Explorer is used to view a malicious web page, or if Outlook is used to view or preview a malicious email. This compromise can occur without any additional user interaction. Windows XP with Service Pack 2 installed is not vulnerable. All other Windows versions are vulnerable. 2. winhlp32.exe, the component of Windows that displays .hlp help files, contains a buffer overflow vulnerability allowing an attacker to execute arbitrary code if a malicious .hlp file is opened. All known Windows versions are vulnerable. 3. The Windows kernel incorrectly parses .ani files, allowing an attacker to cause a denial of service by referencing a malformed .ani file in a web page or email. A vulnerable computer can be crashed causing a denial of service if Internet Explorer or Outlook are used to view a malicious web page or email. This can occur without any additional user interaction. Windows XP with Service Pack 2 installed is not vulnerable. All other Windows versions are vulnerable. AusCERT advises that working proof of concept exploits for these vulnerabilities have been made public that allow remote compromise of systems running Windows. MITIGATION: There are currently no patches available to fix these vulnerabilities. AusCERT advises users and sites running Windows to evaluate their exposure to the vulnerabilities and to apply the following mitigation to reduce the risk of exploitation: For Windows XP: o Ensure that Service Pack 2 is installed. o Disable Active Scripting and ActiveX in the "Internet" and "My Computer" domains, as detailed below. Note that disabling scripting will stop the current proof of concept exploit code, but the LoadImage vulnerability may still be exploitable even if all scripting has been disabled. o Use a different web browser. For Windows 2000: o Disable Active Scripting and ActiveX in the "Internet" and "My Computer" domains, as detailed below. Note that disabling scripting will stop the current proof of concept exploit code, but the LoadImage vulnerability may still be exploitable even if all scripting has been disabled. o Use a different web browser. Instructions for disabling active content in Internet Explorer can be obtained from Microsoft's website. [1] The "My Computer" zone is usually not visible in the Internet Options dialog. To enable it, refer to the instructions on Microsoft's website. [2] It is advisable not to click on any links provided in email messages. If a user wishes to follow a link in an email it is best to type the address into the web browser by hand. Additional useful information may also be found in the AusCERT paper entitled "Protecting your computer from malicious code". [3] AusCERT will continue to monitor this vulnerability and any changes in exploit activity. AusCERT members will be updated as information becomes available. REFERENCES: [1] How to Disable Active Content in Internet Explorer http://support.microsoft.com/?kbid=154036 [2] How to Enable the My Computer Security Zone in Internet Options http://support.microsoft.com/?kbid=315933 [3] Protecting your computer from malicious code http://www.auscert.org.au/3352 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQdoq1ih9+71yA2DNAQKCmQP/eCOWetjLRnpQk8tiZIEe8KHzS43ZDWsh k8XYbi11ZJqkHtHohXNvjAw08oi1sP83xOPyBAVvhpKG3oZmronmQTvIp345B57U u7nmynXY17PN+NBRZuu4qEjY6pR0t1cJU38G51GwyFuoR0lB3CSspjP4XggX6mla w/NU/RR72AU= =Ih7m -----END PGP SIGNATURE----- AusCERT is the national computer emergency response team for Australia. We monitor various sources around the globe and provide reliable and independent information about serious computer network threats and vulnerabilities. AusCERT, which is a not-for-profit organisation, operates a cost-recovery service for its members and a smaller free security bulletin service to subscribers of the National Alerts Service. In the interests of protecting your information systems and keeping up to date with relevant information to protect your information systems, you should be aware that not all security bulletins published or distributed by AusCERT are included in the National Alert Service. AusCERT may publish and distribute bulletins to its members which contain information about serious computer network threats and vulnerabilities that could affect your information systems. Many of these security bulletins are publicly accessible from our web site. AusCERT maintains the mailing list for access to National Alerts Service security bulletins. If you are subscribed to the National Alerts Service and wish to cancel your subscription to this service, please follow the instructions at: http://www.auscert.org.au/msubmit.html?it=3058 Previous security bulletins published or distributed as part of the National Alerts Service can be retrieved from: http://national.auscert.org.au/render.html?cid=2998 Previous security bulletins published or distributed by AusCERT can be retrieved from: http://www.auscert.org.au/render.html?cid=1 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://national.auscert.org.au/render.html?it=3192 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jan 4 13:55:18 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy Greggs wrote: > Another great option IMHO is Norton Ghost. I use Corporate version 8, Works > perfectly on every linux distro that I have used it on, including Fedora. > Snag a big drive, ghost it over and change your partitions to the sizes you > want and you are good to go. Ghost will image an ATA IDE drive at around > 500mb/min in my experience. The downtime is very minimal. If you're talking commercial, my first tought is Partition Magic. Of course, better make a backup before. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 15:11:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: todays AUSCERT alert, filename.rules.conf tweak Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] They will be in the next release. Jeff A. Earickson wrote: > Gang, > > See the AUSCERT bulletin below, if you haven't already. In light of > this, > I added the following to my filename.rules.conf file: > > #---added per AUSCERT bulletin AL-2005.001, Jan 4, 2005 > deny|\.bmp$|Windows bitmap file|Possible buffer overflow in > Explorer/Outlook > deny|\.ico$|Windows icon file|Possible buffer overflow in > Explorer/Outlook > deny|\.ani$|Windows animated cursor file|Possible buffer overflow in > Explorer/Outlook > deny|\.cur$|Windows cursor file|Possible buffer overflow in > Explorer/Outlook > deny|\.hlp$|Windows Help file|Possible buffer overflow in > Explorer/Outlook > > I replaced tabs with the pipe symbol (|) for this email. Maybe this > should be rolled into the next edition of MailScanner? > > ---------- Forwarded message ---------- > Date: Tue, 4 Jan 2005 05:34:25 UT > From: auscert@auscert.org.au > Reply-To: national-alerts@auscert.org.au > To: national-alerts@auscert.org.au > Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.001) Three vulnerabilities in > Microsoft Windows and Internet Explorer > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > =========================================================================== > > A U S C E R T A L E > R T > > AL-2005.001 -- AUSCERT ALERT > Three vulnerabilities in Microsoft Windows and Internet Explorer > 4 January 2005 > > =========================================================================== > > > AusCERT Alert Summary > --------------------- > > Product: Microsoft Internet Explorer > Microsoft Outlook > Microsoft Outlook Express > Microsoft Windows > Operating System: Windows > Impact: Execute Arbitrary Code/Commands > Denial of Service > Access: Remote/Unauthenticated > CVE Names: CAN-2004-1305 CAN-2004-1306 > > > SUMMARY: > > This alert describes three vulnerabilities in Microsoft Internet > Explorer and other Windows components that may allow the remote > execution of arbitrary code and denial of service. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Tue Jan 4 16:02:34 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and SpamAssassin 3.0.2 - AutoWhiteList not working Message-ID: Hello! I just noticed that my spamassassin setup was using AWL, which I know I had disabled. So I looked in my Mailscanner.conf and I see : SpamAssassin Auto Whitelist = no Ok, so it's disabled. Stop MailScanner, delete the auto_whitelist files, and restart MailScanner. There they come back. How odd. So I added the line : use_auto_whitelist 0 To my spam.assassin.prefs.conf, and voila Auto Whitelist is disabled. Has anyone see this before ? My modules etc are listed below. [root@hemlock MailScanner]# cd bin [root@hemlock bin]# ./MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.43 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000002 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 16:13:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and SpamAssassin 3.0.2 - AutoWhiteList not working Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, known problem. Switching off AWL in MailScanner.conf no longer appears to work, it hasn't ever worked with SA3, and I haven't been able to track down why. Not yet, anyway. Michael H. Martel wrote: > Hello! > > I just noticed that my spamassassin setup was using AWL, which I know > I had > disabled. So I looked in my Mailscanner.conf and I see : > > SpamAssassin Auto Whitelist = no > > Ok, so it's disabled. Stop MailScanner, delete the auto_whitelist files, > and restart MailScanner. There they come back. How odd. > > So I added the line : > > use_auto_whitelist 0 > > To my spam.assassin.prefs.conf, and voila Auto Whitelist is disabled. > > Has anyone see this before ? > > My modules etc are listed below. > > [root@hemlock MailScanner]# cd bin > [root@hemlock bin]# ./MailScanner -v > Running on > Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 > i686 unknown > This is Red Hat Linux release 7.3 (Valhalla) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.37.7 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.43 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 3.05 MIME::Base64 > 5.415 MIME::Decoder > 5.415 MIME::Decoder::UU > 5.415 MIME::Head > 5.415 MIME::Parser > 3.03 MIME::QuotedPrint > 5.415 MIME::Tools > 0.09 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.810 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.000002 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.32 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > martelm@quark.vsc.edu | Vermont State Colleges > http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Tue Jan 4 16:23:47 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Hello! A Mail Server at one of my colleges was listed as an Open Relay. It was and it is now fixed. It was re-submitted and now when I do a lookup I get this result : This host is not listed in ORDB as an open mail relay Main database status for vtcmail1.vtc.vsc.edu (155.42.16.30) The host vtcmail1.vtc.vsc.edu is not in the main database Queue status for vtcmail1.vtc.vsc.edu (155.42.16.30) Last added to the queue by: 155.42.89.158 Last added to the queue at: 2004-12-30 14:15 GMT This submission has been confirmed Teststatus: All probes have been dispatched However, earlier today I've been getting mail tagged by MailScanner as possible spam because it believes that this server is still an Open Relay. If I perform the following command, I see that it appears to still be an Open Relay. [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 Non-authoritative answer: Name: 30.16.42.155.relays.ordb.org Address: 127.0.0.2 Trying a machine that I know isn't in the list, returns the expected results. [mhm06090@sage .procmail]$ nslookup 49.1.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 49.1.42.155.relays.ordb.org: NXDOMAIN I restarted my named process on my DNS server (155.42.1.7), and now it returns correctly. What have I configured wrong on my DNS server that it's doing this? [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 30.16.42.155.relays.ordb.org: NXDOMAIN Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 4 16:32:51 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Probably nothing... You don't control the TTL of cached entries. I'd guess that the cache got cleared by the restart. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael H. Martel > Sent: den 4 januari 2005 17:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner and ORDB rbl > > > Hello! > > A Mail Server at one of my colleges was listed as an Open > Relay. It was > and it is now fixed. It was re-submitted and now when I do a > lookup I get > this result : > > This host is not listed in ORDB as an open mail relay > > Main database status for vtcmail1.vtc.vsc.edu (155.42.16.30) > > The host vtcmail1.vtc.vsc.edu is not in the main database > > Queue status for vtcmail1.vtc.vsc.edu (155.42.16.30) > Last added to the queue by: 155.42.89.158 > Last added to the queue at: 2004-12-30 14:15 GMT > This submission has been confirmed > Teststatus: All probes have been dispatched > > > However, earlier today I've been getting mail tagged by MailScanner as > possible spam because it believes that this server is still > an Open Relay. > > > If I perform the following command, I see that it appears to > still be an > Open Relay. > > [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org > Note: nslookup is deprecated and may be removed from future releases. > Consider using the `dig' or `host' programs instead. Run > nslookup with > the `-sil[ent]' option to prevent this message from appearing. > Server: 155.42.1.7 > Address: 155.42.1.7#53 > > Non-authoritative answer: > Name: 30.16.42.155.relays.ordb.org > Address: 127.0.0.2 > > > Trying a machine that I know isn't in the list, returns the expected > results. > > [mhm06090@sage .procmail]$ nslookup 49.1.42.155.relays.ordb.org > Note: nslookup is deprecated and may be removed from future releases. > Consider using the `dig' or `host' programs instead. Run > nslookup with > the `-sil[ent]' option to prevent this message from appearing. > Server: 155.42.1.7 > Address: 155.42.1.7#53 > > ** server can't find 49.1.42.155.relays.ordb.org: NXDOMAIN > > > I restarted my named process on my DNS server (155.42.1.7), and now it > returns correctly. What have I configured wrong on my DNS > server that it's > doing this? > > [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org > Note: nslookup is deprecated and may be removed from future releases. > Consider using the `dig' or `host' programs instead. Run > nslookup with > the `-sil[ent]' option to prevent this message from appearing. > Server: 155.42.1.7 > Address: 155.42.1.7#53 > > ** server can't find 30.16.42.155.relays.ordb.org: NXDOMAIN > > > Thanks! > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > martelm@quark.vsc.edu | Vermont State Colleges > http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Tue Jan 4 16:34:36 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:28:05 2006 Subject: SpamAssassin not being used by MS 4.37.7-1 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I upgraded to MS 4.37.7-1 today. After the upgrade I don't see any MS headers in my emails and spamassassin doesn't seem to be being used by MS anymore. In my MailScanner.conf I see, Use SpamAssassin = yes Spam Score Header = X-%org-name%-MailScanner-SpamScore: Spam Header = X-%org-name%-MailScanner-SpamCheck: Mail Header = X-%org-name%-MailScanner: So how do I know if the emails are being scanned by SpamAssassin at all? regards -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 16:37:26 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Michael H. Martel wrote: Snip > I restarted my named process on my DNS server (155.42.1.7), and now it > returns correctly. What have I configured wrong on my DNS server > that it's doing this? Nothing. You configured it properly. DNS caches the results so that you don't have to do a query to an authoritative server every time. At the top of every DNS table is a stanza w/various numbers. One of them is a time to live parameter. It tells a DNS server to keep that record around for X number of seconds (minutes?) That way, when your DNS server gets an answer from a remote server, it won't have to do a new lookup for several hours or even days. But since people move their machines around and change addresses from time to time you don't want to cache the responses forever as sooner or later some will be out of date so they expire. Your DNS server just had a fresh answer so it didn't bother to do a new lookup. Stopping and restarting cleared it's cache... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jan 4 16:38:44 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Perhaps it's caching the response for a determinate amount of time, set by the TTL's on the RBL servers? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael H. Martel Sent: Tuesday, January 04, 2005 11:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner and ORDB rbl Hello! A Mail Server at one of my colleges was listed as an Open Relay. It was and it is now fixed. It was re-submitted and now when I do a lookup I get this result : This host is not listed in ORDB as an open mail relay Main database status for vtcmail1.vtc.vsc.edu (155.42.16.30) The host vtcmail1.vtc.vsc.edu is not in the main database Queue status for vtcmail1.vtc.vsc.edu (155.42.16.30) Last added to the queue by: 155.42.89.158 Last added to the queue at: 2004-12-30 14:15 GMT This submission has been confirmed Teststatus: All probes have been dispatched However, earlier today I've been getting mail tagged by MailScanner as possible spam because it believes that this server is still an Open Relay. If I perform the following command, I see that it appears to still be an Open Relay. [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 Non-authoritative answer: Name: 30.16.42.155.relays.ordb.org Address: 127.0.0.2 Trying a machine that I know isn't in the list, returns the expected results. [mhm06090@sage .procmail]$ nslookup 49.1.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 49.1.42.155.relays.ordb.org: NXDOMAIN I restarted my named process on my DNS server (155.42.1.7), and now it returns correctly. What have I configured wrong on my DNS server that it's doing this? [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 30.16.42.155.relays.ordb.org: NXDOMAIN Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 16:41:54 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Michael H. Martel wrote: > > I restarted my named process on my DNS server (155.42.1.7), and now it > returns correctly. What have I configured wrong on my DNS server > that it's doing this? Just a quick followup. See http://www.dnsreport.com/tools/dnsreport.ch?domain=vtc.vsc.edu for a quick report on the state of your DNS. It's quite a handy site for doing sanity checks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jan 4 16:22:12 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:05 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Filchak wrote: > I'm sure it even makes popcorn!! ;-) > Probably Kettle Corn, and cotton candy too!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 16:58:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: SpamAssassin not being used by MS 4.37.7-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Start by checking that MailScanner is actually running at all, and also that you aren't running your old sendmail setup, which won't put anything in /var/spool/mqueue.in. Do a "tail -f /var/log/maillog" and see if MailScanner is saying anything. BG Mahesh wrote: >hi > >I upgraded to MS 4.37.7-1 today. After the upgrade I don't see any MS headers in my emails and spamassassin doesn't seem to be being used by MS anymore. In my MailScanner.conf I see, > >Use SpamAssassin = yes >Spam Score Header = X-%org-name%-MailScanner-SpamScore: >Spam Header = X-%org-name%-MailScanner-SpamCheck: >Mail Header = X-%org-name%-MailScanner: > >So how do I know if the emails are being scanned by SpamAssassin at all? > >regards > > >-- >B.G. Mahesh >bg.mahesh@indiainfo.com >http://www.indiainfo.com/ > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 4 17:44:59 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo and anyone who cares to respond, And if we weren't talking commercial? Any open source solution come to mind that is comparable? I want to ghost a small system drive on my firewall since I've been getting a few I/O errors lately... looking for a complete mirror so I can simply swap in the ghosted drive for a little insurance. thanks, k Ken Goods Network Administrator AIA Insurance, Inc. -----Original Message----- From: Ugo Bellavance [mailto:ugob@CAMO-ROUTE.COM] Sent: Tuesday, January 04, 2005 5:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] spam: Re: Mail Server problems Tracy Greggs wrote: > Another great option IMHO is Norton Ghost. I use Corporate version 8, Works > perfectly on every linux distro that I have used it on, including Fedora. > Snag a big drive, ghost it over and change your partitions to the sizes you > want and you are good to go. Ghost will image an ATA IDE drive at around > 500mb/min in my experience. The downtime is very minimal. If you're talking commercial, my first tought is Partition Magic. Of course, better make a backup before. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Tue Jan 4 18:11:35 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: Ken Goods wrote: > Ugo and anyone who cares to respond, > > And if we weren't talking commercial? Any open source solution come to mind > that is comparable? I want to ghost a small system drive on my firewall > since I've been getting a few I/O errors lately... looking for a complete > mirror so I can simply swap in the ghosted drive for a little insurance. > When I build my new mail servers a few weeks ago, I built one up and tested it. When it worked the way I wanted I just logged into the other machines, partitioned and formatted the drives like I wanted. Then I used dump over ssh to move the working server into the next server, and the next, and so on. I was installing on FreeBSD 5.2.1 boxes. Fast, simple, secure, and free. DAve > > -----Original Message----- > From: Ugo Bellavance [mailto:ugob@CAMO-ROUTE.COM] > Sent: Tuesday, January 04, 2005 5:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] spam: Re: Mail Server problems > > > Tracy Greggs wrote: > >>Another great option IMHO is Norton Ghost. I use Corporate version 8, > > Works > >>perfectly on every linux distro that I have used it on, including Fedora. >>Snag a big drive, ghost it over and change your partitions to the sizes > > you > >>want and you are good to go. Ghost will image an ATA IDE drive at around >>500mb/min in my experience. The downtime is very minimal. > > > If you're talking commercial, my first tought is Partition Magic. Of > course, better make a backup before. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at WEALDCLOSE.CO.UK Tue Jan 4 18:18:11 2005 From: mailscanner at WEALDCLOSE.CO.UK (Kristian Shaw) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, For imaging one drive to another either directly or via an FTP server I use ghost for unix. The destination drive needs to be identical or bigger as GFU doesn't resize file systems. http://rfhs8012.fh-regensburg.de/~feyrer/g4u/ For resizing drives I use QTParted which is available on SystemRescueCD, although I've only used this in anger with FAT32 and NTFS. http://www.sysresccd.org/ Kris. ----- Original Message ----- From: "Ken Goods" To: Sent: Tuesday, January 04, 2005 5:44 PM Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems > Ugo and anyone who cares to respond, > > And if we weren't talking commercial? Any open source solution come to mind > that is comparable? I want to ghost a small system drive on my firewall > since I've been getting a few I/O errors lately... looking for a complete > mirror so I can simply swap in the ghosted drive for a little insurance. > > thanks, > k > > Ken Goods > Network Administrator > AIA Insurance, Inc. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin.Spicer at BMRB.CO.UK Tue Jan 4 18:21:01 2005 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin (MBLEA it)) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich >When I build my new mail servers a few weeks ago, I built one up and tested it. When it worked the way I wanted I just >logged into the other machines, partitioned and formatted the drives like I wanted. Then I used dump over ssh to move >the working server into the next server, and the next, and so on. I was installing on FreeBSD 5.2.1 boxes. >Fast, simple, secure, and free. I've done similar things using ufsdump on solaris and occaisionally tar (although with data only I think). Of course if you're lucky enough to have mirrored hot swap disks in your servers the easiest way is just to break the mirror, pop in a new disk and wait for it to sync, voila! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jan 4 18:38:24 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Goodrich wrote: > Ken Goods wrote: > >> Ugo and anyone who cares to respond, >> >> And if we weren't talking commercial? Any open source solution come to >> mind >> that is comparable? I want to ghost a small system drive on my firewall >> since I've been getting a few I/O errors lately... looking for a complete >> mirror so I can simply swap in the ghosted drive for a little insurance. >> > > When I build my new mail servers a few weeks ago, I built one up and > tested it. When it worked the way I wanted I just logged into the other > machines, partitioned and formatted the drives like I wanted. Then I > used dump over ssh to move the working server into the next server, and > the next, and so on. I was installing on FreeBSD 5.2.1 boxes. > > Fast, simple, secure, and free. > > DAve > If i understand your requirements correctly, then you could checkout mondo rescue as well. http://www.microwerks.net/~hugo/ Basically you can create an image of an entire system without any downtime and store the isos either on the network or on a CD. Recovery can be done on a different drive on different hardware (doesn't need to be the same scsi controller etc..) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jan 4 18:42:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kristian Shaw wrote: > Hello, > > For imaging one drive to another either directly or via an FTP server I use > ghost for unix. The destination drive needs to be identical or bigger as GFU > doesn't resize file systems. > > http://rfhs8012.fh-regensburg.de/~feyrer/g4u/ > > For resizing drives I use QTParted which is available on SystemRescueCD, > although I've only used this in anger with FAT32 and NTFS. I haven't been able to get QTParted to resize ext3 partitions, so I guess you would have to convert to ext2 before the resize. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Tue Jan 4 18:54:06 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > If i understand your requirements correctly, then you could checkout > mondo rescue as well. > > http://www.microwerks.net/~hugo/ > > Basically you can create an image of an entire system without any > downtime and store the isos either on the network or on a CD. Recovery > can be done on a different drive on different hardware (doesn't need to > be the same scsi controller etc..) The new website for mondo rescue is: http://mondorescue.org Also, the more similar the hardware, the better. Don't expect to back up a Pentium and restore to an Athlon, for example. But certainly different disk sizes and partition layouts can be done easily. It helps if you have your system set up to check for new hardware on bootup, so for example, have kudzu set up to run on RedHat or Fedora systems. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 19:14:24 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: Two quick questions Message-ID: I'm building a new MailScanner box on SuSE 9.2 and have a couple quick questions on clamav. The current stable tarball is listed as .80 There are some .rpms built that are listed as .80-1.1. Do I need the .80-1.1 version or is the stable .80 tarball fine? Historically I've always installed from the tarball and am undecided if using .rpms would be a step forward or backward as far as upgrading in the future. Also, there's two rpm files listed: clamav and clamav-db. Do I need both? If I install from the tarball will it include both? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jan 4 19:32:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Ugo and anyone who cares to respond, > > And if we weren't talking commercial? Any open source solution come to mind > that is comparable? I want to ghost a small system drive on my firewall > since I've been getting a few I/O errors lately... looking for a complete > mirror so I can simply swap in the ghosted drive for a little insurance. > > thanks, > k Yes, I just found that: http://www.sysresccd.org/ In fact, I found it a couple of months ago, but didn't have time to test it. You boot on it and you can run qtQparted, wich is a Partition-magic clone. For your ghost issue, it also provides partimage wich is a client-server imaging software. Hope this helps, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jan 4 19:35:22 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mark Nienberg wrote: > Dhawal Doshy wrote: > >> If i understand your requirements correctly, then you could checkout >> mondo rescue as well. >> >> http://www.microwerks.net/~hugo/ >> >> Basically you can create an image of an entire system without any >> downtime and store the isos either on the network or on a CD. Recovery >> can be done on a different drive on different hardware (doesn't need to >> be the same scsi controller etc..) > > > The new website for mondo rescue is: > http://mondorescue.org > > Also, the more similar the hardware, the better. Don't expect to back > up a Pentium and restore to an Athlon, for example. But certainly > different disk sizes and partition layouts can be done easily. It helps > if you have your system set up to check for new hardware on bootup, so > for example, have kudzu set up to run on RedHat or Fedora systems. I've been using mondo for a while, quite good, but the supports seems to be going down. :(. Have a look at DAR. http://dar.linux.free.fr/. I haven't tried it yet, but it seems to have a more stable history. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 4 19:58:52 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Yes, I just found that: > > http://www.sysresccd.org/ > > In fact, I found it a couple of months ago, but didn't have time to > test it. > > You boot on it and you can run qtQparted, wich is a Partition-magic > clone. > > For your ghost issue, it also provides partimage wich is a > client-server imaging software. > > Hope this helps, > > Ugo > Ugo (and all others who were kind enough to post), Thank you very much for the info... gave me a good start and is appreciated much. Kind regards, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fdalmoro at HOTPOP.COM Tue Jan 4 20:20:08 2005 From: fdalmoro at HOTPOP.COM (Fernando) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, sorry if I didn't include something that could have been useful, I'm not too familiar with linux in general so I'm not sure where to start. Currently I have a RH 8 server scanning messages using Mailscanner/sendmail/AV. There are about 25 domains on this scanner but everything is set to relay to another email server with IMail and one domain points to an exchange server. Needless to say that the exchange server is down every other weekend so what I would like to do is keep the email's 'mailbagged' on the RH server whenever the exchange server goes down. It would only be for the specific domain, I don't want to turn this feature on for all of the domains. Can anyone please point me in the right direction? Thanks Fernando ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Tue Jan 4 20:42:40 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fernando wrote: > Hello, sorry if I didn't include something that could have been useful, > I'm not too familiar with linux in general so I'm not > sure where to start. > > Currently I have a RH 8 server scanning messages using > > Mailscanner/sendmail/AV. There are about 25 domains on this scanner but > everything is set to relay to another email server with IMail and one > domain points to an exchange server. > > Needless to say that the exchange server is down every other weekend so > what I would like to do is keep the email's 'mailbagged' on the RH > server whenever the exchange server goes down. It would only be for the > specific domain, I don't want to turn this feature on for all of the > domains. > You shouldn't have to do anything special as sendmail normally queues mail for 5 days by default, so if the receiving mail server is unreponsive the mail should not be lost - works for us :) Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Tue Jan 4 20:51:23 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: Just want everyone to know what a peice of SHIT Exchange server 2003 really is!! It has put another patch of grey hair on my head just in the last 24 hours .. . .. . . Just venting..I feel a little better. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 4 20:56:40 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: Gang, We have been using Qualcomm's qpopper here for ages. I'm trying to get TLS/SSL working with it and the documentation is weak. I'm just wondering what others use for open-source POP servers out there. Suggestions for good secure documented code, please... Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jan 4 21:09:57 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson writes: > Gang, > > We have been using Qualcomm's qpopper here for ages. I'm trying to > get TLS/SSL working with it and the documentation is weak. I'm just > wondering what others use for open-source POP servers out there. > Suggestions for good secure documented code, please... > > Jeff Earickson > Colby College mbox / maildir? for maildir, courier-imap is a brilliant option, so is the in-built pop3 server in qmail.. not too sure about mbox though. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fdalmoro at HOTPOP.COM Tue Jan 4 21:14:07 2005 From: fdalmoro at HOTPOP.COM (Fernando) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: Fernando wrote: Hello, sorry if I didn't include something that could have been useful, I'm not too familiar with linux in general so I'm not sure where to start. Currently I have a RH 8 server scanning messages using Mailscanner/sendmail/AV. There are about 25 domains on this scanner but everything is set to relay to another email server with IMail and one domain points to an exchange server. Needless to say that the exchange server is down every other weekend so what I would like to do is keep the email's 'mailbagged' on the RH server whenever the exchange server goes down. It would only be for the specific domain, I don't want to turn this feature on for all of the domains. You shouldn't have to do anything special as sendmail normally queues mail for 5 days by default, so if the receiving mail server is unreponsive the mail should not be lost - works for us :) Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Oh great, that's easier than I thought ;) . Do you know where I can look to make sure that the setting is correct or to extend the timeout periods? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 4 21:16:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: sorry... mbox format. On Wed, 5 Jan 2005, Dhawal Doshy wrote: > Date: Wed, 5 Jan 2005 02:39:57 +0530 > From: Dhawal Doshy > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: what POP server code do you use? > > Jeff A. Earickson writes: > >> Gang, >> >> We have been using Qualcomm's qpopper here for ages. I'm trying to >> get TLS/SSL working with it and the documentation is weak. I'm just >> wondering what others use for open-source POP servers out there. >> Suggestions for good secure documented code, please... >> >> Jeff Earickson >> Colby College > > mbox / maildir? > > for maildir, courier-imap is a brilliant option, so is the in-built pop3 > server in qmail.. not too sure about mbox though. > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.siddall at ELIRION.NET Tue Jan 4 21:19:39 2005 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: Jeff A. Earickson wrote: > Gang, > > We have been using Qualcomm's qpopper here for ages. I'm trying to > get TLS/SSL working with it and the documentation is weak. I'm just > wondering what others use for open-source POP servers out there. > Suggestions for good secure documented code, please... > > Jeff Earickson > Colby College > Jeff, What problems are you having? We have had qpopper with TLS/SSL working on a lab machine for quite a while. Looks like we built it passing "--with-openssl" to ./configure. From /etc/inetd.conf (watch the line wrap): # # Pop and imap mail services et al # pop-3 stream tcp nowait root /usr/sbin/tcpd in.qpopper -R -f /etc/mail/qpopper-110.config spop3 stream tcp nowait root /usr/sbin/tcpd in.qpopper -R -f /etc/mail/qpopper-995.config And stuck some configuration files in /etc/mail: more /etc/mail/qpopper-* :::::::::::::: qpopper-110.config :::::::::::::: set tls-support = stls set config-file = /etc/mail/qpopper-tls.config :::::::::::::: qpopper-995.config :::::::::::::: set tls-support = alternate-port set config-file = /etc/mail/qpopper-tls.config :::::::::::::: qpopper-tls.config :::::::::::::: set tls-server-cert-file = /home/sites/home/certs/certificate set tls-private-key-file = /home/sites/home/certs/key The certificate and key are commercial. As far as I remember, we did not try self-signed certs. This set-up lets you do secure POP over port 995, or have the mail client request TLS on the standard POP port, 110. Both ports use the same certificate. Regards, Richard Siddall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Leonard.Hermens at POTLATCHCORP.COM Tue Jan 4 21:24:06 2005 From: Leonard.Hermens at POTLATCHCORP.COM (Leonard Hermens) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: At 01:14 PM 1/4/2005, Fernando wrote: >Oh great, that's easier than I thought ;) . Do you know where I can look >to make sure that the setting is correct or to extend the timeout periods? > >Thanks The raw config file is usually /etc/mail/sendmail.cf Look for: O Timeout.queuereturn=2h O Timeout.queuewarn=1h The times shown here are 1 hour for warnings and two hours to return the mail. The time can be set for 7d for seven days, etc. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Leonard.Hermens at POTLATCHCORP.COM Tue Jan 4 21:27:35 2005 From: Leonard.Hermens at POTLATCHCORP.COM (Leonard Hermens) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: At 12:51 PM 1/4/2005, James R. Stevens wrote: >Just want everyone to know what a peice of SH*T Exchange server 2003 >really is!! It has put another patch of grey hair on my head just in the >last 24 hours Would you mind sharing (briefly) your issues? We are fully open source for email here, but I like to find out some of the issues people are having with the other side of things. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Tue Jan 4 21:42:50 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Oh great, that's easier than I thought ;) . Do you know where I can look > to make sure that the setting is correct or to extend the timeout You'll know if the settings are correct if you are getting the mail on the correct server :) As for the timeout - that would be a sendmail thing. I know you can modify it, but I haven't ever messed with that - the default setting is usually more than enough. If your mail server is down for more than 5 days you might as well close up shop! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fdalmoro at HOTPOP.COM Tue Jan 4 21:47:59 2005 From: fdalmoro at HOTPOP.COM (Fernando) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: Oh great, that's easier than I thought ;) . Do you know where I can look to make sure that the setting is correct or to extend the timeout You'll know if the settings are correct if you are getting the mail on the correct server :) As for the timeout - that would be a sendmail thing. I know you can modify it, but I haven't ever messed with that - the default setting is usually more than enough. If your mail server is down for more than 5 days you might as well close up shop! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Yeah that's true. Thanks to the respondents!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Tue Jan 4 21:59:33 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: Absolutely, We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal execpt The name of the domain needs changing. Trusts are enabled migrations have been tested. I just need to make the second(Future domain name)accepted the forwarded mail from the old Domain controller/Exchane server. SMTP Gateway MS + SA + ClamAV Pushes mail to Exchange server via DomainTable. All is great but the new 2003 DC/Echane server will not accept the orwarded mail. Getting: no valid recipiets and unable to relay will talking to Is something I'm missing on the new config. -----Original Message----- From: Leonard Hermens [mailto:Leonard.Hermens@POTLATCHCORP.COM] Sent: Tuesday, January 04, 2005 3:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Why oh Why!! At 12:51 PM 1/4/2005, James R. Stevens wrote: >Just want everyone to know what a peice of SH*T Exchange server 2003 >really is!! It has put another patch of grey hair on my head just in the >last 24 hours Would you mind sharing (briefly) your issues? We are fully open source for email here, but I like to find out some of the issues people are having with the other side of things. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From krausem at gmail.com Tue Jan 4 22:13:04 2005 From: krausem at gmail.com (Matt Krause) Date: Thu Jan 12 21:28:05 2006 Subject: Differences between spamassassin rules in MailScanner.conf Message-ID: I am trying to figure out the difference between the following settings in the MailScanner.conf file? # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin # The site-local rules are searched for here, and in prefix/etc/spamassassin, # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, # /etc/mail/spamassassin, and maybe others. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin SpamAssassin Local Rules Dir = # The default rules are searched for here, and in prefix/share/spamassassin, # /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin SpamAssassin Default Rules Dir = Thanks. -- Matt Krause krausem@gmail.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 22:23:16 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: Slightly OT: Installing Razor Message-ID: I just tried to install Razor2 prior to installing MailScanner, and the 'make test' portion went fine except for this: t/heuristic......Failed test 7 I googled for it, but only found others that had the same issue - no replies. Is this a showstopper? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Tue Jan 4 22:49:09 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. Regards -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: Tuesday, January 04, 2005 08:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Rules are set to store and delete. Archive Mail in MailScanner.conf is empty More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. Regards ________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn Sent: Tuesday, January 04, 2005 08:12 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. Do you archive mails? Perhaps to a mailbox?   -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: den 4 januari 2005 01:51 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: [root@gw-m log]# grep 6FD731C0008 maillog Jan  3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com  with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com  (comcast.net  241.136.137.254)??by optonline.net  (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com  (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> Jan  3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) Jan  3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete Jan  3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 Jan  3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? If you need more information, please let me know. Regards ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Tue Jan 4 23:23:14 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:05 2006 Subject: Slightly OT: Installing Razor Message-ID: On Tue, 4 Jan 2005, Kevin Miller wrote: > I just tried to install Razor2 prior to installing MailScanner, and the > 'make test' portion went fine except for this: > > t/heuristic......Failed test 7 > > I googled for it, but only found others that had the same issue - no > replies. > > Is this a showstopper? Nope, just do a 'make install' and you should be off to the races... be sure and do all the extra little steps required to setup Razor, per the docs. When you are done do a 'spamassassin -D --lint' and look for the Razor2 available line. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Wed Jan 5 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: Is this an upgrade from exchange 2000 to 2003 as well? Errol -----Original Message----- From: "James R. Stevens" Date: Tue, 4 Jan 2005 15:59:33 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Why oh Why!! Absolutely, We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal execpt The name of the domain needs changing. Trusts are enabled migrations have been tested. I just need to make the second(Future domain name)accepted the forwarded mail from the old Domain controller/Exchane server. SMTP Gateway MS + SA + ClamAV Pushes mail to Exchange server via DomainTable. All is great but the new 2003 DC/Echane server will not accept the orwarded mail. Getting: no valid recipiets and unable to relay will talking to Is something I'm missing on the new config. -----Original Message----- From: Leonard Hermens [mailto:Leonard.Hermens@POTLATCHCORP.COM] Sent: Tuesday, January 04, 2005 3:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Why oh Why!! At 12:51 PM 1/4/2005, James R. Stevens wrote: >Just want everyone to know what a peice of SH*T Exchange server 2003 >really is!! It has put another patch of grey hair on my head just in the >last 24 hours Would you mind sharing (briefly) your issues? We are fully open source for email here, but I like to find out some of the issues people are having with the other side of things. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 01:35:10 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try reading up on Recipient Update Policies in Exchange 2003. If the new SMTP address is not in the profile's listing then Exchange will reject the mail with the error that you mentioned. Exchange needs to know that it is responsible for another domain name or it will consider it a relay and consequently dump the connection. On the Exchange 2003 box: Start > All Programs > Exchange 2003 > System Manager Inside system manager: Recipients > Recipient Policies > Default Policy (right click to get properties) Add the new domain under Email Addresses (Policy) and enable it to add the new domain to Exchange. -Vlad Errol Uriel Neal Jr. wrote: >Is this an upgrade from exchange 2000 to 2003 as well? > >Errol >-----Original Message----- >From: "James R. Stevens" >Date: Tue, 4 Jan 2005 15:59:33 >To:MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Why oh Why!! > >Absolutely, > >We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal >execpt The name of the domain needs changing. > >Trusts are enabled migrations have been tested. I just need to make the >second(Future domain name)accepted the forwarded mail from the old >Domain controller/Exchane server. > >All is great but the new 2003 DC/Echane server will not accept the >orwarded mail. > >Getting: no valid recipiets and unable to relay will >talking to > >Is something I'm missing on the new config. > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 01:37:15 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Take a look at Dovecot. Development on it is very active and its very flexible. -Vlad >> >> We have been using Qualcomm's qpopper here for ages. I'm trying to >> get TLS/SSL working with it and the documentation is weak. I'm just >> wondering what others use for open-source POP servers out there. >> Suggestions for good secure documented code, please... > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Wed Jan 5 05:56:49 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I second dovecot. I have been using it with Maildir for a year now. Easy, real easy to get working. Its IMAP functions are really nice too. Schrock > Take a look at Dovecot. Development on it is very active and its very > flexible. > > -Vlad > >>> >>> We have been using Qualcomm's qpopper here for ages. I'm trying to >>> get TLS/SSL working with it and the documentation is weak. I'm just >>> wondering what others use for open-source POP servers out there. >>> Suggestions for good secure documented code, please... >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 06:46:33 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:05 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: I would like to configure Sendmail outgoing to not generate a 'bounce reply' if the target user is 'unknown or invalid'. Basically if Sendmail Outgoing is unable to deliver it then it should keep attempting to deliver, but if its told by the receiving server the user doesn't exist then I don't want it to reply back to the spammer that it doesn't exist, instead it should just discard the email. Anyone know if Sendmail can be configured in this way? Sick of seeing the server attempt to delivery thousands of invalid or unknown user replies usually to invalid FROM addresses. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlm at LOANPROCESSING.NET Wed Jan 5 06:57:19 2005 From: mlm at LOANPROCESSING.NET (Mike McMullen) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ----- Original Message ----- From: "Avery Day" To: Sent: Tuesday, January 04, 2005 9:56 PM Subject: Re: OT: what POP server code do you use? >I second dovecot. I have been using it with Maildir for a year now. > Easy, real easy to get working. Its IMAP functions are really nice too. > > Schrock > >> Take a look at Dovecot. Development on it is very active and its very >> flexible. >> >> -Vlad >> >>>> >>>> We have been using Qualcomm's qpopper here for ages. I'm trying to >>>> get TLS/SSL working with it and the documentation is weak. I'm just >>>> wondering what others use for open-source POP servers out there. >>>> Suggestions for good secure documented code, please... >>> I'll gladly third the usefullness of dovecot. I migrated our office Sunday from FC1 + UW-IMAP to FC3 and dovecot using mbox format. It was almost trivial and the performance increase was like 3-5 times for large (400MB+) mbox folders. I have TLS/SSL working with it for all my out of office employees and aside from resetting their listed imap folders (in OE) or refreshing their folder list (Netscape) no one had to do anything funky Monday morning and it all worked. Dovecot may take some extra work for POP3 UID compatibility. Check out http://dovecot.org/. Also see http://wiki.dovecot.org/Migration for migration info from different IMAP Hope this helps, Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Wed Jan 5 08:35:26 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:28:05 2006 Subject: Sv: Re: Some messages gets stuck in postfix/hold Message-ID: It looks like it's working now. It have probably passed a couple of 1000 mails and no mails hanging in hold now... I have put clamav before panda and have mailwatch disabled. Will try to enable mailwatch now and see if it still works out. If, then the problem is Panda in some way.. /Andreas, Hallsberg, Sweden. >>> Glenn.Steen@AP1.SE 2005-01-04 15:04:25 >>> Do you get anything more interresting if you run it through with just one of the av-scanners? Or if you run it in debug mode? -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andreas Svensson > Sent: den 4 januari 2005 08:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Some messages gets stuck in postfix/hold > > > Good Morning. > I have a problem with Mailscanner on Postfix running as a gateway in > front of my Groupwise server. > Some, very few messages gets stuck in hold directory of postfix spool. > It looks like these messages only are spam or virus. > Yesterday i had like 20 mails from the past two weeks. > Its like 1 or 2 mails per day gets stuck there. > So i cleaned it up manually yesterday but this morning i had 1 new. > > The server is a Compaq DL360 with > SuSE Linux Enterprise 9 > postfix-2.1.1-1.4 > MailScanner 4.36.4 > SpamAssassin 3.0.1 > > Thanks for any help! > /Andreas Svensson, Hallsberg, Sweden. > -Here comes a cut from the log from tonights: > > Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from > unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: > client=unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: > header Received: from hallsberg.se (unknown [84.217.26.111])??by > mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for > ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) > from unknown[84.217.26.111]; from= > to= proto=SMTP helo= > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: > message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> > Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from > unknown[84.217.26.111] > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting > Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content > Scanning: Starting > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: > /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database > connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising > database connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content > Scanning: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: > /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database > connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising > database connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting > Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content > Scanning: Starting > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: > /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: > /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database > connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising > database connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock > Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content > Scanning: Starting > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: > /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:26:27 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: Just take care to verify (as best as possible) any image you make. Imaging a drive on the imminent path to posterity can be less than easy. I find the smartmontool to be a good thing(tm), to catch drives *before* they go bad. Have a look at http://smartmontools.sourceforge.net/ -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ken Goods > Sent: den 4 januari 2005 20:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: RE: spam: Re: Mail Server problems > > > Ugo Bellavance wrote: > > > Yes, I just found that: > > > > http://www.sysresccd.org/ > > > > In fact, I found it a couple of months ago, but didn't have time to > > test it. > > > > You boot on it and you can run qtQparted, wich is a Partition-magic > > clone. > > > > For your ghost issue, it also provides partimage wich is a > > client-server imaging software. > > > > Hope this helps, > > > > Ugo > > > > Ugo (and all others who were kind enough to post), > > Thank you very much for the info... gave me a good start and > is appreciated > much. > > Kind regards, > Ken > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:42:33 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: Two quick questions Message-ID: In my experience, going with rpms for clamav is a bad thing. You always want to stay with the latest (stable) tarball, and it might take a while for the rpms to be generated. And it is a fast/simple build/install...:) If you go with rpm you'd need a "seed database" and the actual program package. I think you could guess which is which:-) I've not looked at any clamav rpms in a while, but... Isn't it likely that the "-1,1" is the rpm packaging version, and have next to nothing to do with the clamav versioning? -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller Sent: den 4 januari 2005 20:14 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Two quick questions I'm building a new MailScanner box on SuSE 9.2 and have a couple quick questions on clamav. The current stable tarball is listed as .80 There are some .rpms built that are listed as .80-1.1. Do I need the .80-1.1 version or is the stable .80 tarball fine? Historically I've always installed from the tarball and am undecided if using .rpms would be a step forward or backward as far as upgrading in the future. Also, there's two rpm files listed: clamav and clamav-db. Do I need both? If I install from the tarball will it include both? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 09:48:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can anyone else reproduce this problem for me please? I have tried to make it do it, and I can't reproduce it. It works fine on my test systems. Mailing List wrote: >Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. > >Regards > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: Tuesday, January 04, 2005 08:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Rules are set to store and delete. >Archive Mail in MailScanner.conf is empty > >More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. > >Regards > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn >Sent: Tuesday, January 04, 2005 08:12 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. >Do you archive mails? Perhaps to a mailbox? > >-- Glenn >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: den 4 januari 2005 01:51 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: > >[root@gw-m log]# grep 6FD731C0008 maillog >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> >Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL > >This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? > >If you need more information, please let me know. > >Regards >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:48:46 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hopefully Julian will have (time to have) a look. -- Glenn (who is swamped until sometime next week) > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > Sent: den 4 januari 2005 23:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > Downgrading back to 4.36.4-1 seems to have corrected the HIGH > SPAM being delivered situation, will be monitoring closely > for the next few hours and will probably downgrade my other > MailScanner installations. > > Regards > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > Sent: Tuesday, January 04, 2005 08:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > Rules are set to store and delete. > Archive Mail in MailScanner.conf is empty > > More information: this behavior started as soon as I > upgraded, this does not seem to happen for all domains. > > Regards > > ________________________________________ > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: Tuesday, January 04, 2005 08:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > As far as lil' ol' me can tell the unique-ID thing shouldn't > have any bearing on this. > Do you archive mails? Perhaps to a mailbox? >   > -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > Sent: den 4 januari 2005 01:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > Since the upgrade i see strange behaviors, some mails marked > as High Spam are still delivered, here is an excerpt of my maillog: > > [root@gw-m log]# grep 6FD731C0008 maillog > Jan  3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: > client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id > 6FD731C0008??for lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from acs-inc.com (36.84.32.127) by > azn7-s607.rr.com  with Microsoft SMTPSVC(8.3.3049.5537);?? > Mon, 03 Jan 2005 16:13:26 -0200 from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from optonline.com  (comcast.net  > 241.136.137.254)??by optonline.net  (8.12.10/8.12.9) with > ESMTP id pir7B117??for ; Mon, 03 Jan 2005 > 22:14:26 +0400 (ES from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from X99861626404 > (modemcable6.559-26.cpe.abbeypress.com > 186.145.54.36)??(authenticated bits=0)??by optonline.com  > (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> > Jan  3 13:15:05 gw-m MailScanner[31923]: Message > 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) > to domain.com is spam, SpamAssassin (score=37.036, required > 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC > 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, > HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, > HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, > MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, > MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK > 3.45, X_MESSAGE_INFO 4.24) > Jan  3 13:15:05 gw-m MailScanner[31923]: Spam Actions: > message 6FD731C0008.642D2 actions are store,delete > Jan  3 13:15:05 gw-m MailScanner[31923]: Requeue: > 6FD731C0008.642D2 to B91C41C0006 > Jan  3 13:15:06 gw-m MailScanner[31923]: Logging message > 6FD731C0008.642D2 to SQL > > This seems to be a "new" behavior, maybe inline with the > change to "Archive Mail" and unique message-ids ?!? > > If you need more information, please let me know. > > Regards > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:50:48 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Not until next week, sorry. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 5 januari 2005 10:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > Can anyone else reproduce this problem for me please? > I have tried to make it do it, and I can't reproduce it. It works fine > on my test systems. > > Mailing List wrote: > > >Downgrading back to 4.36.4-1 seems to have corrected the > HIGH SPAM being delivered situation, will be monitoring > closely for the next few hours and will probably downgrade my > other MailScanner installations. > > > >Regards > > > >-----Original Message----- > >From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > >Sent: Tuesday, January 04, 2005 08:21 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > >Rules are set to store and delete. > >Archive Mail in MailScanner.conf is empty > > > >More information: this behavior started as soon as I > upgraded, this does not seem to happen for all domains. > > > >Regards > > > >________________________________________ > >From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > >Sent: Tuesday, January 04, 2005 08:12 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > >As far as lil' ol' me can tell the unique-ID thing shouldn't > have any bearing on this. > >Do you archive mails? Perhaps to a mailbox? > > > >-- Glenn > >-----Original Message----- > >From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > >Sent: den 4 januari 2005 01:51 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Since the upgrade i see strange behaviors, some mails marked > as High Spam are still delivered, here is an excerpt of my maillog: > > > >[root@gw-m log]# grep 6FD731C0008 maillog > >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: > client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id > 6FD731C0008??for lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from acs-inc.com (36.84.32.127) by > azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? > Mon, 03 Jan 2005 16:13:26 -0200 from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from optonline.com (comcast.net > 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with > ESMTP id pir7B117??for ; Mon, 03 Jan 2005 > 22:14:26 +0400 (ES from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from X99861626404 > (modemcable6.559-26.cpe.abbeypress.com > 186.145.54.36)??(authenticated bits=0)??by optonline.com > (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> > >Jan 3 13:15:05 gw-m MailScanner[31923]: Message > 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) > to domain.com is spam, SpamAssassin (score=37.036, required > 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC > 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, > HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, > HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, > MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, > MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK > 3.45, X_MESSAGE_INFO 4.24) > >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: > message 6FD731C0008.642D2 actions are store,delete > >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: > 6FD731C0008.642D2 to B91C41C0006 > >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message > 6FD731C0008.642D2 to SQL > > > >This seems to be a "new" behavior, maybe inline with the > change to "Archive Mail" and unique message-ids ?!? > > > >If you need more information, please let me know. > > > >Regards > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 5 10:08:09 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Hi! > Can anyone else reproduce this problem for me please? > I have tried to make it do it, and I can't reproduce it. It works fine > on my test systems. >> Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being >> delivered situation, will be monitoring closely for the next few hours and >> will probably downgrade my other MailScanner installations. Works fine here also, strange. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Wed Jan 5 12:25:39 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:06 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Thanks! That solved the issue. Haven't got a clue however why I did not run into this problem earlier or on other boxes I installed. I checked the HOME setting for cron in /etc/passwd but not the HOME setting in /etc/crontab On Tue, 4 Jan 2005, Koen Teugels wrote: > on RH you have to change in the /etc/crontab HOME to /root if you run > the updates in cron.. Maybe on other linux dist. is it the same. > > Koen > > Remco Barendse wrote: > >> Could it be one of the perl modules that is outdated? >> >> I do remember seeing something similar on the list. >> >> Cheers! >> Remco >> >> On Sun, 2 Jan 2005, Remco Barendse wrote: >> >>> This is from /etc/passwd >>> root:x:0:0:root:/root:/bin/bash >>> cron:x:16:16:cron:/var/spool/cron:/bin/false >>> >>> Guess that's not it, nor the root of the cron user? >>> >>> I have this behaviour on a gentoo box and on a RHEL box. >>> >>> >>> >>> On Sun, 2 Jan 2005, Julian Field wrote: >>> >>>> Yes, but where is the home dir of the root user, according to >>>> /etc/passwd? >>>> >>>> Remco Barendse wrote: >>>> >>>>> Hi list! >>>>> >>>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in >>>>> the >>>>> root >>>>> of my filesystem. >>>>> >>>>> When I delete them, they keep coming back. Shouldn't they be in the >>>>> homedir of the root user? >>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Wed Jan 5 12:57:43 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Hi Julian, How can I help you, in isolating and resolving this issue? Thanks Guy -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 05, 2005 04:49 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Can anyone else reproduce this problem for me please? I have tried to make it do it, and I can't reproduce it. It works fine on my test systems. Mailing List wrote: >Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. > >Regards > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: Tuesday, January 04, 2005 08:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Rules are set to store and delete. >Archive Mail in MailScanner.conf is empty > >More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. > >Regards > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn >Sent: Tuesday, January 04, 2005 08:12 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. >Do you archive mails? Perhaps to a mailbox? > >-- Glenn >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: den 4 januari 2005 01:51 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: > >[root@gw-m log]# grep 6FD731C0008 maillog >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> >Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL > >This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? > >If you need more information, please let me know. > >Regards >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Wed Jan 5 13:31:47 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Running on Linux server.mydomain.com 2.4.21-27.0.1.ELsmp #1 SMP Fri Dec 24 13:30:32 EST 2004 i686 i686 i386 GNU/Linux This is White Box Enterprise Linux release 3.0 (Liberation Respin 1) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.44 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.00 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000001 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.19 URI -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: Wednesday, January 05, 2005 07:58 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Hi Julian, How can I help you, in isolating and resolving this issue? Thanks Guy -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 05, 2005 04:49 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Can anyone else reproduce this problem for me please? I have tried to make it do it, and I can't reproduce it. It works fine on my test systems. Mailing List wrote: >Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. > >Regards > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: Tuesday, January 04, 2005 08:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Rules are set to store and delete. >Archive Mail in MailScanner.conf is empty > >More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. > >Regards > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn >Sent: Tuesday, January 04, 2005 08:12 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. >Do you archive mails? Perhaps to a mailbox? > >-- Glenn >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: den 4 januari 2005 01:51 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: > >[root@gw-m log]# grep 6FD731C0008 maillog >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> >Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL > >This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? > >If you need more information, please let me know. > >Regards >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 13:49:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would need root ssh access, and would have to be able to shut down mail services there for a time, while I try to debug what is going wrong. Is this a production system? Mailing List wrote: >Hi Julian, > > How can I help you, in isolating and resolving this issue? > >Thanks >Guy > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Wednesday, January 05, 2005 04:49 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Can anyone else reproduce this problem for me please? >I have tried to make it do it, and I can't reproduce it. It works fine >on my test systems. > >Mailing List wrote: > > > >>Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM >> >> >being delivered situation, will be monitoring closely for the next few >hours and will probably downgrade my other MailScanner installations. > > >>Regards >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >Behalf Of Mailing List > > >>Sent: Tuesday, January 04, 2005 08:21 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >> >>Rules are set to store and delete. >>Archive Mail in MailScanner.conf is empty >> >>More information: this behavior started as soon as I upgraded, this >> >> >does not seem to happen for all domains. > > >>Regards >> >>________________________________________ >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >Behalf Of Steen, Glenn > > >>Sent: Tuesday, January 04, 2005 08:12 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >> >>As far as lil' ol' me can tell the unique-ID thing shouldn't have any >> >> >bearing on this. > > >>Do you archive mails? Perhaps to a mailbox? >> >>-- Glenn >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >Behalf Of Mailing List > > >>Sent: den 4 januari 2005 01:51 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >>Since the upgrade i see strange behaviors, some mails marked as High >> >> >Spam are still delivered, here is an excerpt of my maillog: > > >>[root@gw-m log]# grep 6FD731C0008 maillog >>Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: >> >> >client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net >(lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by >gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for >lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with >Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from >lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from optonline.com (comcast.net 241.136.137.254)??by >optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for >; Mon, 03 Jan 2005 22:14:26 +0400 (ES from >lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com >186.145.54.36)??(authenticated bits=0)??by optonline.com >(8.12.10/8.12.9) with ESMTP id yjl92H690j386??for lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: >> >> >message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> > > >>Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from >> >> >82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin >(score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK >2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, >HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, >HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, >MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI >2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) > > >>Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message >> >> >6FD731C0008.642D2 actions are store,delete > > >>Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to >> >> >B91C41C0006 > > >>Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message >> >> >6FD731C0008.642D2 to SQL > > >>This seems to be a "new" behavior, maybe inline with the change to >> >> >"Archive Mail" and unique message-ids ?!? > > >>If you need more information, please let me know. >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ivessm at softecusa.com Wed Jan 5 14:10:19 2005 From: ivessm at softecusa.com (Stewart M. Ives) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian, I'm no expert on sendmail but this might work for you. In the sendmail.mc file I have put the following: dnl # The following will route all mis-addressed mail to xxxxbad dnl # account and NOT return a user unknown msg. Started 20041024 define(`LUSER_RELAY',`local:xxxxbad') So far it has worked and routed all such mail to the account "xxxxbad". Don't foget to create such an account. Name it what ever you like. I go into this account every once in a while and delete all the mail out of it. Don't forget to regen your sendmail.cf file after you change the .mc file. Hope this helps. stew ---------- Original Message ----------- From: Brian Lewis To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 5 Jan 2005 06:46:33 +0000 Subject: Stop Sendmail from bouncing unknown user? > I would like to configure Sendmail outgoing to not generate a 'bounce > reply' if the target user is 'unknown or invalid'. Basically if Sendmail > Outgoing is unable to deliver it then it should keep attempting to > deliver, but if its told by the receiving server the user doesn't exist > then I don't want it to reply back to the spammer that it doesn't > exist, instead it should just discard the email. Anyone know if > Sendmail can be configured in this way? Sick of seeing the server > attempt to delivery thousands of invalid or unknown user replies > usually to invalid FROM addresses. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Wed Jan 5 16:23:44 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James Stevens) Date: Thu Jan 12 21:28:06 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I can get exchange to accept mail for both names I will be set. I.e. Domain.com and sub.domain.com can you point me to the multiple places to configure this? I must have missed something . -----Original Message----- From: "Vlad Mazek" Sent: 1/4/05 7:35:10 PM To: "MAILSCANNER@JISCMAIL.AC.UK" Subject: Re: Why oh Why!! Try reading up on Recipient Update Policies in Exchange 2003. If the new SMTP address is not in the profile's listing then Exchange will reject the mail with the error that you mentioned. Exchange needs to know that it is responsible for another domain name or it will consider it a relay and consequently dump the connection. On the Exchange 2003 box: Start > All Programs > Exchange 2003 > System Manager Inside system manager: Recipients > Recipient Policies > Default Policy (right click to get properties) Add the new domain under Email Addresses (Policy) and enable it to add the new domain to Exchange. -Vlad Errol Uriel Neal Jr. wrote: >Is this an upgrade from exchange 2000 to 2003 as well? > >Errol >-----Original Message----- >From: "James R. Stevens" >Date: Tue, 4 Jan 2005 15:59:33 >To:MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Why oh Why!! > >Absolutely, > >We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal >execpt The name of the domain needs changing. > >Trusts are enabled migrations have been tested. I just need to make the >second(Future domain name)accepted the forwarded mail from the old >Domain controller/Exchane server. > >All is great but the new 2003 DC/Echane server will not accept the >orwarded mail. > >Getting: no valid recipiets and unable to relay will >talking to > >Is something I'm missing on the new config. > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 16:29:27 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Unfortunately I believe this feature is for incoming email. I need it to not generate a reply back to the sender when it attempts to deliver a queue item to another server that says the user is unknown or doesn't exist. I run a few mailscanners for a bunch of domains, the scanners then use a table in sendmail to redirect all clean domain email to the correct mail server for that domain. Unfortunately this means the server accepts all email for a particular domain name no matter what, and if it scores low enough to not be deleted it is sent to the real mailserver handling that domain email, which in turn refuses the email message, causing the scanner to have to generate and attempt to send an undeliverable email to the sender. I'd like to stop that behavior ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 16:35:25 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:06 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Stevens wrote: >If I can get exchange to accept mail for both names I will be set. I.e. Domain.com and sub.domain.com > >can you point me to the multiple places to configure this? I must have missed something . > > On the Exchange 2003 box: > Start > All Programs > Exchange 2003 > System Manager > > Inside system manager: > Recipients > Recipient Policies > Default Policy (right click to get > properties) > > Add the new domain under Email Addresses (Policy) and enable it to add > the new domain to Exchange. > > Did you try that? It is the only place in Exchange where domains are configurable for the SMTP policy and if you can't find those you're probably not on the right system, don't have sufficient priviledges, etc. SMTP Addresses (per-user) are configurable in user account properties. Start > All Programs > Administrative Tools > Active Directory Users & Computers > Expand default domain, users container, right click on the user and select properties... SMTP stuff is defined on the Email Addresses tab -- you need to create an SMTP address. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 16:40:24 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you ever figure that one out I'd love to know. Currently we do LDAP sync's between remote domains and our sendmail's access file to only accept legitimate addresses and reject all others. For example in your access you can put: To:vlad@mazek.com RELAY .... insert all other valid email addresses here To:mazek.com 550 ExchangeDefender does not allow SPAM. -Vlad Brian Lewis wrote: >Unfortunately I believe this feature is for incoming email. I need it to >not generate a reply back to the sender when it attempts to deliver a >queue item to another server that says the user is unknown or doesn't >exist. > >I run a few mailscanners for a bunch of domains, the scanners then use a >table in sendmail to redirect all clean domain email to the correct mail >server for that domain. Unfortunately this means the server accepts all >email for a particular domain name no matter what, and if it scores low >enough to not be deleted it is sent to the real mailserver handling that >domain email, which in turn refuses the email message, causing the scanner >to have to generate and attempt to send an undeliverable email to the >sender. I'd like to stop that behavior > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KShortt at AZERTY.COM Wed Jan 5 16:44:54 2005 From: KShortt at AZERTY.COM (Shortt, Kevin) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Two options that I know of... 1. I had the same problem and I ended up syncing up my virtualuser table to all servers and routing all email via usertables (not SMARTHOST). If the user does not exist, it will repy with "no such user" immediately. This is done in the virtualusertable with an entry like so.. @domain.com error:nouser No such user This stops all inbound connections to an invalid user during the SMTP connection. No NDR is generated. I have nice clean mailq's. 2. implement milter's and use milter-ahead http://www.milter.info/milter-ahead/index.shtml -k ----Original Message---- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Lewis Sent: Wednesday, January 05, 2005 11:29 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Stop Sendmail from bouncing unknown user? > Unfortunately I believe this feature is for incoming email. I need > it to > not generate a reply back to the sender when it attempts to deliver a > queue item to another server that says the user is unknown or doesn't > exist. > > I run a few mailscanners for a bunch of domains, the scanners then > use a > table in sendmail to redirect all clean domain email to the correct > mail > server for that domain. Unfortunately this means the server accepts > all > email for a particular domain name no matter what, and if it scores > low > enough to not be deleted it is sent to the real mailserver handling > that > domain email, which in turn refuses the email message, causing the > scanner > to have to generate and attempt to send an undeliverable email to the > sender. I'd like to stop that behavior > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 5 17:14:28 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:06 2006 Subject: Update-Questions... Message-ID: Hi there, just updated to the latest MS-Version.. now it said something about installing the bitdefender-update-script as bitdefender-autoupdate.rpmnew.. now my question..should i use this one.. or the old one? Thanks in advance.. btw.. it seems as an update to the latest spamassassin-version now works fine.. but will check that for about one day or so ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 17:09:38 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: Max Children = 10 Yes I count 15 copies of Mailscanner running!! ps -aux root 23359 0.0 1.1 23500 5904 ? S Jan04 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 32081 1.6 6.5 43332 33584 ? S 08:57 0:05 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 32321 3.0 6.5 43168 33312 ? S 08:58 0:09 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 321 2.8 6.5 43188 33440 ? S 09:00 0:05 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 447 9.6 6.5 43184 33432 ? S 09:00 0:15 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 991 2.9 6.1 42656 31544 ? S 09:02 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1038 3.5 6.1 42652 31532 ? S 09:03 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1089 5.2 6.1 42660 31528 ? S 09:03 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1126 8.7 6.2 42652 31580 ? S 09:03 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1531 0.0 6.0 42264 30904 ? S 09:04 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1645 0.0 6.0 42264 30900 ? S 09:05 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1989 0.0 6.5 44668 33112 ? D 09:06 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1995 0.0 6.3 43464 32232 ? S 09:06 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1998 0.0 6.3 43196 32168 ? S 09:06 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 2004 0.0 6.3 43180 32176 ? S 09:07 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan What gives? Is this because the mail queue might have grown larger than the 'Max Normal Queue Size = 800' value? I am seeing this behavior quite often. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 5 17:18:25 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: Hi there, [...] > Max Children = 10 > > Yes I count 15 copies of Mailscanner running!! encountered this problem before.. but only with a version of spamassassin over 3.0.x.. Downgrading to the old 2.64-Version of Spamassassin worked fine.. today i updated to SA3.0.2 and had into the MS-Conf Max Children = 2 and encountered with ps -au | grep Mail 3 instances..but this seems to be ok.. as after MailScanner stop all this processes where gone.. maybe you should downgrade to SA2.64 or try the latest release of SA. Greetings Marcel PS: Posted this question also on this ml..but no answer.. :( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 17:18:18 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Milter looks like a great solution! Not sure about the additional smtp traffic though for the mail servers. Would be nice just to tell Sendmail not to generate a reply if undeliverable! hmmm.... Currently I have created a new mailwatch php script that produces a list for the day of the top 150 servers that spam us, we take that report each day and I put it in Excel as a huge long list, show the ip and the # of spam message sent as well as the date the spam was sent, when I sort by the IP column after 5 days it becomes really clear who the 'repeat' spammers are! So far I blacklist 211 spam servers or spam networks that repeatedly hammer our systems with spam using /etc/mail/access and it gives them a 5.1.1:550 User Unknown error back :) Hopefully they clean their 'lists' up when they think the user doesn't exist anymore. It does stop probably 20,000 spam a day from ever reaching us in the first place which helps a bit. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 5 17:32:02 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Hi there, how about some account cathing all other mails for one domain, if all other users fail? inserted into the virtuser-table *@domain.tld after all other users are inserted.. and put all mails for this mail-account into another generated account.. so all other mails, on which there are no users known for, would land into this account.. at least..that how it works on my system.. search for "Catch all with sendmail" or something like that greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Wed Jan 5 17:26:45 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 17:32:02 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] With the milter the extra traffic would be negligible because it only does a lookup, not the actual message transfer; Its still a bit of an overkill and a waste of time to do these lookups if you already know who you're protecting. There are a lot more efficient ways than what you're doing.. google for Vispan unless you can write your own custom rate limiting code and drop them before they can cause actual damage. 72% (overall) of address book attacks on us come from hosts with no reverse DNS entry while most spam comes from open relay and proxy systems on major us/japan/german ISP's.. -Vlad Brian Lewis wrote: >Milter looks like a great solution! Not sure about the additional smtp >traffic though for the mail servers. > >Would be nice just to tell Sendmail not to generate a reply if >undeliverable! hmmm.... > >Currently I have created a new mailwatch php script that produces a list >for the day of the top 150 servers that spam us, we take that report each >day and I put it in Excel as a huge long list, show the ip and the # of >spam message sent as well as the date the spam was sent, when I sort by >the IP column after 5 days it becomes really clear who the 'repeat' >spammers are! So far I blacklist 211 spam servers or spam networks that >repeatedly hammer our systems with spam using /etc/mail/access and it >gives them a 5.1.1:550 User Unknown error back :) Hopefully they clean >their 'lists' up when they think the user doesn't exist anymore. It does >stop probably 20,000 spam a day from ever reaching us in the first place >which helps a bit. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 17:36:32 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: Yes this only happens on the SA 3.0.2 server, the 2.6.4 servers are just fine! But the 3.0.2 server is more likely to backup at times, causing the queue to get large, and so I am wondering if its in MailScanners nature to go 5 higher than max when the queue size is large? Or if this is just a mailscanner bug. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 18:10:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Lewis wrote: >Yes this only happens on the SA 3.0.2 server, the 2.6.4 servers are just >fine! But the 3.0.2 server is more likely to backup at times, causing the >queue to get large, and so I am wondering if its in MailScanners nature to >go 5 higher than max when the queue size is large? Or if this is just a >mailscanner bug. > > Neither. SpamAssassin forks off sub-processes to do things like razor checks, dns checks wrapped in timeout code, all sorts of reasons. MailScanner itself does the same thing all the time to provide timeout protection. All you are seeing is the consistent child processes + all the subprocesses they fork off temporarily as part of their normal operation. This is all entirely intentional and is very necessary. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KShortt at AZERTY.COM Wed Jan 5 18:13:00 2005 From: KShortt at AZERTY.COM (Shortt, Kevin) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: > search for "Catch all with sendmail" or something like that Put this in your sendmail.mc and rebuild sendmail.cf Be sure to have "unixuser" created on your local unix OS. define(`LUSER_RELAY', `local:unixuser')dnl I used this approach, but you still spend resources scanning and delivering this mail. It can be costly on a system that get's bombarded with spam. -k ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 18:12:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: Update-Questions... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The fact that it installed the new one as .rpmnew indicates that you (accidentally or intentionally) edited the original one. You should use the new one. Marcel Blenkers wrote: >Hi there, > >just updated to the latest MS-Version.. > >now it said something about installing the bitdefender-update-script as >bitdefender-autoupdate.rpmnew.. > >now my question..should i use this one.. > >or the old one? > >Thanks in advance.. > >btw.. > >it seems as an update to the latest spamassassin-version now works fine.. > >but will check that for about one day or so ;) > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Jan 5 18:16:43 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Lewis wrote: > Max Children = 10 > > Yes I count 15 copies of Mailscanner running!! > ps -aux Do you always have 15 with the same PID numbers? I don't see anything unnormal to have a few more MailScanner processes and they aren't really children either. Look here: # ps -ef | grep Mail UID PID PPID C STIME TTY TIME CMD root 13956 1 0 Nov 17 ? 0:03 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 5620 13956 0 17:15:09 ? 0:20 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 3826 13956 0 17:06:09 ? 0:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 10387 13956 0 17:47:06 ? 0:16 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 4403 13956 0 17:09:30 ? 0:25 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 5130 13956 1 17:13:11 ? 0:28 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 19577 5130 0 19:09:52 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail I have 5 children set in MailScanner.conf. Process 13956 (spawned by init) is the parent, then there's 5 children spawned by 13956 (5620, 3826, 10387, 4403 and 5130). Last is 19577 which is spawned by 5130 to do some job, it will go away as soon as it finishes. You could very well have 10 real children, 1 parent and 4 temporary processes which amount to the 15 you see. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Wed Jan 5 18:44:18 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:28:06 2006 Subject: OT: what POP server code do you use? Message-ID: Another vote for dovecot. Great product. I've only been using linux and mailscanner for a few months now, was able to get dovecot up and running with a minimun of pain. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Avery Day > Sent: Tuesday, January 04, 2005 9:57 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: what POP server code do you use? > > > I second dovecot. I have been using it with Maildir for a > year now. Easy, real easy to get working. Its IMAP functions > are really nice too. > > Schrock > > > Take a look at Dovecot. Development on it is very active > and its very > > flexible. > > > > -Vlad > > > >>> > >>> We have been using Qualcomm's qpopper here for ages. I'm > trying to > >>> get TLS/SSL working with it and the documentation is > weak. I'm just > >>> wondering what others use for open-source POP servers out there. > >>> Suggestions for good secure documented code, please... > >> > >> > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------------------------------------- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > > ------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Wed Jan 5 19:04:03 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:06 2006 Subject: Mailwatch question Message-ID: I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ..pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chardlist at CHARD.NET Wed Jan 5 20:50:19 2005 From: chardlist at CHARD.NET (Brendan Chard) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: I have a client that has to begin archiving all of their inbound and outbound e-mail with a 3rd party archiving company to be compliant with certain regulations for their industry. I already have MS up and running. Is there a way, using mailscanner and it's fancy rules that I can automatically route a copy of every inbound and outbound e-mail to another e-mail address? Any tips on how are of course appreciated. -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 20:55:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Non Spam Actions = deliver forward archive@this.address.com Spam Actions = deliver forward archive@this.address.com High Scoring Spam Actions = deliver forward archive@this.address.com Brendan Chard wrote: >I have a client that has to begin archiving all of their inbound and >outbound e-mail with a 3rd party archiving company to be compliant with >certain regulations for their industry. > >I already have MS up and running. Is there a way, using mailscanner and it's >fancy rules that I can automatically route a copy of every inbound and >outbound e-mail to another e-mail address? > >Any tips on how are of course appreciated. > >-Brendan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Wed Jan 5 21:03:48 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Or you could use the archive ruleset like this? From: *@company.com archive@this.address.com To: *@company.com archive@this.address.com I have experienced problems in the past with Spam and Non Spam Action entries in mailscanner.conf where messages are not treated as expected. Ryan Julian Field wrote: > Non Spam Actions = deliver forward archive@this.address.com > Spam Actions = deliver forward archive@this.address.com > High Scoring Spam Actions = deliver forward archive@this.address.com > > > Brendan Chard wrote: > >> I have a client that has to begin archiving all of their inbound and >> outbound e-mail with a 3rd party archiving company to be compliant with >> certain regulations for their industry. >> >> I already have MS up and running. Is there a way, using mailscanner >> and it's >> fancy rules that I can automatically route a copy of every inbound and >> outbound e-mail to another e-mail address? >> >> Any tips on how are of course appreciated. >> >> -Brendan >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Wed Jan 5 21:21:05 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am searching the archives now, but searching for mail and queue on an email server list .... lots of messages. Any one else have the problem where thousands ( 40,000 currently ) of messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I can do to push them through or troubleshoot? RedHat 9.0 Sendmail ClamAV 0.8 MailScanner 4.35.11 Thanks in advance, Carl Andrews ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jan 5 21:34:48 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: Archive, as the comment before the option indicates, is to archive in "mbox" format. You could use: FromOrTo: *@company.com /home/whatever/companyarchive.mbox And then export that on a regular basis, lest your hard drive fill up. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ryan Pitt Sent: Wednesday, January 05, 2005 4:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Route copies of in/out bound e-mails Or you could use the archive ruleset like this? From: *@company.com archive@this.address.com To: *@company.com archive@this.address.com I have experienced problems in the past with Spam and Non Spam Action entries in mailscanner.conf where messages are not treated as expected. Ryan Julian Field wrote: > Non Spam Actions = deliver forward archive@this.address.com Spam > Actions = deliver forward archive@this.address.com High Scoring Spam > Actions = deliver forward archive@this.address.com > > > Brendan Chard wrote: > >> I have a client that has to begin archiving all of their inbound and >> outbound e-mail with a 3rd party archiving company to be compliant >> with certain regulations for their industry. >> >> I already have MS up and running. Is there a way, using mailscanner >> and it's fancy rules that I can automatically route a copy of every >> inbound and outbound e-mail to another e-mail address? >> >> Any tips on how are of course appreciated. >> >> -Brendan >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 21:56:43 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: Try bumping your MAX CHILDREN to 10 from 5 in mailscanner.conf then service MailScanner restart Then ps -aux and cancel the PID that is for sendmail incoming so that no new email can arrive Now tail -f /var/log/maillog or wherever you have it and watch to see if your system is scanning. You might have been hit hard with an smtp DoS attack of some sort, or your DNS server stopped working that you use in /etc/resolv.conf We had issues where we queried our upstream providers dns server so much that they would BLOCK any queries from our scanners! Nslookup wouldn't work from the scanners! So we setup a separate box running dnscache/rbldnsd and point our mailscanner servers to use that dedicated box for name resolution in /etc/resolv.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 5 22:10:01 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: Hi! > I am searching the archives now, but searching for mail and queue on an > email server list .... lots of messages. > > Any one else have the problem where thousands ( 40,000 currently ) of > messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I can > do to push them through or troubleshoot? > > RedHat 9.0 > Sendmail > ClamAV 0.8 > MailScanner 4.35.11 What are you seeing? It might be wise to upgrade to the last stabil version. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Jan 5 22:34:51 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: On Wed, 5 Jan 2005, Andrews Carl 448 wrote: > I am searching the archives now, but searching for mail and queue on an > email server list .... lots of messages. > > Any one else have the problem where thousands ( 40,000 currently ) of > messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I can > do to push them through or troubleshoot? I have one running 4.36.4 that is up to 72,000 in mqueue.in right now. I don't know what happened, it has been keeping up the last week or so. I did bump my 'max children' to 10 about a week ago and that helped it, but something has gone haywire today. I just shutdown inbound sendmail while I look at it. This box is 2 ghz pentium, 1 gb RAM, 80 gb hard drive. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Wed Jan 5 23:06:19 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Joe Smith > Sent: Wednesday, January 05, 2005 5:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Large number of messages in mqueue.in > > On Wed, 5 Jan 2005, Andrews Carl 448 wrote: > > > I am searching the archives now, but searching for mail and queue on an > > email server list .... lots of messages. > > > > Any one else have the problem where thousands ( 40,000 currently ) of > > messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I > can > > do to push them through or troubleshoot? > > I have one running 4.36.4 that is up to 72,000 in mqueue.in right now. I > don't know what happened, it has been keeping up the last week or so. I > did bump my 'max children' to 10 about a week ago and that helped it, but > something has gone haywire today. I just shutdown inbound sendmail while > I look at it. > > This box is 2 ghz pentium, 1 gb RAM, 80 gb hard drive. > What happens when you: Stop MailScanner in MailScanner.conf set: Debug = yed Debug SpamAssassin = yes\ restart MailScanner This should process one batch of Messages with the log output redirected to the screen. Since both MailScanners went left about the same time I'd suspect a local infrastructure problem like slow network or DNS problem. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 23:10:41 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:06 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As replied on theother list.... Red for blocked content, pink for spam (darker for High Scoring)... You'll note the difference:-). As I said, even a severely colorblind person like me have no problem with that:-). If you like to have reports on each type, you'll just have to select a relevant subset of limits. Again, it's pretty straightforward. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: on 2005-01-05 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Mailwatch question I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ..pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at gmail.com Wed Jan 5 23:46:34 2005 From: vachanta at gmail.com (Venkata Achanta) Date: Thu Jan 12 21:28:06 2006 Subject: OT - setting up mailertable Message-ID: Greeting all, we have multiple exchange servers at our site and i am trying to build some redundacy/fault tolerance into the system, i mean if one exchange goes down for some reason mail should be routed to the another available server and the only place i see it is using the mailertable. Linux box running MS is our favourite E-mail gateway thats by default ;-) /etc/mail/mailertable xyz.com esmtp:[1.1.1.1] xyz.com esmtp:[2.2.2.2] xyz.com esmtp:[3.3.3.3] xyz.com esmtp:[4.4.4.4] xyz.com esmtp:[5.5.5.5] but i am getting the following error makemap: /etc/mail/mailertable: line2: key xyz.com: duplicate key I googled around and found nothing useful regarding this,thought i could find some advice. Please advice Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Jan 5 23:53:58 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: On Wed, 5 Jan 2005, Steve Swaney wrote: > This should process one batch of Messages with the log output redirected to > the screen. > > Since both MailScanners went left about the same time I'd suspect a local > infrastructure problem like slow network or DNS problem. Thanks, I did find one of our DNS servers on the fritz. I also did a little tweaking on the SA config so it doesn't look for DCC or Pyzor because they are not installed. We are just running Razor2. Also doing RBL's from SA because I want to score them. I have trimmed back some of the larger SA rulesets as well, we need to get the mail flowing. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From SJCJonker at SJC.NL Thu Jan 6 00:09:33 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:28:06 2006 Subject: OT - setting up mailertable Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Venkata, Venkata Achanta said the following on 06-Jan-05 0:46: > Greeting all, > > we have multiple exchange servers at our site and i am trying to build some > redundacy/fault tolerance into the system, i mean if one exchange goes down > > /etc/mail/mailertable > > xyz.com esmtp:[1.1.1.1] > xyz.com esmtp:[2.2.2.2] > xyz.com esmtp:[3.3.3.3] > xyz.com esmtp:[4.4.4.4] > xyz.com esmtp:[5.5.5.5] > Just a wild guess, and the top of my head, the [1.1.1.1] means don't lookup the MX for the record. What if you create and dns alias: smtp-final. pointing to 1.1.1.1, 2.2.2.2, 3.3.3.3 etc then put in mailertable xyz.com esmtp:[smtp-final.] Maybe that works? Styijn -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Thu Jan 6 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:07 2006 Subject: OT - setting up mailertable Message-ID: I'm not certain you are going to be able to do it like that. For a situation such as yours, IMHO, a dedicated load balancer or just making sure all your exchange servers have the same mx priority in your dns zonefile would be best. Errol -----Original Message----- From: Venkata Achanta Date: Wed, 5 Jan 2005 23:46:34 To:MAILSCANNER@JISCMAIL.AC.UK Subject: OT - setting up mailertable Greeting all, we have multiple exchange servers at our site and i am trying to build some redundacy/fault tolerance into the system, i mean if one exchange goes down for some reason mail should be routed to the another available server and the only place i see it is using the mailertable. Linux box running MS is our favourite E-mail gateway thats by default ;-) /etc/mail/mailertable xyz.com esmtp:[1.1.1.1] xyz.com esmtp:[2.2.2.2] xyz.com esmtp:[3.3.3.3] xyz.com esmtp:[4.4.4.4] xyz.com esmtp:[5.5.5.5] but i am getting the following error makemap: /etc/mail/mailertable: line2: key xyz.com: duplicate key I googled around and found nothing useful regarding this,thought i could find some advice. Please advice Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Jan 6 00:11:38 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:07 2006 Subject: LDAP and beyond ......possibly a new Mailscanner feature request Message-ID: We have successfully implemented "Making sendmail only accept mail to genuine Exchange users" in our environment,Thanks Kevin. http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html However i feel that we are not completely gaining advantage just by doing this. But the spammer is gaining knowledge of what the valid address list is just by doing a dictionary attack on the SMTP server i.e We are answering to the spammers questions and finally making him knowledgeble about the valid users,so that he can more effectively spam. Is there a way to stop giving out these messages back from sendmail/MTA side and also can we blacklist the spammers IP (just like what vispan does)? Can this functionality be included in the Mailscanner if the MTA cant do it i.e Instead of kicking back accept the message and track the ip/domain of the spammer and blacklist it for a timeframe. PERM_FAILURE: SMTP Error (state 10): 550 5.0.0 ...User unknown Any sugggestions/ideas ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu Jan 6 00:44:22 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:07 2006 Subject: LDAP and beyond ......possibly a new Mailscanner feature request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can hack Vispan (probably be faster to write your own snippet) to parse the maillog and look for a pattern of dictionary attacks coming from the same IP address (just scan for the maillog for the error code you are issuing "user unknown") . You _should not_ be giving out more than 3 failures a day to a server with no PTR record -- They should be immediately moved to a firewall rule and blocked from contacting the server completely. Not just because you want to keep the dictionary attacks off the server but because these "servers" are usually 0wn3d boxes that will launch random attacks on your network sooner or later. This is a bit beyond the scope of what MailScanner does as the content scanner; These kinds of plugins are best left for independant third-party utilities that you should customize for your environment. -Vlad Venkata Achanta wrote: >We have successfully implemented "Making sendmail only accept mail to >genuine Exchange users" in our environment,Thanks Kevin. > >http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html > >However i feel that we are not completely gaining advantage just by doing >this. > >But the spammer is gaining knowledge of what the valid address list is just >by doing a dictionary attack on the SMTP server i.e We are answering to the >spammers questions and finally making him knowledgeble about the valid >users,so that he can more effectively spam. > >Is there a way to stop giving out these messages back from sendmail/MTA >side and also can we blacklist the spammers IP (just like what vispan >does)? > >Can this functionality be included in the Mailscanner if the MTA cant do it >i.e Instead of kicking back accept the message and track the ip/domain of >the spammer and blacklist it for a timeframe. > >PERM_FAILURE: SMTP Error (state 10): 550 5.0.0 ...User >unknown > >Any sugggestions/ideas ? > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Stephane.Lentz at ANSF.ALCATEL.FR Thu Jan 6 01:02:24 2005 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:28:07 2006 Subject: OT - setting up mailertable Message-ID: On Wed, Jan 05, 2005 at 11:46:34PM +0000, Venkata Achanta wrote: > Greeting all, > > we have multiple exchange servers at our site and i am trying to build some > redundacy/fault tolerance into the system, i mean if one exchange goes down > for some reason mail should be routed to the another available server and > the only place i see it is using the mailertable. Linux box running MS is > our favourite E-mail gateway thats by default ;-) > > /etc/mail/mailertable > > xyz.com esmtp:[1.1.1.1] > xyz.com esmtp:[2.2.2.2] > xyz.com esmtp:[3.3.3.3] > xyz.com esmtp:[4.4.4.4] > xyz.com esmtp:[5.5.5.5] > > but i am getting the following error > makemap: /etc/mail/mailertable: line2: key xyz.com: duplicate key > > I googled around and found nothing useful regarding this,thought i could > find some advice. > Correct syntax is : xyz.com esmtp:[1.1.1.1]:[2.2.2.2]:[3.3.3.3]:[4.4.4.4]:[5.5.5.5] SL/ --- Stephane Lentz Alcatel ICT Services ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Thu Jan 6 06:15:18 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:28:07 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Powerquest products are now owned by Symantec, including Partion Magic and DriveImage. The latest Ghost9 will restore images from All versions of Ghost (a new concept for them) as well as DriveImage images. The beauty of Ghost8 corporate is that you can fire up a ghostcast server on any windows workstation or server, boot your linux box from a bootable cd or floppy with the NDIS2 drivers for it's NIC and image the linux box to your ghostcast server, then put a big new drive in the linux box in place of the original, boot it back up off of your CD or floppy set and restore your image to it with the options of resizing the original partitions to whatever new sizes you like on the new larger drive. The process is very very fast over 100mbit. Or you can simply stick another drive on the box, boot from your CD or floppies and image the original drive to the new drive with the same options of resizing your partitions. Both ways work for me 100% of the time. For those of you running 3ware IDE raid, the array needs no dos drivers to work with ghost, a huge bonus. While this is not a free open source solution, it is IMHO an extremely viable, and rapid solution. SCSI dos drivers are available for many controllers as well and is an equally effective method as the IDE imaging. Any any event, a backup of the source drive is not necessary because data is only read from the source and never is the source drive written to. A typical Linux server ghost process will complete at the rate of around 500MB/min. 15GB of used storage = 30 minutes downtime for entire process. Perfect for a short maintenance window. Here is a link to their product features: http://www.symantec.com/region/reg_eu/product/ng_features.html Tracy ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Tuesday, January 04, 2005 7:55 AM Subject: Re: spam: Re: Mail Server problems > Tracy Greggs wrote: > > Another great option IMHO is Norton Ghost. I use Corporate version 8, Works > > perfectly on every linux distro that I have used it on, including Fedora. > > Snag a big drive, ghost it over and change your partitions to the sizes you > > want and you are good to go. Ghost will image an ATA IDE drive at around > > 500mb/min in my experience. The downtime is very minimal. > > If you're talking commercial, my first tought is Partition Magic. Of > course, better make a backup before. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From moacyrs at AKADNYX.COM.BR Thu Jan 6 11:50:12 2005 From: moacyrs at AKADNYX.COM.BR (Moacyr Leite da Silva) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Folks, I Received an email yesterday with the following lines, all headers are in the bottom of email. > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > Seens to me that some worm is trying to cheat MailScanner users, I dont have signature in my MailScanner configurations. Someone have this one also!? Thanks Moacyr Leite da Silva www.akadnyx.com.br ----- Original Message ----- From: To: Sent: Wednesday, January 05, 2005 2:48 AM Subject: {Filename?} Oh God it's > Warning: Esta mensagem continha anexos que foram removidos > Warning: (thats_hard.9727.scr). > Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores informações. > > I was surprised, too! > Who_could_suspect_something_like_that? shityiiiii > > > > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); Wed, 5 Jan 2005 03:22:40 -0200 Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za [165.146.30.87]) by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 for ; Wed, 5 Jan 2005 03:16:08 -0200 From: slamm@netscape.com To: moacyrs@akadnyx.com.br Date: Wed, 05 Jan 2005 04:48:44 GMT Subject: {Filename?} Oh God it's Importance: Normal X-Priority: 3 (Normal) X-MSMail-Priority: Normal Message-ID: <72eea045191f.d880@netscape.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" Content-Transfer-Encoding: 7bit X-AKADNYX-MailScanner-Information: Please contact the ISP for more information X-AKADNYX-MailScanner: Found to be infected X-AKADNYX-MailScanner-SpamCheck: não spam, SpamAssassin (escore=-1.395, requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) X-MailScanner-From: slamm@netscape.com Return-Path: slamm@netscape.com X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) FILETIME=[93CE0990:01C4F2E6] This is a multi-part message in MIME format. --===a2d635d06.48886b1bbe8731095 Warning: Esta mensagem continha anexos que foram removidos Warning: (thats_hard.9727.scr). Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores informações. I was surprised, too! Who_could_suspect_something_like_that? shityiiiii *-*-* Mail_Scanner: No Virus *-*-* AKADNYX.COM- Anti_Virus Service *-*-* http://www.akadnyx.com.br --===a2d635d06.48886b1bbe8731095 Content-Type: text/plain; charset="us-ascii"; name="AKADNYX-Attachment-Warning.txt" Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" Content-Transfer-Encoding: quoted-printable Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus ---------------------------------------------------------------------- O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de a= rquivo, e foi substitu=EDdo por esta mensagem de aviso no e-mail. Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique armazenada. Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: Windows Screensavers are often used to hide viruses (thats_hard.9727.scr) No programs allowed (thats_hard.9727.scr) --=20 Postmaster --===a2d635d06.48886b1bbe8731095-- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 6 12:04:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There was a worm that came out about 2 years ago which did something similar, hence the 'company' name being added the the headers to make this a little more unique. BUT personally I never trust the headers and not virus scan base on that info. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Moacyr Leite da Silva wrote: > Hi Folks, > > I Received an email yesterday with the following lines, all headers are in > the bottom of email. > > >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > Seens to me that some worm is trying to cheat MailScanner users, I dont have > signature in my MailScanner configurations. > Someone have this one also!? > > > Thanks > Moacyr Leite da Silva > www.akadnyx.com.br > > > > > ----- Original Message ----- > From: > To: > Sent: Wednesday, January 05, 2005 2:48 AM > Subject: {Filename?} Oh God it's > > > >>Warning: Esta mensagem continha anexos que foram removidos >>Warning: (thats_hard.9727.scr). >>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > > informações. > >>I was surprised, too! >>Who_could_suspect_something_like_that? shityiiiii >> >> >> >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > > Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by > w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 5 Jan 2005 03:22:40 -0200 > Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za > [165.146.30.87]) > by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 > for ; Wed, 5 Jan 2005 03:16:08 -0200 > From: slamm@netscape.com > To: moacyrs@akadnyx.com.br > Date: Wed, 05 Jan 2005 04:48:44 GMT > Subject: {Filename?} Oh God it's > Importance: Normal > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Message-ID: <72eea045191f.d880@netscape.com> > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" > Content-Transfer-Encoding: 7bit > X-AKADNYX-MailScanner-Information: Please contact the ISP for more > information > X-AKADNYX-MailScanner: Found to be infected > X-AKADNYX-MailScanner-SpamCheck: não spam, SpamAssassin (escore=-1.395, > requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, > PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) > X-MailScanner-From: slamm@netscape.com > Return-Path: slamm@netscape.com > X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) > FILETIME=[93CE0990:01C4F2E6] > > This is a multi-part message in MIME format. > > --===a2d635d06.48886b1bbe8731095 > > Warning: Esta mensagem continha anexos que foram removidos > Warning: (thats_hard.9727.scr). > Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > informações. > > I was surprised, too! > Who_could_suspect_something_like_that? shityiiiii > > > > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > > --===a2d635d06.48886b1bbe8731095 > Content-Type: text/plain; > charset="us-ascii"; > name="AKADNYX-Attachment-Warning.txt" > Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" > Content-Transfer-Encoding: quoted-printable > > Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus > ---------------------------------------------------------------------- > O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de a= > rquivo, > e foi substitu=EDdo por esta mensagem de aviso no e-mail. > > Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique > armazenada. > > Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: > Windows Screensavers are often used to hide viruses (thats_hard.9727.scr) > No programs allowed (thats_hard.9727.scr) > > --=20 > Postmaster > > --===a2d635d06.48886b1bbe8731095-- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Stephane.Lentz at ANSF.ALCATEL.FR Thu Jan 6 12:18:16 2005 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: On Thu, Jan 06, 2005 at 09:50:12AM -0200, Moacyr Leite da Silva wrote: > Hi Folks, > > I Received an email yesterday with the following lines, all headers are in > the bottom of email. > > > *-*-* Mail_Scanner: No Virus > > *-*-* AKADNYX.COM- Anti_Virus Service > > *-*-* http://www.akadnyx.com.br > > > > Seens to me that some worm is trying to cheat MailScanner users, I dont have > signature in my MailScanner configurations. > Someone have this one also!? > > It's not directed specifically to Mailscanner users. The worm is Sober.I and it's from the past year ... http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoDirectly&fid=1975 http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html SL/ --- Stephane Lentz Alcatel ICT Services ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jan 6 12:19:18 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Moacyr Leite da Silva wrote: >> Seens to me that some worm is trying to cheat MailScanner users, I dont >> have >> signature in my MailScanner configurations. No the virus was removed. I'm not a Spanish (Or Brazillian!) speaker so I can't tell you what it says but I see a Mailscanner warning message in the headers. >> >> Warning: Esta mensagem continha anexos que foram removidos >> Warning: (thats_hard.9727.scr). >> Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >> informações. >> >> I was surprised, too! >> Who_could_suspect_something_like_that? shityiiiii >> >> >> >> *-*-* Mail_Scanner: No Virus >> *-*-* AKADNYX.COM- Anti_Virus Service >> *-*-* http://www.akadnyx.com.br >> >> --===a2d635d06.48886b1bbe8731095 >> Content-Type: text/plain; >> charset="us-ascii"; >> name="AKADNYX-Attachment-Warning.txt" >> Content-Disposition: attachment; >> filename="AKADNYX-Attachment-Warning.txt" >> Content-Transfer-Encoding: quoted-printable >> >> Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus >> ---------------------------------------------------------------------- >> O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos >> de a> rquivo, >> e foi substitu=EDdo por esta mensagem de aviso no e-mail. >> >> Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique >> armazenada. >> >> Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: >> Windows Screensavers are often used to hide viruses >> (thats_hard.9727.scr) >> No programs allowed (thats_hard.9727.scr) >> >> --=20 >> Postmaster I agree that your AV seems not to have found a virus but MS has removed the attachment anyway. Perhaps the attachment was broken... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From moacyrs at AKADNYX.COM.BR Thu Jan 6 12:22:40 2005 From: moacyrs at AKADNYX.COM.BR (Moacyr Leite da Silva) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, I agree and I was only concerned that it is a kind of "Social Engineering", in this case filename rules blocked the offending file. Thanks Moacyr ----- Original Message ----- From: "Martin Hepworth" To: Sent: Thursday, January 06, 2005 10:04 AM Subject: Re: Some Worm is trying to cheat MailScanner users ?! There was a worm that came out about 2 years ago which did something similar, hence the 'company' name being added the the headers to make this a little more unique. BUT personally I never trust the headers and not virus scan base on that info. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Moacyr Leite da Silva wrote: > Hi Folks, > > I Received an email yesterday with the following lines, all headers are in > the bottom of email. > > >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > Seens to me that some worm is trying to cheat MailScanner users, I dont have > signature in my MailScanner configurations. > Someone have this one also!? > > > Thanks > Moacyr Leite da Silva > www.akadnyx.com.br > > > > > ----- Original Message ----- > From: > To: > Sent: Wednesday, January 05, 2005 2:48 AM > Subject: {Filename?} Oh God it's > > > >>Warning: Esta mensagem continha anexos que foram removidos >>Warning: (thats_hard.9727.scr). >>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > > informações. > >>I was surprised, too! >>Who_could_suspect_something_like_that? shityiiiii >> >> >> >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > > Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by > w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 5 Jan 2005 03:22:40 -0200 > Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za > [165.146.30.87]) > by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 > for ; Wed, 5 Jan 2005 03:16:08 -0200 > From: slamm@netscape.com > To: moacyrs@akadnyx.com.br > Date: Wed, 05 Jan 2005 04:48:44 GMT > Subject: {Filename?} Oh God it's > Importance: Normal > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Message-ID: <72eea045191f.d880@netscape.com> > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" > Content-Transfer-Encoding: 7bit > X-AKADNYX-MailScanner-Information: Please contact the ISP for more > information > X-AKADNYX-MailScanner: Found to be infected > X-AKADNYX-MailScanner-SpamCheck: não spam, SpamAssassin (escore=-1.395, > requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, > PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) > X-MailScanner-From: slamm@netscape.com > Return-Path: slamm@netscape.com > X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) > FILETIME=[93CE0990:01C4F2E6] > > This is a multi-part message in MIME format. > > --===a2d635d06.48886b1bbe8731095 > > Warning: Esta mensagem continha anexos que foram removidos > Warning: (thats_hard.9727.scr). > Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > informações. > > I was surprised, too! > Who_could_suspect_something_like_that? shityiiiii > > > > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > > --===a2d635d06.48886b1bbe8731095 > Content-Type: text/plain; > charset="us-ascii"; > name="AKADNYX-Attachment-Warning.txt" > Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" > Content-Transfer-Encoding: quoted-printable > > Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus > ---------------------------------------------------------------------- > O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de a= > rquivo, > e foi substitu=EDdo por esta mensagem de aviso no e-mail. > > Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique > armazenada. > > Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: > Windows Screensavers are often used to hide viruses (thats_hard.9727.scr) > No programs allowed (thats_hard.9727.scr) > > --=20 > Postmaster > > --===a2d635d06.48886b1bbe8731095-- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From moacyrs at AKADNYX.COM.BR Thu Jan 6 12:25:33 2005 From: moacyrs at AKADNYX.COM.BR (Moacyr Leite da Silva) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brazilian ;-) Yes, the filename rules blocked the .scr file I sent the email FYI because didnt have information about this kind of worm until yesterday. And was concerned that this can lead someone to open some attachments. Thanks Moacyr ----- Original Message ----- From: "Drew Marshall" To: Sent: Thursday, January 06, 2005 10:19 AM Subject: Re: Some Worm is trying to cheat MailScanner users ?! Moacyr Leite da Silva wrote: >> Seens to me that some worm is trying to cheat MailScanner users, I dont >> have >> signature in my MailScanner configurations. No the virus was removed. I'm not a Spanish (Or Brazillian!) speaker so I can't tell you what it says but I see a Mailscanner warning message in the headers. >> >> Warning: Esta mensagem continha anexos que foram removidos >> Warning: (thats_hard.9727.scr). >> Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >> informações. >> >> I was surprised, too! >> Who_could_suspect_something_like_that? shityiiiii >> >> >> >> *-*-* Mail_Scanner: No Virus >> *-*-* AKADNYX.COM- Anti_Virus Service >> *-*-* http://www.akadnyx.com.br >> >> --===a2d635d06.48886b1bbe8731095 >> Content-Type: text/plain; >> charset="us-ascii"; >> name="AKADNYX-Attachment-Warning.txt" >> Content-Disposition: attachment; >> filename="AKADNYX-Attachment-Warning.txt" >> Content-Transfer-Encoding: quoted-printable >> >> Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus >> ---------------------------------------------------------------------- >> O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos >> de a> rquivo, >> e foi substitu=EDdo por esta mensagem de aviso no e-mail. >> >> Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique >> armazenada. >> >> Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: >> Windows Screensavers are often used to hide viruses >> (thats_hard.9727.scr) >> No programs allowed (thats_hard.9727.scr) >> >> --=20 >> Postmaster I agree that your AV seems not to have found a virus but MS has removed the attachment anyway. Perhaps the attachment was broken... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 6 12:27:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mocyr any anti-virus scanners should have triggered as well...of it's sober-i then its a few weeks old. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Moacyr Leite da Silva wrote: > Martin, > > I agree and I was only concerned that it is a kind of "Social Engineering", > in this case filename rules blocked the offending file. > > Thanks > > Moacyr > > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Thursday, January 06, 2005 10:04 AM > Subject: Re: Some Worm is trying to cheat MailScanner users ?! > > > There was a worm that came out about 2 years ago which did something > similar, hence the 'company' name being added the the headers to make > this a little more unique. > > BUT personally I never trust the headers and not virus scan base on that > info. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Moacyr Leite da Silva wrote: > >>Hi Folks, >> >>I Received an email yesterday with the following lines, all headers are in >>the bottom of email. >> >> >> >>>*-*-* Mail_Scanner: No Virus >>>*-*-* AKADNYX.COM- Anti_Virus Service >>>*-*-* http://www.akadnyx.com.br >>> >> >> >>Seens to me that some worm is trying to cheat MailScanner users, I dont > > have > >>signature in my MailScanner configurations. >>Someone have this one also!? >> >> >>Thanks >>Moacyr Leite da Silva >>www.akadnyx.com.br >> >> >> >> >>----- Original Message ----- >>From: >>To: >>Sent: Wednesday, January 05, 2005 2:48 AM >>Subject: {Filename?} Oh God it's >> >> >> >> >>>Warning: Esta mensagem continha anexos que foram removidos >>>Warning: (thats_hard.9727.scr). >>>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >> >>informações. >> >> >>>I was surprised, too! >>>Who_could_suspect_something_like_that? shityiiiii >>> >>> >>> >>>*-*-* Mail_Scanner: No Virus >>>*-*-* AKADNYX.COM- Anti_Virus Service >>>*-*-* http://www.akadnyx.com.br >>> >> >> >> >>Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by >>w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); >> Wed, 5 Jan 2005 03:22:40 -0200 >>Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za >>[165.146.30.87]) >> by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 >> for ; Wed, 5 Jan 2005 03:16:08 -0200 >>From: slamm@netscape.com >>To: moacyrs@akadnyx.com.br >>Date: Wed, 05 Jan 2005 04:48:44 GMT >>Subject: {Filename?} Oh God it's >>Importance: Normal >>X-Priority: 3 (Normal) >>X-MSMail-Priority: Normal >>Message-ID: <72eea045191f.d880@netscape.com> >>MIME-Version: 1.0 >>Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" >>Content-Transfer-Encoding: 7bit >>X-AKADNYX-MailScanner-Information: Please contact the ISP for more >>information >>X-AKADNYX-MailScanner: Found to be infected >>X-AKADNYX-MailScanner-SpamCheck: não spam, SpamAssassin (escore=-1.395, >> requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, >> PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) >>X-MailScanner-From: slamm@netscape.com >>Return-Path: slamm@netscape.com >>X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) >>FILETIME=[93CE0990:01C4F2E6] >> >>This is a multi-part message in MIME format. >> >>--===a2d635d06.48886b1bbe8731095 >> >>Warning: Esta mensagem continha anexos que foram removidos >>Warning: (thats_hard.9727.scr). >>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >>informações. >> >>I was surprised, too! >>Who_could_suspect_something_like_that? shityiiiii >> >> >> >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> >>--===a2d635d06.48886b1bbe8731095 >>Content-Type: text/plain; >> charset="us-ascii"; >> name="AKADNYX-Attachment-Warning.txt" >>Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" >>Content-Transfer-Encoding: quoted-printable >> >>Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus >>---------------------------------------------------------------------- >>O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de > > a= > >>rquivo, >>e foi substitu=EDdo por esta mensagem de aviso no e-mail. >> >>Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique >>armazenada. >> >>Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: >> Windows Screensavers are often used to hide viruses > > (thats_hard.9727.scr) > >> No programs allowed (thats_hard.9727.scr) >> >>--=20 >>Postmaster >> >>--===a2d635d06.48886b1bbe8731095-- >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Thu Jan 6 12:33:24 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:28:07 2006 Subject: Virus Scanning: Denial Of Service attack detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I am using, Redhat, sendmail 8.13.1, MS 4.37.7-1, clamav 0.80 and SA 3.0.2 Lately I see the following line in /var/log/maillog Jan 4 03:18:07 blr MailScanner[21701]: Virus Scanning: Denial Of Service attack detected! Is there something I need to do to protect my system? regards, -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jan 6 13:09:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, January 6, 2005 12:25, Moacyr Leite da Silva said: > Brazilian ;-) :-) And I must learn to type (Or read what I type!) > > Yes, the filename rules blocked the .scr file > > I sent the email FYI because didnt have information about this kind of > worm > until yesterday. And was concerned that this can lead someone to open some > attachments. So I realised when I read your replies. Again I must learn to type faster and read more ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jan 6 13:33:47 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:07 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > James Stevens wrote: > >> If I can get exchange to accept mail for both names I will be set. >> I.e. Domain.com and sub.domain.com >> >> can you point me to the multiple places to configure this? I must have >> missed something . >> >> On the Exchange 2003 box: >> Start > All Programs > Exchange 2003 > System Manager >> >> Inside system manager: >> Recipients > Recipient Policies > Default Policy (right click to get >> properties) >> >> Add the new domain under Email Addresses (Policy) and enable it to add >> the new domain to Exchange. >> >> > > Did you try that? It is the only place in Exchange where domains are > configurable for the SMTP policy and if you can't find those you're > probably not on the right system, don't have sufficient priviledges, etc. > > SMTP Addresses (per-user) are configurable in user account properties. > Start > All Programs > Administrative Tools > Active Directory Users & > Computers > Expand default domain, users container, right click on the > user and select properties... SMTP stuff is defined on the Email > Addresses tab -- you need to create an SMTP address. > There is something I found out about Exchange (2000). Whenever I add a domain, I have to restart the whole server to make it work. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu Jan 6 14:32:24 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Glenn. I know they are a different color, and I know they show at the top right when looking at the current (daily) stats. But what I"m looking for is 'in the month of December, XXXX emails were blocked due to file attachment'. Better yet, since we service multiple domain names, add ' .....blocked due to file attachment when destined for abc123.com ' I assume I will have to do my own custom report for that? Even when filtering for December; it will show emails/spam/virus per day, per month, etc..but it doesn't seem that blocked are included. Unless I'm crazy (which very well could be :) Matt >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> As replied on theother list.... Red for blocked content, pink for spam (darker for High Scoring)... You'll note the difference:-). As I said, even a severely colorblind person like me have no problem with that:-). If you like to have reports on each type, you'll just have to select a relevant subset of limits. Again, it's pretty straightforward. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: on 2005-01-05 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Mailwatch question I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ..pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bhuff at COLLTECH.COM Thu Jan 6 15:02:24 2005 From: bhuff at COLLTECH.COM (Bill Huff) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt, mailwatch does indeed capture the difference, however there is not a 'provided' interface to view it. It is all in the DB however, and a custom report is trivial to create based on the way that the mailwatch reporting system is designed. In your mailwatch database is a table called maillog. In the maillog table there are columns to track if a given message is spam, if it is high scoring spam, if it is virus infected or if it was name or content infected. Here is a 'describe' of the columns that I am referring too. You can see that you have a very full set of information that is being tracked. It would be trivial to create a report like you are asking for, the data is all there. If you would like some help, contact me off list and I will give you a hand. -- Bill | isspam | tinyint(1) | YES | | 0 | | | ishighspam | tinyint(1) | YES | | 0 | | | issaspam | tinyint(1) | YES | | 0 | | | isrblspam | tinyint(1) | YES | | 0 | | | spamwhitelisted | tinyint(1) | YES | | 0 | | | spamblacklisted | tinyint(1) | YES | | 0 | | | sascore | decimal(7,2) | YES | | 0.00 | | | spamreport | text | YES | | NULL | | | virusinfected | tinyint(1) | YES | | 0 | | | nameinfected | tinyint(1) | YES | | 0 | | | otherinfected | tinyint(1) | YES | | 0 | | Matt Kehler wrote: > Thanks Glenn. I know they are a different color, and I know they show > at the top right when looking at the current (daily) stats. But what > I"m looking for is 'in the month of December, XXXX emails were blocked > due to file attachment'. Better yet, since we service multiple domain > names, add ' .....blocked due to file attachment when destined for > abc123.com ' > > I assume I will have to do my own custom report for that? Even when > filtering for December; it will show emails/spam/virus per day, per > month, etc..but it doesn't seem that blocked are included. Unless I'm > crazy (which very well could be :) > > Matt > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > As replied on theother list.... Red for blocked content, pink for spam > (darker for High Scoring)... You'll note the difference:-). As I said, > even a severely colorblind person like me have no problem with that:-). > > If you like to have reports on each type, you'll just have to select a > relevant subset of limits. Again, it's pretty straightforward. > > -- Glenn > > > -----Original Message----- > From: MailScanner mailing list on behalf of Matt Kehler > Sent: on 2005-01-05 20:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Mailwatch question > I know its a MailWatch question, but it seems as though theres a lot > more MW users on this list than the actual MW list itself...so... :) > > > > If you have MS configured to block emails based on extension (such as > ..pif's for example), do those blocked emails show in the MailWatch > 'spam' statistics, or do they not show at all? Is there a way to > differentiate the emails blocked due to file extension from the emails > blocked due to spam? Our management wants to know how much MailScanner > is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) > as opposed to stuff that we manually configure (ie, the file extensions > that we block regardless of infection or spam) > > > > thx > > Matt > > > > > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission in > error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est destiné à la > personne > ou aux personnes à qui il est adressé. Il peut contenir des informations > privilégiées ou confidentielles. Toute utilisation, divulgation, > distribution, > copie, ou diffusion non autorisée est strictement défendue. Si vous > n'êtes pas > le destinataire de ce message, veuillez en informer l'expéditeur > immédiatement > et lui remettre l'original. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission > in error, please notify the sender immediately and return the original. > Ce courriel et tout document dans cette transmission est destiné à la > personne ou aux personnes à qui il est adressé. Il peut contenir des > informations privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, copie, ou diffusion non autorisée est > strictement défendue. Si vous n'êtes pas le destinataire de ce message, > veuillez en informer l'expéditeur immédiatement et lui remettre > l'original. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- _____ / ___/___ | Bill Huff, CISSP - Director of Technology / /__ __/ | Voice: (512) 263-0770 x 262 / /__/ / | Fax: (512) 263-8921 \___/ /ollective | Cell: (512) 630-5424 \/echnologies | --[ http://www.colltech.com ] -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 6 15:31:26 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Differences between spamassassin rules in MailScanner.conf Message-ID: On Tue, Jan 04, 2005 at 02:13:04PM -0800, Matt Krause wrote: > I am trying to figure out the difference between the following > settings in the MailScanner.conf file? > > # The site rules are searched for here. > # Normal location on most systems is /etc/mail/spamassassin. > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > # The site-local rules are searched for here, and in prefix/etc/spamassassin, > # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, > # /etc/mail/spamassassin, and maybe others. > # If this is set then it adds to the list of places that are searched; > # otherwise it has no effect. > #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin > SpamAssassin Local Rules Dir = > > # The default rules are searched for here, and in prefix/share/spamassassin, > # /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. > # If this is set then it adds to the list of places that are searched; > # otherwise it has no effect. > #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin > SpamAssassin Default Rules Dir = first off, man spamassassin see the section CONFIGURATION FILES But I think you may have a point here, # egrep -i "spamassassin[a-z]*rules" `dpkg -L mailscanner` /usr/share/MailScanner/MailScanner/ConfigDefs.pl:SpamAssassinSiteRulesDir /usr/share/MailScanner/MailScanner/ConfigDefs.pl:SpamAssassinLocalRulesDir /usr/share/MailScanner/MailScanner/ConfigDefs.pl:SpamAssassinDefaultRulesDir /usr/share/MailScanner/MailScanner/ConfigDefs.pl:MCPSpamAssassinLocalRulesDir /etc/MailScanner/mcp /usr/share/MailScanner/MailScanner/ConfigDefs.pl:MCPSpamAssassinDefaultRulesDir /etc/MailScanner/mcp /usr/share/MailScanner/MailScanner/SA.pm: $val = MailScanner::Config::Value('spamassassinlocalrulesdir'); /usr/share/MailScanner/MailScanner/SA.pm: $val = MailScanner::Config::Value('spamassassindefaultrulesdir'); /usr/share/MailScanner/MailScanner/MCP.pm: $val = MailScanner::Config::Value('mcpspamassassinlocalrulesdir'); /usr/share/MailScanner/MailScanner/MCP.pm: $val = MailScanner::Config::Value('mcpspamassassindefaultrulesdir'); I can't see where the SpamAssassinSiteRulesDir variable is ever used, although it may be employed in a way that is eluding my grep. Julian? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 6 15:34:43 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: On Wed, Jan 05, 2005 at 12:26:45PM -0500, Steve Swaney wrote: > -- > This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. agreed ;) -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 6 16:23:20 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: On Wed, Jan 05, 2005 at 06:46:33AM +0000, Brian Lewis wrote: > I would like to configure Sendmail outgoing to not generate a 'bounce > reply' if the target user is 'unknown or invalid'. IMHO, this is the ideal configuration: bounces are a nuisance if they don't go to the right place. But, I'm sure you also have in mind the purpose of bounces. > Basically if Sendmail > Outgoing is unable to deliver it then it should keep attempting to > deliver, but if its told by the receiving server the user doesn't exist If you don't attempt delivery before you reply then this is already too late, IMO. (Now, if the receiving server said 'we don't want it, its spam' ...) > then I don't want it to reply back to the spammer that it doesn't exist, > instead it should just discard the email. Au contraire. I think: If you're really sure that its spam, by a process equivalent to delivery, then you can, with your 'agent of the user' hat on, rather than your 'MTA' hat on, justify dropping the mail on the floor - thereby robbing the spammer of valuable feedback, and saving your resources. I would suggest that to act as the 'agent of the user' should be an explicit arangement, and that this deviation from normal MTA behaviour be explicitly understood as part of that arrangement. rfc2821 seems quite clear on this point: If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse- path). I can't find the 'get-out clause' that relieves you of this obligation in general, although I do not profess to have a good knowledge of all the relevant standards. > Anyone know if Sendmail can be configured in this way? See the other postings. ldap or milter-ahead. I would suggest that having a method that does require you to accept (or at least minimizes) mail that later you find you cannot deliver because the destination is incorrect, will give you more freedom in your choices about when to silently drop undesirable mail. Can anyone point out a circumstance in which this is simply technically impossible to acheive ? > Sick of seeing the server attempt to delivery > thousands of invalid or unknown user replies usually to invalid FROM > addresses. You have my sympathy, really. Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu Jan 6 17:22:53 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:07 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > There is something I found out about Exchange (2000). Whenever I add a > domain, I have to restart the whole server to make it work. Yes, thats why Recipient Update and similar services came to life. In the early days of Exchange nearly any change to the system required a complete restart of all services. Becuase 2000 (and 2003) depend on Active Directory so much the changes would be propagated through the domain/forest on a pre-set interval -- or on system startup. Google for repadmin if you want to find out how these processes work together. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu Jan 6 17:46:13 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Bill. I'll try to add 'nameinfected' (I believe thats what the blocked is) to the daily and monthly reports. When it comes to stuff like this I"m lost, so I may be emailing you soon enough :) thanks! Matt >>> bhuff@COLLTECH.COM 01/06/05 09:02AM >>> Matt, mailwatch does indeed capture the difference, however there is not a 'provided' interface to view it. It is all in the DB however, and a custom report is trivial to create based on the way that the mailwatch reporting system is designed. In your mailwatch database is a table called maillog. In the maillog table there are columns to track if a given message is spam, if it is high scoring spam, if it is virus infected or if it was name or content infected. Here is a 'describe' of the columns that I am referring too. You can see that you have a very full set of information that is being tracked. It would be trivial to create a report like you are asking for, the data is all there. If you would like some help, contact me off list and I will give you a hand. -- Bill | isspam | tinyint(1) | YES | | 0 | | | ishighspam | tinyint(1) | YES | | 0 | | | issaspam | tinyint(1) | YES | | 0 | | | isrblspam | tinyint(1) | YES | | 0 | | | spamwhitelisted | tinyint(1) | YES | | 0 | | | spamblacklisted | tinyint(1) | YES | | 0 | | | sascore | decimal(7,2) | YES | | 0.00 | | | spamreport | text | YES | | NULL | | | virusinfected | tinyint(1) | YES | | 0 | | | nameinfected | tinyint(1) | YES | | 0 | | | otherinfected | tinyint(1) | YES | | 0 | | Matt Kehler wrote: > Thanks Glenn. I know they are a different color, and I know they show > at the top right when looking at the current (daily) stats. But what > I"m looking for is 'in the month of December, XXXX emails were blocked > due to file attachment'. Better yet, since we service multiple domain > names, add ' .....blocked due to file attachment when destined for > abc123.com ' > > I assume I will have to do my own custom report for that? Even when > filtering for December; it will show emails/spam/virus per day, per > month, etc..but it doesn't seem that blocked are included. Unless I'm > crazy (which very well could be :) > > Matt > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > As replied on theother list.... Red for blocked content, pink for spam > (darker for High Scoring)... You'll note the difference:-). As I said, > even a severely colorblind person like me have no problem with that:-). > > If you like to have reports on each type, you'll just have to select a > relevant subset of limits. Again, it's pretty straightforward. > > -- Glenn > > > -----Original Message----- > From: MailScanner mailing list on behalf of Matt Kehler > Sent: on 2005-01-05 20:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Mailwatch question > I know its a MailWatch question, but it seems as though theres a lot > more MW users on this list than the actual MW list itself...so... :) > > > > If you have MS configured to block emails based on extension (such as > ..pif's for example), do those blocked emails show in the MailWatch > 'spam' statistics, or do they not show at all? Is there a way to > differentiate the emails blocked due to file extension from the emails > blocked due to spam? Our management wants to know how much MailScanner > is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) > as opposed to stuff that we manually configure (ie, the file extensions > that we block regardless of infection or spam) > > > > thx > > Matt > > > > > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission in > error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est destiné à la > personne > ou aux personnes à qui il est adressé. Il peut contenir des informations > privilégiées ou confidentielles. Toute utilisation, divulgation, > distribution, > copie, ou diffusion non autorisée est strictement défendue. Si vous > n'êtes pas > le destinataire de ce message, veuillez en informer l'expéditeur > immédiatement > et lui remettre l'original. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission > in error, please notify the sender immediately and return the original. > Ce courriel et tout document dans cette transmission est destiné à la > personne ou aux personnes à qui il est adressé. Il peut contenir des > informations privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, copie, ou diffusion non autorisée est > strictement défendue. Si vous n'êtes pas le destinataire de ce message, > veuillez en informer l'expéditeur immédiatement et lui remettre > l'original. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- _____ / ___/___ | Bill Huff, CISSP - Director of Technology / /__ __/ | Voice: (512) 263-0770 x 262 / /__/ / | Fax: (512) 263-8921 \___/ /ollective | Cell: (512) 630-5424 \/echnologies | --[ http://www.colltech.com ] -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 6 18:06:20 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: I've been reading through the DCC docs prior to the install, and I think I have a handle on it, but thought I'd check in here just to be sure, knowing that someone will either tell me I'm a complete idiot or I'm on the right track. Well, OK, I probably *am* a complete idiot anyway but I still manage to get it right at least some of the time. So, my understanding is that dccm is a milter for sendmail. I'm using sendmail, but I want MailScanner to do the RBL/Razor/DCC checks. Therefore, I don't have to install dccm (which requires rebuilding sendmail - at least as nearly as I can tell in SuSE 9.2). MailScanner/Spamassassin will just use DCCproc or DCCifd which are installed as a matter of course. Right? Or am I missing anything. I read the FAQ regarding using DCCifd, which says this: ------------- 'So, if you use MailScanner on a low scale mail server, or even as a one user's solution, it's better that you run it as DCCproc. If your mailserver scans loads of messages each day, then it'll be better to run it as a daemon.' ------------- I move probably 3000 messages a day inbound. Any recommendations on which would be more efficient (DCCproc or DCCifd) or for that low of a number is it a wash? Thanks much... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bhuff at COLLTECH.COM Thu Jan 6 18:19:12 2005 From: bhuff at COLLTECH.COM (Bill Huff) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am pretty sure that nameinfected means that a rule in filename.rules hit and otherinfected means that a rule in filetype.rules hit. -- Bill Matt Kehler wrote: > Thanks Bill. I'll try to add 'nameinfected' (I believe thats what the > blocked is) to the daily and monthly reports. When it comes to stuff > like this I"m lost, so I may be emailing you soon enough :) > > thanks! > Matt > > >>> bhuff@COLLTECH.COM 01/06/05 09:02AM >>> > Matt, mailwatch does indeed capture the difference, however there is not a > 'provided' interface to view it. It is all in the DB however, and a custom > report is trivial to create based on the way that the mailwatch > reporting system > is designed. > > In your mailwatch database is a table called maillog. In the maillog table > there are columns to track if a given message is spam, if it is high > scoring > spam, if it is virus infected or if it was name or content infected. > > Here is a 'describe' of the columns that I am referring too. You can > see that > you have a very full set of information that is being tracked. It would be > trivial to create a report like you are asking for, the data is all there. > > If you would like some help, contact me off list and I will give you a hand. > > -- > Bill > > | isspam | tinyint(1) | YES | | 0 | | > | ishighspam | tinyint(1) | YES | | 0 | | > | issaspam | tinyint(1) | YES | | 0 | | > | isrblspam | tinyint(1) | YES | | 0 | | > | spamwhitelisted | tinyint(1) | YES | | 0 | | > | spamblacklisted | tinyint(1) | YES | | 0 | | > | sascore | decimal(7,2) | YES | | 0.00 | | > | spamreport | text | YES | | NULL | | > | virusinfected | tinyint(1) | YES | | 0 | | > | nameinfected | tinyint(1) | YES | | 0 | | > | otherinfected | tinyint(1) | YES | | 0 | | > > > Matt Kehler wrote: > > Thanks Glenn. I know they are a different color, and I know they show > > at the top right when looking at the current (daily) stats. But what > > I"m looking for is 'in the month of December, XXXX emails were blocked > > due to file attachment'. Better yet, since we service multiple domain > > names, add ' .....blocked due to file attachment when destined for > > abc123.com ' > > > > I assume I will have to do my own custom report for that? Even when > > filtering for December; it will show emails/spam/virus per day, per > > month, etc..but it doesn't seem that blocked are included. Unless I'm > > crazy (which very well could be :) > > > > Matt > > > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > > As replied on theother list.... Red for blocked content, pink for spam > > (darker for High Scoring)... You'll note the difference:-). As I said, > > even a severely colorblind person like me have no problem with that:-). > > > > If you like to have reports on each type, you'll just have to select a > > relevant subset of limits. Again, it's pretty straightforward. > > > > -- Glenn > > > > > > -----Original Message----- > > From: MailScanner mailing list on behalf of Matt Kehler > > Sent: on 2005-01-05 20:04 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Cc: > > Subject: Mailwatch question > > I know its a MailWatch question, but it seems as though theres a lot > > more MW users on this list than the actual MW list itself...so... :) > > > > > > > > If you have MS configured to block emails based on extension (such as > > ..pif's for example), do those blocked emails show in the MailWatch > > 'spam' statistics, or do they not show at all? Is there a way to > > differentiate the emails blocked due to file extension from the emails > > blocked due to spam? Our management wants to know how much MailScanner > > is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) > > as opposed to stuff that we manually configure (ie, the file extensions > > that we block regardless of infection or spam) > > > > > > > > thx > > > > Matt > > > > > > > > > > This email and/or any documents in this transmission is intended for the > > addressee(s) only and may contain legally privileged or confidential > > information. Any unauthorized use, disclosure, distribution, copying or > > dissemination is strictly prohibited. If you receive this > transmission in > > error, please notify the sender immediately and return the original. > > > > Ce courriel et tout document dans cette transmission est destiné à la > > personne > > ou aux personnes à qui il est adressé. Il peut contenir des informations > > privilégiées ou confidentielles. Toute utilisation, divulgation, > > distribution, > > copie, ou diffusion non autorisée est strictement défendue. Si vous > > n'êtes pas > > le destinataire de ce message, veuillez en informer l'expéditeur > > immédiatement > > et lui remettre l'original. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > This email and/or any documents in this transmission is intended for the > > addressee(s) only and may contain legally privileged or confidential > > information. Any unauthorized use, disclosure, distribution, copying or > > dissemination is strictly prohibited. If you receive this transmission > > in error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est destiné à la > > personne ou aux personnes à qui il est adressé. Il peut contenir des > > informations privilégiées ou confidentielles. Toute utilisation, > > divulgation, distribution, copie, ou diffusion non autorisée est > > strictement défendue. Si vous n'êtes pas le destinataire de ce message, > > veuillez en informer l'expéditeur immédiatement et lui remettre > > l'original. ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > -- > _____ > / ___/___ | Bill Huff, CISSP - Director of Technology > / /__ __/ | Voice: (512) 263-0770 x 262 > / /__/ / | Fax: (512) 263-8921 > \___/ /ollective | Cell: (512) 630-5424 > \/echnologies | --[ http://www.colltech.com > ] -- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission > in error, please notify the sender immediately and return the original. > Ce courriel et tout document dans cette transmission est destiné à la > personne ou aux personnes à qui il est adressé. Il peut contenir des > informations privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, copie, ou diffusion non autorisée est > strictement défendue. Si vous n'êtes pas le destinataire de ce message, > veuillez en informer l'expéditeur immédiatement et lui remettre > l'original. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- _____ / ___/___ | Bill Huff, CISSP - Director of Technology / /__ __/ | Voice: (512) 263-0770 x 262 / /__/ / | Fax: (512) 263-8921 \___/ /ollective | Cell: (512) 630-5424 \/echnologies | --[ http://www.colltech.com ] -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Jan 6 18:57:50 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > I move probably 3000 messages a day inbound. Any recommendations on which > would be more efficient (DCCproc or DCCifd) or for that low of a number is > it a wash? This is from the SpamAssassin INSTALL file and it works, that's how easy it is: wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z tar xfvz dcc-dccproc.tar.Z cd dcc-dccproc-* ./configure && make && make install The deamon is included so if you want to use that later on you can. Look here for that but you will not notice any difference. The nice thing is that SA will automatically fall back to dccproc if it can't connect to dccifd so you don't have to worry about it stopping. http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 6 19:05:53 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: Peter Bonivart wrote: > Kevin Miller wrote: >> I move probably 3000 messages a day inbound. Any recommendations on >> which would be more efficient (DCCproc or DCCifd) or for that low of >> a number is it a wash? > > This is from the SpamAssassin INSTALL file and it works, that's how > easy it is: > > wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z > tar xfvz dcc-dccproc.tar.Z > cd dcc-dccproc-* > ./configure && make && make install > > The deamon is included so if you want to use that later on you can. > Look here for that but you will not notice any difference. The nice > thing is that SA will automatically fall back to dccproc if it can't > connect to dccifd so you don't have to worry about it stopping. > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html Thanks Peter! I was looking all over for that snippit, but hadn't gotten to the SpamAssassin install yet. I *knew* I'd read that somewhere (months ago) but just couldn't recall where... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:08:04 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any problems from November until this evening. Suddenly the volume of mail in the mqueue.in directory started to increase without explanation, and while most mail is being delivered successfully, more and more messages are just being repeatedly reprocessed without being delivered. See log for a typical message below. I have tried restarting MailScanner, and even cleaned out the queue manually. However the problem keeps resurfacing. Can anyone advise what could be happening here? No MailScanner configuration files have been changed recently, and only minor changes have been made to sendmail configuration files (mailertable - to forward certain mail to a specific host - and virtusertable - to add some more users). Neither of these changes should have made any impact. There are no relevant errors listed in the sendmail maillog file, apart from signs of some messages being processed ad infinitum. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from=, size=8737, class=0, nrcpts=1, msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, relay=fido.mango.zw [192.168.10.1] Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to=, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted etc etc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:17:28 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: On Thu, 6 Jan 2005, I wrote > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > problems from November until this evening. Suddenly the volume of mail in > the mqueue.in directory started to increase without explanation, and while > most mail is being delivered successfully, more and more messages are > just being repeatedly reprocessed without being delivered. See log for a > typical message below. I append another example of the problem. This is interesting as it involves a message flagged as spam. It is being repeatedly saved in the quarantine folder (copying over older copies of itself), but is never moved out of mqueue.in. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service Jan 6 22:39:40 mail sendmail[17787]: j06KdV53017787: from=, size=33199, class=0, nrcpts=1, msgid=<20050106143548691@DAL1BS070>, proto=SMTP, daemon=MTA, relay=dal1bs070.processrequest.com [216.39.67.120] Jan 6 22:39:40 mail sendmail[17787]: j06KdV53017787: to=, delay=00:00:07, mailer=esmtp, pri=63199, stat=queued Jan 6 22:40:00 mail MailScanner[11052]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:40:00 mail MailScanner[11052]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:41:25 mail MailScanner[11052]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:42:24 mail MailScanner[11317]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:42:24 mail MailScanner[11317]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:42:56 mail MailScanner[11317]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:43:20 mail MailScanner[11218]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:43:20 mail MailScanner[11218]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:43:43 mail MailScanner[11218]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:44:07 mail MailScanner[19384]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:44:07 mail MailScanner[19384]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:44:38 mail MailScanner[19384]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:45:34 mail MailScanner[11132]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:45:34 mail MailScanner[11132]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:46:05 mail MailScanner[11132]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store etc etc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.thomas at PSYSOLUTIONS.COM Thu Jan 6 21:15:49 2005 From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: paddy wrote: >rfc2821 seems quite clear on this point: > > If an SMTP server has accepted the task of relaying the mail and > later finds that the destination is incorrect or that the mail cannot > be delivered for some other reason, then it MUST construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the reverse- > path). > >I can't find the 'get-out clause' that relieves you of this obligation >in general, although I do not profess to have a good knowledge of >all the relevant standards. > > An RFC is not a law. If you don't comply, you are merely noncompliant. This matters where it matters and doesn't where it doesn't. Rich -- MIS Department | |Phone: +1 615 312 5787 840 Crescent Ctr Dr | Psychiatric Solutions Inc |Fax: +1 615 312 5711 Suite 460 | | Franklin, TN 37067 | | ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From tjones at isthmus.com Thu Jan 6 21:16:42 2005 From: tjones at isthmus.com (Thom Jones) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi to Jim and Everyone (I'm new to this list): I just had the same thing happen to me. Result here was that the bigevil.cf and blacklist.cf files got updated a couple days prior and they were huge...huge enough to overwhelm system resources when running SA. This effectively shut down MailScanner as well. Once I reverted back to the earlier (and much smaller) .cf files, things cleared out eventually and got back to normal. I've now been reconfiguring and upgrading in order to use SURBL instead. Not sure if it's the same cause on your end, but hope this helps.... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Jim Holland Sent: Thursday, January 06, 2005 3:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Problem with MailScanner failing to process mqueue.in mail Hi I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any problems from November until this evening. Suddenly the volume of mail in the mqueue.in directory started to increase without explanation, and while most mail is being delivered successfully, more and more messages are just being repeatedly reprocessed without being delivered. See log for a typical message below. I have tried restarting MailScanner, and even cleaned out the queue manually. However the problem keeps resurfacing. Can anyone advise what could be happening here? No MailScanner configuration files have been changed recently, and only minor changes have been made to sendmail configuration files (mailertable - to forward certain mail to a specific host - and virtusertable - to add some more users). Neither of these changes should have made any impact. There are no relevant errors listed in the sendmail maillog file, apart from signs of some messages being processed ad infinitum. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from=, size=8737, class=0, nrcpts=1, msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, relay=fido.mango.zw [192.168.10.1] Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to=, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted etc etc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Jan 6 21:31:43 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > problems from November until this evening. Suddenly the volume of mail in > the mqueue.in directory started to increase without explanation, and while > most mail is being delivered successfully, more and more messages are > just being repeatedly reprocessed without being delivered. See log for a > typical message below. > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from=, size=8737, class=0, nrcpts=1, msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, relay=fido.mango.zw [192.168.10.1] > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to=, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued > Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted > Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted > Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted > Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted I'm not sure but it could be a file locking problem since different MS processes seems to be processing the same message. What lock type do you use, flock or posix? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:44:52 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi On Thu, 6 Jan 2005, Thom Jones wrote: > Hi to Jim and Everyone (I'm new to this list): > I just had the same thing happen to me. > Result here was that the bigevil.cf and blacklist.cf files got updated a > couple days prior and they were huge...huge enough to overwhelm system > resources when running SA. This effectively shut down MailScanner as well. > Once I reverted back to the earlier (and much smaller) .cf files, things > cleared out eventually and got back to normal. > I've now been reconfiguring and upgrading in order to use SURBL instead. > Not sure if it's the same cause on your end, but hope this helps.... Thanks for the feedback. I don't have the resources to run SA on this server, but don't see any sign of running out of resources with the configuration that I am using. The load average is running between 3 and 6, so that looks fine. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:49:28 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi On Thu, 6 Jan 2005, Peter Bonivart wrote: > > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > > problems from November until this evening. Suddenly the volume of mail in > > the mqueue.in directory started to increase without explanation, and while > > most mail is being delivered successfully, more and more messages are > > just being repeatedly reprocessed without being delivered. See log for a > > typical message below. > I'm not sure but it could be a file locking problem since different MS > processes seems to be processing the same message. What lock type do you > use, flock or posix? Thanks for the feedback. Since upgrading to sendmail 8.13.1 I changed from flock to posix as recommended. I now see previous mail from another user with a similar problem. I will go through all that correspondence as well. Of course I could/should upgrade to the latest version of MailScanner. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Thu Jan 6 21:54:38 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Bonivart > Sent: Thursday, January 06, 2005 4:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner failing to process mqueue.in mail > > Jim Holland wrote: > > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without > any > > problems from November until this evening. Suddenly the volume of mail > in > > the mqueue.in directory started to increase without explanation, and > while > > most mail is being delivered successfully, more and more messages are > > just being repeatedly reprocessed without being delivered. See log for > a > > typical message below. > > > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from= mango.zw>, size=8737, class=0, nrcpts=1, > msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, > relay=fido.mango.zw [192.168.10.1] > > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to= mweb.co.za>, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued > > Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > I'm not sure but it could be a file locking problem since different MS > processes seems to be processing the same message. What lock type do you > use, flock or posix? > > -- > /Peter Bonivart > I believe Peter is on the right track here. Sendmail 8.13.1 should have Lock Type = posix Set in MailScanner.conf Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 22:03:34 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi Julian > On Thu, 6 Jan 2005, I wrote > > > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > > problems from November until this evening. Suddenly the volume of mail in > > the mqueue.in directory started to increase without explanation, and while > > most mail is being delivered successfully, more and more messages are > > just being repeatedly reprocessed without being delivered. See log for a > > typical message below. The problem seems to have been solved by moving a specific problem message out of the mail queue. There were a number of similar messages from the same source, and it seems that each time they sent a message then it caused the failure. Would it be helpful to send you a copy of one of the messages for analysis? It would definitely be unwise to send it to the list as it would clearly cause problems for other people. For information, the message came from: Server: dal1bs070.processrequest.com [216.39.67.120] Sender: Contract Journal and it was listed as spam by reynolds-t1 (t1.dnsbl.net.au), although it may be legitimate mail. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Jan 6 22:34:26 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:07 2006 Subject: OT - setting up mailertable Message-ID: >Correct syntax is : > >xyz.com esmtp:[1.1.1.1]:[2.2.2.2]:[3.3.3.3]:[4.4.4.4]:[5.5.5.5] > Thanks Stephane, that worked. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 6 23:00:49 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:07 2006 Subject: Lock type Message-ID: In MailScanner.conf I have posix. In spam.assassin.prefs.conf it says flock. Should I change the latter to posix as well? I'm running sendmail. TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Jan 6 23:15:38 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:07 2006 Subject: Lock type Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > In MailScanner.conf I have posix. In spam.assassin.prefs.conf it says > flock. Should I change the latter to posix as well? I'm running sendmail. The two are separate, if you have a new version of Linux/Sendmail you should probably use posix for MS but in SA you will gain performance by using flock compared to nfssafe. Look at the man page for Mail::SpamAssassin::Conf. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jan 6 23:23:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hm, ISTR there was a report for "tyotals per month" posted to the MailWatch list a while back. Get that (you'll just have to trawl for it in the MailWatch list archive), and then this is real trivial.... set the limit of "blocked content=1", then look at the totals per month;). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: Thu 1/6/2005 3:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Mailwatch question Thanks Glenn. I know they are a different color, and I know they show at the top right when looking at the current (daily) stats. But what I"m looking for is 'in the month of December, XXXX emails were blocked due to file attachment'. Better yet, since we service multiple domain names, add ' .....blocked due to file attachment when destined for abc123.com ' I assume I will have to do my own custom report for that? Even when filtering for December; it will show emails/spam/virus per day, per month, etc..but it doesn't seem that blocked are included. Unless I'm crazy (which very well could be :) Matt >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> As replied on theother list.... Red for blocked content, pink for spam (darker for High Scoring)... You'll note the difference:-). As I said, even a severely colorblind person like me have no problem with that:-). If you like to have reports on each type, you'll just have to select a relevant subset of limits. Again, it's pretty straightforward. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: on 2005-01-05 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Mailwatch question I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ...pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ckteo at tri-m.com.sg Fri Jan 7 02:48:18 2005 From: ckteo at tri-m.com.sg (Teo Chee Keong) Date: Thu Jan 12 21:28:07 2006 Subject: Help on configuration Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm trying to configure the MailScanner to allow HTML / IFrame Tag from Some mailing list / domain, but I can't seem to get it right. Can someone guide me on how to do it? Thanks and regards, Teo Chee Keong ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Fri Jan 7 03:10:51 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:07 2006 Subject: Help on configuration Message-ID: Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Teo Chee Keong > Sent: Thursday, January 06, 2005 9:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Help on configuration > > Hi, > > I'm trying to configure the MailScanner to allow HTML / IFrame Tag from > Some > mailing list / domain, but I can't seem to get it right. Can someone guide > me on how to do it? > > Thanks and regards, > Teo Chee Keong > In MailScanner.conf, set "Allow IFrame Tags =" to: Allow IFrame Tags = %rules-dir%/IFrame.tag.rules Create the file IFrame.tag.rules in your rules directory which contains lines similar to: From: @.mailer.somedomain.com yes From: *.bulk.baddomain.com no FromOrTo: default disarm This assumes that you don't "Use SpamAssassin" or "Spam Checks" on mail from you own domain. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jan 7 04:55:12 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > I read the FAQ regarding using DCCifd, which says this: > ------------- > 'So, if you use MailScanner on a low scale mail server, or even as a one > user's > solution, it's better that you run it as DCCproc. > > If your mailserver scans loads of messages each day, then it'll be better to > > run it as a daemon.' > ------------- > I move probably 3000 messages a day inbound. Any recommendations on which > would be more efficient (DCCproc or DCCifd) or for that low of a number is > it a wash? The best thing is to try it out and compare, I think. About 10 MB of code... would you rather load it everytime or have 10 MB of RAM used all the time? Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Fri Jan 7 05:57:13 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:28:07 2006 Subject: Weird maillog Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, After upgrading to M/S 4.37.7 two days ago, i found these so many weird logs : Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, arg1=220-130-160-190.HINET-IP.hinet.net, arg2=220.130.160.190, relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], reject=550 5.0.0 Persistent Virus Source any idea what are those ? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 08:45:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: >Hi Julian > > > >>On Thu, 6 Jan 2005, I wrote >> >> >> >>>I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any >>>problems from November until this evening. Suddenly the volume of mail in >>>the mqueue.in directory started to increase without explanation, and while >>>most mail is being delivered successfully, more and more messages are >>>just being repeatedly reprocessed without being delivered. See log for a >>>typical message below. >>> >>> > >The problem seems to have been solved by moving a specific problem message >out of the mail queue. There were a number of similar messages from the >same source, and it seems that each time they sent a message then it >caused the failure. Would it be helpful to send you a copy of one of the >messages for analysis? It would definitely be unwise to send it to the >list as it would clearly cause problems for other people. > > The latest release fixed one problem in this area (new version of MIME-tools). If (and only if) you are running MIME-tools 5.415, then upgrade to MIME-tools 5.416. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 7 09:15:19 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] otherinfected == non-content, non-virus... Iframes etc that MS detects by itself. nameinfected is what Matt is after... In the MW report interface called "contained an Unacceptable Attachment". -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Huff > Sent: den 6 januari 2005 19:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailwatch question > > > I am pretty sure that nameinfected means that a rule in > filename.rules hit and > otherinfected means that a rule in filetype.rules hit. > > -- > Bill > > > Matt Kehler wrote: > > Thanks Bill. I'll try to add 'nameinfected' (I believe > thats what the > > blocked is) to the daily and monthly reports. When it > comes to stuff > > like this I"m lost, so I may be emailing you soon enough :) > > > > thanks! > > Matt > > > > >>> bhuff@COLLTECH.COM 01/06/05 09:02AM >>> > > Matt, mailwatch does indeed capture the difference, however > there is not a > > 'provided' interface to view it. It is all in the DB > however, and a custom > > report is trivial to create based on the way that the mailwatch > > reporting system > > is designed. > > > > In your mailwatch database is a table called maillog. In > the maillog table > > there are columns to track if a given message is spam, if > it is high > > scoring > > spam, if it is virus infected or if it was name or content infected. > > > > Here is a 'describe' of the columns that I am referring > too. You can > > see that > > you have a very full set of information that is being > tracked. It would be > > trivial to create a report like you are asking for, the > data is all there. > > > > If you would like some help, contact me off list and I will > give you a hand. > > > > -- > > Bill > > > > | isspam | tinyint(1) | YES | | 0 | | > > | ishighspam | tinyint(1) | YES | | 0 | | > > | issaspam | tinyint(1) | YES | | 0 | | > > | isrblspam | tinyint(1) | YES | | 0 | | > > | spamwhitelisted | tinyint(1) | YES | | 0 | | > > | spamblacklisted | tinyint(1) | YES | | 0 | | > > | sascore | decimal(7,2) | YES | | 0.00 | | > > | spamreport | text | YES | | NULL | | > > | virusinfected | tinyint(1) | YES | | 0 | | > > | nameinfected | tinyint(1) | YES | | 0 | | > > | otherinfected | tinyint(1) | YES | | 0 | | > > > > > > Matt Kehler wrote: > > > Thanks Glenn. I know they are a different color, and I > know they show > > > at the top right when looking at the current (daily) > stats. But what > > > I"m looking for is 'in the month of December, XXXX > emails were blocked > > > due to file attachment'. Better yet, since we service > multiple domain > > > names, add ' .....blocked due to file attachment when > destined for > > > abc123.com ' > > > > > > I assume I will have to do my own custom report for > that? Even when > > > filtering for December; it will show emails/spam/virus > per day, per > > > month, etc..but it doesn't seem that blocked are > included. Unless I'm > > > crazy (which very well could be :) > > > > > > Matt > > > > > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > > > As replied on theother list.... Red for blocked content, > pink for spam > > > (darker for High Scoring)... You'll note the > difference:-). As I said, > > > even a severely colorblind person like me have no > problem with that:-). > > > > > > If you like to have reports on each type, you'll just > have to select a > > > relevant subset of limits. Again, it's pretty straightforward. > > > > > > -- Glenn > > > > > > > > > -----Original Message----- > > > From: MailScanner mailing list on behalf of Matt Kehler > > > Sent: on 2005-01-05 20:04 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Cc: > > > Subject: Mailwatch question > > > I know its a MailWatch question, but it seems as though > theres a lot > > > more MW users on this list than the actual MW list > itself...so... :) > > > > > > > > > > > > If you have MS configured to block emails based on > extension (such as > > > ..pif's for example), do those blocked emails show in > the MailWatch > > > 'spam' statistics, or do they not show at all? Is > there a way to > > > differentiate the emails blocked due to file extension > from the emails > > > blocked due to spam? Our management wants to know how > much MailScanner > > > is blocking due to 'itself' (ie, spam heuristics, virus > scanning, etc) > > > as opposed to stuff that we manually configure (ie, the > file extensions > > > that we block regardless of infection or spam) > > > > > > > > > > > > thx > > > > > > Matt > > > > > > > > > > > > > > > This email and/or any documents in this transmission is > intended for the > > > addressee(s) only and may contain legally privileged or > confidential > > > information. Any unauthorized use, disclosure, > distribution, copying or > > > dissemination is strictly prohibited. If you receive this > > transmission in > > > error, please notify the sender immediately and return > the original. > > > > > > Ce courriel et tout document dans cette transmission est > destiné à la > > > personne > > > ou aux personnes à qui il est adressé. Il peut contenir > des informations > > > privilégiées ou confidentielles. Toute utilisation, divulgation, > > > distribution, > > > copie, ou diffusion non autorisée est strictement > défendue. Si vous > > > n'êtes pas > > > le destinataire de ce message, veuillez en informer l'expéditeur > > > immédiatement > > > et lui remettre l'original. > > > > > > ------------------------ MailScanner list > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > This email and/or any documents in this transmission is > intended for the > > > addressee(s) only and may contain legally privileged or > confidential > > > information. Any unauthorized use, disclosure, > distribution, copying or > > > dissemination is strictly prohibited. If you receive > this transmission > > > in error, please notify the sender immediately and > return the original. > > > Ce courriel et tout document dans cette transmission est > destiné à la > > > personne ou aux personnes à qui il est adressé. Il peut > contenir des > > > informations privilégiées ou confidentielles. Toute utilisation, > > > divulgation, distribution, copie, ou diffusion non autorisée est > > > strictement défendue. Si vous n'êtes pas le destinataire > de ce message, > > > veuillez en informer l'expéditeur immédiatement et lui remettre > > > l'original. ------------------------ MailScanner list > > > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > -- > > _____ > > / ___/___ | Bill Huff, CISSP - Director of Technology > > / /__ __/ | Voice: (512) 263-0770 x 262 > > / /__/ / | Fax: (512) 263-8921 > > \___/ /ollective | Cell: (512) 630-5424 > > \/echnologies | --[ http://www.colltech.com > > ] -- > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > This email and/or any documents in this transmission is > intended for the > > addressee(s) only and may contain legally privileged or > confidential > > information. Any unauthorized use, disclosure, > distribution, copying or > > dissemination is strictly prohibited. If you receive this > transmission > > in error, please notify the sender immediately and return > the original. > > Ce courriel et tout document dans cette transmission est > destiné à la > > personne ou aux personnes à qui il est adressé. Il peut > contenir des > > informations privilégiées ou confidentielles. Toute utilisation, > > divulgation, distribution, copie, ou diffusion non autorisée est > > strictement défendue. Si vous n'êtes pas le destinataire de > ce message, > > veuillez en informer l'expéditeur immédiatement et lui remettre > > l'original. ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > -- > _____ > / ___/___ | Bill Huff, CISSP - Director of Technology > / /__ __/ | Voice: (512) 263-0770 x 262 > / /__/ / | Fax: (512) 263-8921 > \___/ /ollective | Cell: (512) 630-5424 > \/echnologies | --[ http://www.colltech.com ] -- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 7 09:37:43 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here's a link to the "Enhanced Total Messages report" by Giannis Kapetanakis: http://sourceforge.net/mailarchive/message.php?msg_id=7984079 Note that Steve has put it in CVS, so it'll be in the (long awaited) 0.6, or you already have it if you run the CVS version. Upon request I might forward the original mail from Giannis, where the files are nice attatchments (less cut'n'paste for you:) I've had this in since the day after he published... An invaluable PHB-impressant;-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 7 januari 2005 00:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailwatch question > > > Hm, ISTR there was a report for "tyotals per month" posted to > the MailWatch list a while back. Get that (you'll just have > to trawl for it in the MailWatch list archive), and then this > is real trivial.... set the limit of "blocked content=1", > then look at the totals per month;). > > -- Glenn > > > -----Original Message----- > From: MailScanner mailing list on behalf of Matt Kehler > Sent: Thu 1/6/2005 3:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: Mailwatch question > Thanks Glenn. I know they are a different color, and I know > they show at the top right when looking at the current > (daily) stats. But what I"m looking for is 'in the month of > December, XXXX emails were blocked due to file attachment'. > Better yet, since we service multiple domain names, add ' > .....blocked due to file attachment when destined for abc123.com ' > > > > I assume I will have to do my own custom report for that? > Even when filtering for December; it will show > emails/spam/virus per day, per month, etc..but it doesn't > seem that blocked are included. Unless I'm crazy (which very > well could be :) > > > > Matt > > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > > As replied on theother list.... Red for blocked content, pink > for spam (darker for High Scoring)... You'll note the > difference:-). As I said, even a severely colorblind person > like me have no problem with that:-). > > > If you like to have reports on each type, you'll just have to > select a relevant subset of limits. Again, it's pretty > straightforward. > > > -- Glenn > > > > -----Original Message----- > > From: MailScanner mailing list on behalf of Matt Kehler > > Sent: on 2005-01-05 20:04 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Cc: > > Subject: Mailwatch question > > I know its a MailWatch question, but it seems as though > theres a lot more MW users on this list than the actual MW > list itself...so... :) > > > > > If you have MS configured to block emails based on extension > (such as ...pif's for example), do those blocked emails show > in the MailWatch 'spam' statistics, or do they not show at > all? Is there a way to differentiate the emails blocked due > to file extension from the emails blocked due to spam? Our > management wants to know how much MailScanner is blocking due > to 'itself' (ie, spam heuristics, virus scanning, etc) as > opposed to stuff that we manually configure (ie, the file > extensions that we block regardless of infection or spam) > > > > > thx > > > Matt > > > > > > This email and/or any documents in this transmission is > intended for the > > addressee(s) only and may contain legally privileged or confidential > > information. Any unauthorized use, disclosure, distribution, > copying or > > dissemination is strictly prohibited. If you receive this > transmission in > > error, please notify the sender immediately and return the original. > > > Ce courriel et tout document dans cette transmission est > destiné à la personne > > ou aux personnes à qui il est adressé. Il peut contenir des > informations > > privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, > > copie, ou diffusion non autorisée est strictement défendue. > Si vous n'êtes pas > > le destinataire de ce message, veuillez en informer > l'expéditeur immédiatement > > et lui remettre l'original. > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > Support MailScanner development - buy the book off the website! > > > > > > This email and/or any documents in this transmission is > intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, > copying or > dissemination is strictly prohibited. If you receive this > transmission in > error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est > destiné à la personne > ou aux personnes à qui il est adressé. Il peut contenir des > informations > privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, > copie, ou diffusion non autorisée est strictement défendue. > Si vous n'êtes pas > le destinataire de ce message, veuillez en informer > l'expéditeur immédiatement > et lui remettre l'original. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Jan 7 13:05:07 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:07 2006 Subject: Weird maillog Message-ID: ius wrote: > Hi, > > After upgrading to M/S 4.37.7 two days ago, i found these so many > weird logs : > > Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, > arg1=220-130-160-190.HINET-IP.hinet.net, arg2=220.130.160.190, > relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], > reject=550 5.0.0 Persistent Virus Source > > any idea what are those ? > > Thanks > Have a look at your /etc/mail/access and look for some REJECT lines. Are you running Vispan? This does not appear to be a MailScanner caused issue. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Fri Jan 7 13:29:16 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:07 2006 Subject: Weird maillog Message-ID: > After upgrading to M/S 4.37.7 two days ago, i found these so many > weird logs : > > Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, > arg1=220-130-160-190.HINET-IP.hinet.net, > arg2=220.130.160.190, > relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], > reject=550 5.0.0 Persistent Virus Source > > any idea what are those ? > Are you using Vispan? Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Fri Jan 7 14:04:03 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:07 2006 Subject: Feature Request: Group configuration items for use in rules Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian (+ "the list"), After doing a recent batch of editing a whole slew of configuration rules the other day, it got me thinking. Any chance that you could implement a type of group definitions for use in rules? For example, you could define a group named "AnnoyingManagement" (chosen at random!) that contains a list of email addresses and then reference only the group name in various rule files. This is a very handy feature of most modern firewalls for access lists, and I could foresee it helping to cut down on the length of some of our rules. I have various files that reference the same list of users quite frequently, so if this was implemented, I would only have to edit the group definition instead of all of the different rules that it would effect. Example of how this might work: In /etc/MailScanner/rules/group.rules: AnnoyingManagement: bob@domain.com mike@domain.com jim@domain.com jill@domain.com sarah@domain.com bofhSysadmins: root@domain.com bofh@domain.com support@domain.com In /etc/MailScanner/rules/spam.highscore.rules: To: AnnoyingManagement.group 50 To: bofhSysadmins.group 3 To: default 10 Any comments? -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 14:07:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:07 2006 Subject: Feature Request: Group configuration items for use in rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can already do it. Instead of putting in an email address (or domain name or whatever), give it a full filename. That file contains address patterns (or addresses or domain names or whatever) one per line. It makes it behave exactly as if there were separate rules for every address in the file, all with the same resulting value for the configuration option. Hirsh, Joshua wrote: >Hi Julian (+ "the list"), > > After doing a recent batch of editing a whole slew of configuration rules >the other day, it got me thinking. > > Any chance that you could implement a type of group definitions for use in >rules? For example, you could define a group named "AnnoyingManagement" >(chosen at random!) that contains a list of email addresses and then >reference only the group name in various rule files. > > > This is a very handy feature of most modern firewalls for access lists, and >I could foresee it helping to cut down on the length of some of our rules. I >have various files that reference the same list of users quite frequently, >so if this was implemented, I would only have to edit the group definition >instead of all of the different rules that it would effect. > > > > Example of how this might work: > > In /etc/MailScanner/rules/group.rules: > AnnoyingManagement: bob@domain.com mike@domain.com jim@domain.com >jill@domain.com sarah@domain.com > bofhSysadmins: root@domain.com bofh@domain.com support@domain.com > > > In /etc/MailScanner/rules/spam.highscore.rules: > To: AnnoyingManagement.group 50 > To: bofhSysadmins.group 3 > To: default 10 > > > Any comments? > >-Joshua > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Fri Jan 7 14:16:38 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:28:07 2006 Subject: local.cf vs spam.assassin.prefs.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Im running mailscanner with spamassassin and my local.cf file is a symbolic link to spam.assassin.prefs.conf Im going to be using spamd for a separate application im building and I wanted to make use of the sql user preferences (http://svn.apache.org/repos/asf/spamassassin/branches/3.0/sql/README) I will be adding user_scores_dsn DBI:driver:connection user_scores_sql_username dbusername user_scores_sql_password dbpassword Does anyone know if this will cause any problems for MailScanner? I know MailScanner cant use per user settings and wondered if it would just ignore them? Would I be better of having separate local.cf and spam.assassin.prefs.conf files? Thanks Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Fri Jan 7 14:21:43 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: On Thu, Jan 06, 2005 at 03:15:49PM -0600, Richard Thomas wrote: > paddy wrote: > > >rfc2821 seems quite clear on this point: > > > > If an SMTP server has accepted the task of relaying the mail and > > later finds that the destination is incorrect or that the mail cannot > > be delivered for some other reason, then it MUST construct an > > "undeliverable mail" notification message and send it to the > > originator of the undeliverable mail (as indicated by the reverse- > > path). > > > >I can't find the 'get-out clause' that relieves you of this obligation > >in general, although I do not profess to have a good knowledge of > >all the relevant standards. > > > > > > An RFC is not a law. If you don't comply, you are merely noncompliant. > This matters where it matters and doesn't where it doesn't. I second that ! I didn't mean to imply that an rfc is law, but it may be worth considering that in some jurisdictions accepted best practice (and for that matter the use of terms like email or internet email, without further qualification - trades descriptions?) might carry some weight in the context of any legal wranglings (IANAL and I really don't have a clue about this, just speculating). But I didn't mean to imply a legal meaning at all, I'm afraid its just the syle of the language I used. I meant to imply an technical/ethical/moral meaning - what _should_ one do? In particular, as I hoped was clear, to say that I view one option as a poor choice to be avoided if possible, and to solicit discussion of this view, if necessary. Nevertheless, thank you for helping to clarify that: I hadn't realised that anyone would read it that way. Perhaps I mis-read the original email? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Jan 7 14:24:48 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:07 2006 Subject: Feature Request: Group configuration items for use in rules Message-ID: Hi! > Example of how this might work: > > In /etc/MailScanner/rules/group.rules: > AnnoyingManagement: bob@domain.com mike@domain.com jim@domain.com > jill@domain.com sarah@domain.com > bofhSysadmins: root@domain.com bofh@domain.com support@domain.com > > > In /etc/MailScanner/rules/spam.highscore.rules: > To: AnnoyingManagement.group 50 > To: bofhSysadmins.group 3 > To: default 10 Why would you want a expansion like that ? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 15:03:27 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, thanks in advance for any suggestions you may have. I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In reviewing the logs (/var/log/maillog), I see a lot of information about MCP scanning, I have this set to "no" in my MailScanner.conf , should I be seeing any activity for MCP with this disabled? Anyone else expierience this problem? Any ideas what to look at? Thanks! Carl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Jan 7 15:08:18 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrews Carl 448 wrote: > Hi, thanks in advance for any suggestions you may have. > > I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In > reviewing the logs (/var/log/maillog), I see a lot of information > about MCP scanning, I have this set to "no" in my MailScanner.conf , > should I be seeing any activity for MCP with this disabled? > > Anyone else expierience this problem? Any ideas what to look at? > Carl, I have NO reference to MCP (except in msgids) in my maillog so far today (close to 300000 lines). I am also running with MCP Checks = no. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Fri Jan 7 15:10:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, January 7, 2005 15:03, Andrews Carl 448 said: > Hi, thanks in advance for any suggestions you may have. > > I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In > reviewing the logs (/var/log/maillog), I see a lot of information about > MCP > scanning, I have this set to "no" in my MailScanner.conf , should I be > seeing any activity for MCP with this disabled? > > Anyone else expierience this problem? Any ideas what to look at? Have you stopped MS and turned on debuging mode for it and SA as well (If you are running it). You can the restart MS and sit and watch for the delays or errors. Post the output and we can have a look at it for ideas. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jester at SPYDERINTERNET.COM Fri Jan 7 15:40:27 2005 From: jester at SPYDERINTERNET.COM (jester) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: I too am having the same problem. In trying to trace this problem we have tried turning off SA, Razor and DSPAM, and only using RBL checks and the mqueue.in is still continually climbing. After I restart MailScanner it seems to run fine and clear queue in a few minutes, but, after running for over an hour, the queue.in will climb back to over 1k (almost like something is dying, but no idea as to what is). I have checked razor in dbug and shows to be ok, same with SA. I have run MailScanner in debug and all seems fine. I have no idea what could be causing this. Using MailScanner 4.3.3 SA 3.0.2 DSPAM 3.2.4 RedHat 1gig memory Any help would be much appreciated! thanks Michael At 09:03 AM 1/7/2005, you wrote: >Hi, thanks in advance for any suggestions you may have. > >I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >reviewing the logs (/var/log/maillog), I see a lot of information about >MCP scanning, I have this set to "no" in my MailScanner.conf , should I be >seeing any activity for MCP with this disabled? > >Anyone else expierience this problem? Any ideas what to look at? > >Thanks! > >Carl > >-- >SpyderNethas scanned this message for >viruses and >dangerous content. ------------------------ MailScanner list >------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk >with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) >and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 7 16:17:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: Which RBL's and which MTA? I do my RBL's in SA so the RBL isn't treated as a blacklist.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 jester wrote: > I too am having the same problem. In trying to trace this problem we have > tried turning off SA, Razor and DSPAM, and only using RBL checks and the > mqueue.in is still continually climbing. After I restart MailScanner it > seems to run fine and clear queue in a few minutes, but, after running for > over an hour, the queue.in will climb back to over 1k (almost like > something is dying, but no idea as to what is). I have checked razor in > dbug and shows to be ok, same with SA. I have run MailScanner in debug and > all seems fine. I have no idea what could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information about >> MCP scanning, I have this set to "no" in my MailScanner.conf , should >> I be >> seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl >> >> -- >> SpyderNethas scanned this message for >> viruses and >> dangerous content. ------------------------ MailScanner list >> ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk >> with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) >> and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 16:22:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you got 1 message that has been sitting in the mqueue.in for a long time? It could just be 1 or 2 messages causing the problem, that aren't being cleared from the queue for some reason. Do "ls -ltr /var/spool/mqueue.in | tail" and see what the oldest files are. jester wrote: > I too am having the same problem. In trying to trace this problem we have > tried turning off SA, Razor and DSPAM, and only using RBL checks and the > mqueue.in is still continually climbing. After I restart MailScanner it > seems to run fine and clear queue in a few minutes, but, after running > for > over an hour, the queue.in will climb back to over 1k (almost like > something is dying, but no idea as to what is). I have checked razor in > dbug and shows to be ok, same with SA. I have run MailScanner in debug > and > all seems fine. I have no idea what could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information about >> MCP scanning, I have this set to "no" in my MailScanner.conf , should >> I be >> seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jan 7 16:14:07 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrews Carl 448 wrote: > Hi, thanks in advance for any suggestions you may have. > > I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In > reviewing the logs (/var/log/maillog), I see a lot of information about > MCP scanning, I have this set to "no" in my MailScanner.conf , should I > be seeing any activity for MCP with this disabled? > > Anyone else expierience this problem? Any ideas what to look at? There is a troubleshooting section in the FAQs. What version of MailScanner? Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 16:25:04 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am also running RedHat (9.0) 1G ram SA:3.0.1 Thanks again, Carl -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of jester Sent: Friday, January 07, 2005 9:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions I too am having the same problem. In trying to trace this problem we have tried turning off SA, Razor and DSPAM, and only using RBL checks and the mqueue.in is still continually climbing. After I restart MailScanner it seems to run fine and clear queue in a few minutes, but, after running for over an hour, the queue.in will climb back to over 1k (almost like something is dying, but no idea as to what is). I have checked razor in dbug and shows to be ok, same with SA. I have run MailScanner in debug and all seems fine. I have no idea what could be causing this. Using MailScanner 4.3.3 SA 3.0.2 DSPAM 3.2.4 RedHat 1gig memory Any help would be much appreciated! thanks Michael At 09:03 AM 1/7/2005, you wrote: >Hi, thanks in advance for any suggestions you may have. > >I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >reviewing the logs (/var/log/maillog), I see a lot of information about >MCP scanning, I have this set to "no" in my MailScanner.conf , should I be >seeing any activity for MCP with this disabled? > >Anyone else expierience this problem? Any ideas what to look at? > >Thanks! > >Carl > >-- >SpyderNethas scanned this message for >viruses and >dangerous content. ------------------------ MailScanner list >------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk >with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) >and the archives >(http://www.jiscmail.ac.uk/l sts/mailscanner.html). > > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Fri Jan 7 16:39:32 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi Julian On Fri, 7 Jan 2005, Julian Field wrote: > >The problem seems to have been solved by moving a specific problem message > >out of the mail queue. There were a number of similar messages from the > >same source, and it seems that each time they sent a message then it > >caused the failure. Would it be helpful to send you a copy of one of the > >messages for analysis? It would definitely be unwise to send it to the > >list as it would clearly cause problems for other people. > > The latest release fixed one problem in this area (new version of > MIME-tools). If (and only if) you are running MIME-tools 5.415, then > upgrade to MIME-tools 5.416. Thanks for your response. I have upgraded to MailScanner version 4.37.7, which still uses MIME-tools-5.415. As a test I reinserted the problem message into mqueue.in and found that this time it was processed without any problem. For others facing this kind of problem: the short term solution was simply to move the oldest message out of mqueue.in, as that was the message that was causing the hangup. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From myeasytech at YAHOO.COM.HK Fri Jan 7 16:39:54 2005 From: myeasytech at YAHOO.COM.HK (hkbyte) Date: Thu Jan 12 21:28:08 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am learning how to write custom function. I attached my function to Non Spam actions. If my return value are 'deliver' and 'store' , both work properly as I want. But when I change 'store' return value to 'bounce' , it failed and the maillog said "Does not make sense to bounce non-spam". How can I send a custom bounce back message to sender. Thanks. hkbyte. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 16:51:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: >Hi Julian > >On Fri, 7 Jan 2005, Julian Field wrote: > > > >>>The problem seems to have been solved by moving a specific problem message >>>out of the mail queue. There were a number of similar messages from the >>>same source, and it seems that each time they sent a message then it >>>caused the failure. Would it be helpful to send you a copy of one of the >>>messages for analysis? It would definitely be unwise to send it to the >>>list as it would clearly cause problems for other people. >>> >>> >>The latest release fixed one problem in this area (new version of >>MIME-tools). If (and only if) you are running MIME-tools 5.415, then >>upgrade to MIME-tools 5.416. >> >> > >Thanks for your response. > >I have upgraded to MailScanner version 4.37.7, which still uses >MIME-tools-5.415. > It actually uses a patched version of 5.415 as the 5.416 wasn't ready when I needed it to be. The patches provide the same functionality as 5.416 does. > As a test I reinserted the problem message into >mqueue.in and found that this time it was processed without any problem. > >For others facing this kind of problem: the short term solution was simply >to move the oldest message out of mqueue.in, as that was the message that >was causing the hangup. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jan 7 16:59:38 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrews Carl 448 wrote: > debug: Net::DNS version is 0.31, but need 0.34 You could start by upgrading to 0.48, old Net::DNS versions have caused a lot of trouble for others. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 17:04:35 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. Doing it now. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Peter Bonivart Sent: Friday, January 07, 2005 11:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions Andrews Carl 448 wrote: > debug: Net::DNS version is 0.31, but need 0.34 You could start by upgrading to 0.48, old Net::DNS versions have caused a lot of trouble for others. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jan 7 17:03:40 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > About 10 MB of code... would you rather load it everytime or have 10 MB > of RAM used all the time? It doesn't have to actually load it from disk every time unless you're really starved for memory and then your server is already crawling anyway. It's a fairly light operation to reuse old pages in memory. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Jan 7 17:07:28 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: jester wrote: > I too am having the same problem. In trying to trace this problem we > have tried turning off SA, Razor and DSPAM, and only using RBL checks > and the mqueue.in is still continually climbing. After I restart > MailScanner it seems to run fine and clear queue in a few minutes, > but, after running for over an hour, the queue.in will climb back to > over 1k (almost like something is dying, but no idea as to what is). > I have checked razor in dbug and shows to be ok, same with SA. I have > run MailScanner in debug and all seems fine. I have no idea what > could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information >> about MCP scanning, I have this set to "no" in my MailScanner.conf , >> should I be seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl >> >> -- >> SpyderNethas scanned this message for >> viruses and dangerous content. ------------------------ MailScanner >> list ------------------------ >> To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) >> and the archives >> (http://www.jiscmail.ac.uk /lists/mailscanner.html). >> >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Are either of you running the bigevil ruleset by chance? local caching nameserver? What is the system load? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 17:09:59 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I WAS running bigevil, but have taken it off as a possible problem. Here is an output from sar: 06:30:00 AM CPU %user %nice %system %idle 06:40:01 AM all 57.81 0.00 15.23 26.96 06:50:05 AM all 60.78 0.00 15.46 23.76 07:00:04 AM all 65.73 0.00 16.22 18.06 07:10:07 AM all 63.30 0.00 16.32 20.38 07:20:01 AM all 61.95 0.00 15.86 22.18 07:30:04 AM all 63.02 0.00 16.35 20.63 07:40:01 AM all 59.53 0.00 16.26 24.22 07:50:02 AM all 50.43 0.00 15.69 33.88 08:00:06 AM all 58.38 0.00 19.44 22.18 08:10:01 AM all 52.45 0.00 13.47 34.08 08:20:00 AM all 34.92 0.00 11.90 53.17 08:30:01 AM all 39.00 0.00 12.71 48.29 08:40:00 AM all 42.83 0.00 13.41 43.76 08:50:00 AM all 50.41 0.00 15.12 34.47 09:00:00 AM all 50.95 0.00 12.69 36.36 09:10:00 AM all 40.63 0.00 12.46 46.91 09:20:01 AM all 46.27 0.00 13.42 40.32 09:30:01 AM all 42.10 0.00 11.73 46.17 09:40:00 AM all 36.15 0.00 10.33 53.52 09:50:00 AM all 23.29 0.00 8.03 68.68 10:00:00 AM all 26.20 0.00 9.98 63.82 10:10:01 AM all 23.46 0.00 8.55 67.99 10:20:02 AM all 27.52 0.00 10.37 62.11 10:30:01 AM all 39.44 0.00 11.16 49.41 10:40:00 AM all 40.79 0.00 15.53 43.67 10:50:02 AM all 36.37 0.00 16.14 47.49 11:00:13 AM all 40.42 0.00 14.27 45.31 Average: all 52.40 0.00 14.47 33.12 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Mike Kercher Sent: Friday, January 07, 2005 11:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions jester wrote: > I too am having the same problem. In trying to trace this problem we > have tried turning off SA, Razor and DSPAM, and only using RBL checks > and the mqueue.in is still continually climbing. After I restart > MailScanner it seems to run fine and clear queue in a few minutes, > but, after running for over an hour, the queue.in will climb back to > over 1k (almost like something is dying, but no idea as to what is). > I have checked razor in dbug and shows to be ok, same with SA. I have > run MailScanner in debug and all seems fine. I have no idea what > could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information >> about MCP scanning, I have this set to "no" in my MailScanner.conf , >> should I be seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl >> >> -- >> SpyderNethas scanned this message for >> viruses and dangerous content. ------------------------ MailScanner >> list ------------------------ >> To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) >> and the archives >> (http://www.jiscmail.ac.uk /lists/mailscanner.html). >> >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Are either of you running the bigevil ruleset by chance? local caching nameserver? What is the system load? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 17:18:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stop using BigEvil, upgrade to SpamAssassin 3 and you get it automatically (without having to use the huge ruleset). BigEvil is now provided by the SURBL domains. Check out www.surbl.org for more info. If you need to keep running SA 2, then run the latest SA2 with the SURBL plugin installed. That gets around the huge ruleset problem in the same way. It's just easier to use SA3. Andrews Carl 448 wrote: > I WAS running bigevil, but have taken it off as a possible problem. > Here is an output from sar: > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 17:25:21 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am running SA 3.0.1. Did not know bigevil was part of it :-<. I removed bigevil from the configuration yesterday, but my mqueue.in still continues to increase. I have also just updated Net:DNS to 0.48, my mqueue.in is currently at 800. Thanks! Carl -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Friday, January 07, 2005 11:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions Stop using BigEvil, upgrade to SpamAssassin 3 and you get it automatically (without having to use the huge ruleset). BigEvil is now provided by the SURBL domains. Check out www.surbl.org for more info. If you need to keep running SA 2, then run the latest SA2 with the SURBL plugin installed. That gets around the huge ruleset problem in the same way. It's just easier to use SA3. Andrews Carl 448 wrote: > I WAS running bigevil, but have taken it off as a possible problem. > Here is an output from sar: > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jester at SPYDERINTERNET.COM Fri Jan 7 16:46:26 2005 From: jester at SPYDERINTERNET.COM (jester) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: We have cleared the mqueue.in a few days ago. Ive allready restarted MailScanner this morning so all I have in mqueue.in are as follows: -rw------- 1 root root 1148 Jan 7 10:36 qfj07GarGD022570 -rw------- 1 root root 15295 Jan 7 10:36 dfj07GarGD022570 -rw------- 1 root root 942 Jan 7 10:36 qfj07GauGD022584 -rw------- 1 root root 493 Jan 7 10:36 dfj07GauGD022584 -rw------- 1 root root 1051 Jan 7 10:37 qfj07GarGD022572 -rw------- 1 root root 1062 Jan 7 10:37 dfj07GarGD022572 -rw------- 1 root root 1001 Jan 7 10:37 qfj07Gb2GD022615 -rw------- 1 root root 2036 Jan 7 10:37 dfj07Gb2GD022615 -rw------- 1 root root 1026 Jan 7 10:37 qfj07GaNGD022487 -rw------- 1 root root 660 Jan 7 10:37 dfj07GaNGD022487 but within an hour or so we will have over 400-500. We have just also upgraded to the latest MailScanner (this morning 1/7/05) so Im hoping this will help. Yes, i have noticed msg's being held in the mqueue.in but previously we have just deleted them after 1 month. I have not noticed any difference from msg's that are held to those that are delivered to mqueue. The held ones doesnt appear to be stopping the process. Thanks Michael At 10:22 AM 1/7/2005, you wrote: >Have you got 1 message that has been sitting in the mqueue.in for a long >time? It could just be 1 or 2 messages causing the problem, that aren't >being cleared from the queue for some reason. >Do "ls -ltr /var/spool/mqueue.in | tail" and see what the oldest files are. > >jester wrote: > >>I too am having the same problem. In trying to trace this problem we have >>tried turning off SA, Razor and DSPAM, and only using RBL checks and the >>mqueue.in is still continually climbing. After I restart MailScanner it >>seems to run fine and clear queue in a few minutes, but, after running >>for >>over an hour, the queue.in will climb back to over 1k (almost like >>something is dying, but no idea as to what is). I have checked razor in >>dbug and shows to be ok, same with SA. I have run MailScanner in debug >>and >>all seems fine. I have no idea what could be causing this. >> >>Using MailScanner 4.3.3 >>SA 3.0.2 >>DSPAM 3.2.4 >>RedHat 1gig memory >> >>Any help would be much appreciated! >> >>thanks >>Michael >> >> >>At 09:03 AM 1/7/2005, you wrote: >> >>>Hi, thanks in advance for any suggestions you may have. >>> >>>I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >>>reviewing the logs (/var/log/maillog), I see a lot of information about >>>MCP scanning, I have this set to "no" in my MailScanner.conf , should >>>I be >>>seeing any activity for MCP with this disabled? >>> >>>Anyone else expierience this problem? Any ideas what to look at? >>> >>>Thanks! >>> >>>Carl >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >-- >Spydernet has scanned this message for viruses and >dangerous content. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Jan 7 17:36:53 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:08 2006 Subject: Buglet and suggested fix Message-ID: Ouch. I've just installed MS 4.37.7 on a new Fedora Core 2 box, and it "blackholed" the first few emails (nothing delivered, nothing bounced). Fortunately it is a test box. For the "mqueue.in" and "incoming", (also "quarantine") directories, our convention differs from the defaults in "MailScanner.conf" . Alas, what caught us out is that the MailScanner startup procedure doesn't read MailScanner.conf for these values, but instead has them separately hardcoded in "/etc/sysconfig/MailScanner" as INQDIR and WORKDIR. This replication of data (compare: single source and multiple derivations) seems unnecessary. Further, "/etc/sysconfig/MailScanner" already has an example of deriving information from "MailScanner.conf" at its: MTA=`perl ... /etc/MailScanner/MailScanner.conf` Could I suggest that "/etc/sysconfig/MailScanner" be adjusted in future releases to use a similar technique to set INQDIR and WORKDIR, please? Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.thomas at PSYSOLUTIONS.COM Fri Jan 7 17:37:14 2005 From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas) Date: Thu Jan 12 21:28:08 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: paddy wrote: >But I didn't mean to imply a legal meaning at all, I'm afraid its just >the syle of the language I used. > > I get you now. It just seemed that you were implying that the RFC *should* be followed. I was simply suggesting a weaker position. >I meant to imply an technical/ethical/moral meaning - what _should_ one do? > > I would suggest that depends on context. Our users, for example, just want to receive email, don't want to be deluged by spam and wouldn't even know what an RFC was. As such, I have no problems setting up my mail server to be noncompliant. It's not hard to think of situtions (though I would suggest they are rare) where full RFC compliance was required. >In particular, as I hoped was clear, to say that I view one option as >a poor choice to be avoided if possible, and to solicit discussion of >this view, if necessary. > > Unfortunately, the forging of return headers has made replies, particularly warning of virus or spam detection, to those addresses at best useless and at worst, an annoyance of equal magnitude to the original mail. I would expect that if the RFC were rewritten, that section would be modified to change that "MUST" to a "SHOULD" or "MAY" or include wording about exceptions being made where there is reason to doubt that the reverse path is the true originator. Really, I hate dropping mail on the floor. Part of the big plus of SMTP is that generally, mail either gets delivered or bounced so it is usually possible to trace errors. Unfortunately, it turns out that SMTP was too reliant on the honesty of people and to stick to the rules reduces its usefulness greatly. Rich -- MIS Department | |Phone: +1 615 312 5787 840 Crescent Ctr Dr | Psychiatric Solutions Inc |Fax: +1 615 312 5711 Suite 460 | | Franklin, TN 37067 | | ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From martelm at quark.vsc.edu Fri Jan 7 19:00:07 2005 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: --On Friday, January 7, 2005 4:51 PM +0000 Julian Field wrote: > It actually uses a patched version of 5.415 as the 5.416 wasn't ready > when I needed it to be. The patches provide the same functionality as > 5.416 does. Patched since when ? I ask because I hate RPM, and so I've been using the tar version and insatlling things manually. I haven't re-installed 5.4.15 since it was included in earlier versions. Personally, what I would find usefull is when a new release is made, if you could mention any of the supporting actors that need to be updated as well. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Vermont State Colleges martelm@quark.vsc.edu | Systems Administrator http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jan 7 19:04:15 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > Patched since when ? I ask because I hate RPM, and so I've been using the > tar version and insatlling things manually. I haven't re-installed 5.4.15 > since it was included in earlier versions. > > Personally, what I would find usefull is when a new release is made, if you > could mention any of the supporting actors that need to be updated as well. I also use the tar version for my Sun servers and install.sh takes care of it for me. Can't you use that? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jan 7 18:38:38 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] jester wrote: > I too am having the same problem. In trying to trace this problem we have > tried turning off SA, Razor and DSPAM, and only using RBL checks and the > mqueue.in is still continually climbing. After I restart MailScanner it > seems to run fine and clear queue in a few minutes, but, after running > for > over an hour, the queue.in will climb back to over 1k (almost like > something is dying, but no idea as to what is). I have checked razor in > dbug and shows to be ok, same with SA. I have run MailScanner in debug > and > all seems fine. I have no idea what could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! Are you running a caching name server? If not do so as it could well be DNS issues. Some ISPs get excited about too many DNS requests and start to tar pit for example. The other slow down I have also seen is a slow down due to IPv6 resolution so it's also worth a check if you are not running IPv6 on your network. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jester at SPYDERINTERNET.COM Fri Jan 7 23:28:09 2005 From: jester at SPYDERINTERNET.COM (jester) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: No cache servers and no IPV6, but what has worked is a reinstall of all the MailScanner modules (html parser, SA and Razor) and forced the new copies of the files over the old ones. This seems to have solved the queue problem and is working fine now. Im not sure why this has fixed my problem (since same files, same sizes and all) , but its ran for over 5 hrs now and the mqueue.in is less than 10 now consistently. I know longer see delays or large build ups. Thanks to all for all the help!! Michael At 12:38 PM 1/7/2005, you wrote: >jester wrote: > >>I too am having the same problem. In trying to trace this problem we have >>tried turning off SA, Razor and DSPAM, and only using RBL checks and the >>mqueue.in is still continually climbing. After I restart MailScanner it >>seems to run fine and clear queue in a few minutes, but, after running >>for >>over an hour, the queue.in will climb back to over 1k (almost like >>something is dying, but no idea as to what is). I have checked razor in >>dbug and shows to be ok, same with SA. I have run MailScanner in debug >>and >>all seems fine. I have no idea what could be causing this. >> >>Using MailScanner 4.3.3 >>SA 3.0.2 >>DSPAM 3.2.4 >>RedHat 1gig memory >> >>Any help would be much appreciated! > >Are you running a caching name server? If not do so as it could well be >DNS issues. Some ISPs get excited about too many DNS requests and start >to tar pit for example. The other slow down I have also seen is a slow >down due to IPv6 resolution so it's also worth a check if you are not >running IPv6 on your network. > >Drew > >-- >In line with our policy, this message has >been scanned for viruses and dangerous >content by MailScanner, and is believed to be clean. >www.themarshalls.co.uk/policy > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >-- >Spydernet has scanned this message for viruses and >dangerous content. > > >!DSPAM:41df18c8161032079651118! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Sat Jan 8 01:18:08 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:28:08 2006 Subject: Weird maillog Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: >ius wrote: > > >>Hi, >> >>After upgrading to M/S 4.37.7 two days ago, i found these so many >>weird logs : >> >>Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, >>arg1=220-130-160-190.HINET-IP.hinet.net, arg2=220.130.160.190, >>relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], >>reject=550 5.0.0 Persistent Virus Source >> >>any idea what are those ? >> >>Thanks >> >> >> > > >Have a look at your /etc/mail/access and look for some REJECT lines. Are >you running Vispan? This does not appear to be a MailScanner caused issue. > >Mike > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Yes, i'm using vispan. Again this morning a found the same log messages, and you're right there's modification on the /etc/mail/access. What should i do ? I don't want vispan modify it. I'm sorry for suspecting mailscanner the cause of this. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Jan 8 01:30:52 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:08 2006 Subject: Weird maillog Message-ID: > > > Yes, i'm using vispan. Again this morning a found the same log messages, > and you're right there's modification on the /etc/mail/access. What > should i do ? I don't want vispan modify it. > I'm sorry for suspecting mailscanner the cause of this. Check your vispan config. You've obviously set it to block using the access file -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Jan 8 02:13:17 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Weird maillog Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ius wrote: > Yes, i'm using vispan. Again this morning a found the same log messages, > and you're right there's modification on the /etc/mail/access. What > should i do ? I don't want vispan modify it. > I'm sorry for suspecting mailscanner the cause of this. Change this to 0 in Vispan.conf: UseAccess = 1 -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Sat Jan 8 03:01:30 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:08 2006 Subject: Large number of messages in mqueue.in Message-ID: On Wed, 5 Jan 2005, Steve Swaney wrote: > Since both MailScanners went left about the same time I'd suspect a local > infrastructure problem like slow network or DNS problem. FYI, when I set these values to 'no' it was enough overhead reduction for the MailScanner machine to get caught up from a 32000 message backlog overnight. And this was while still allowing inbound mail to the queue. We almost turned off spamassassin temporarily, but decided to change these settings to see what the effect would be. Detailed Spam Report = no Include Scores In SpamAssassin Report = no Always Include SpamAssassin Report = no ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sat Jan 8 02:56:42 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:28:08 2006 Subject: newbie - testing config Message-ID: I have just installed MailScanner and am trying to test the configuration. I'm trying to get gtube to go through the scanner. I see in my /var/log/maillog that Jan 7 21:34:47 prsvr02 MailScanner[23412]: New Batch: Scanning 1 messages, 2313 bytes Jan 7 21:34:48 prsvr02 MailScanner[23412]: Spam Checks: Found 1 spam messages Jan 7 21:34:48 prsvr02 MailScanner[23412]: Virus and Content Scanning: Starting But the message is not delivered (it shouldn't have been), but I expected it to be quarantined. I don't see it in /var/spool/mqueue or /var/spool/mqueue.in. I'm using sendmail, clamav, spamassasin. Any help, please? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Sat Jan 8 04:15:17 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: newbie - testing config Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check /var/spool/MailScanner/quarantine -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Diane Rolland Sent: Friday, January 07, 2005 8:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: newbie - testing config I have just installed MailScanner and am trying to test the configuration. I'm trying to get gtube to go through the scanner. I see in my /var/log/maillog that Jan 7 21:34:47 prsvr02 MailScanner[23412]: New Batch: Scanning 1 messages, 2313 bytes Jan 7 21:34:48 prsvr02 MailScanner[23412]: Spam Checks: Found 1 spam messages Jan 7 21:34:48 prsvr02 MailScanner[23412]: Virus and Content Scanning: Starting But the message is not delivered (it shouldn't have been), but I expected it to be quarantined. I don't see it in /var/spool/mqueue or /var/spool/mqueue.in. I'm using sendmail, clamav, spamassasin. Any help, please? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Sat Jan 8 05:35:49 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is the second time I have had this happen in 6 weeks. Incoming and outgoing email will get stuck in the postfix queue. This time it went on for almost 7 hours before anyone noticed. After restarting Mailscanner (which also restarts postfix) everything will then get delivered. Any thoughts or suggestions as to why this is happening. I had to completely take Mailscanner out of the process of things untill I can track down the exact problem. I did not find much of anything in my log files. What can I look for in my log files? Thanks, Schrock ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jan 8 07:36:41 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] jester wrote: > No cache servers and no IPV6, but what has worked is a reinstall of all the > MailScanner modules (html parser, SA and Razor) and forced the new copies > of the files over the old ones. This seems to have solved the queue problem > and is working fine now. > > Im not sure why this has fixed my problem (since same files, same sizes and > all) , but its ran for over 5 hrs now and the mqueue.in is less than 10 now > consistently. I know longer see delays or large build ups. > > Thanks to all for all the help!! > > Michael > A bit late but the problem was mostly with SA. First could you try the SA lint test as provided in mailwatch, it gives you a very nice report indicating the time taken for each step. Some things that I do on a regular basis to trim the entries in bayes. Path to spam.assassin.prefs.conf may differ in your case. sa-learn --sync -p /etc/MailScanner/spam.assassin.prefs.conf sa-learn --force-expire -p /etc/MailScanner/spam.assassin.prefs.conf Next (if the previous commands didn't do wonders), try re-creating your entire bayesian db (after a backup, of course). This worked for me, though ymmv. You could also try replacing your bayes with the starter db from http://fsl.com/support Though I don't really see any errors related to bayes in the debug output, you could possibly try this out. Hope this works for you (it did for me). - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Jan 8 10:55:07 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: newbie - testing config Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: > Jan 7 21:34:47 prsvr02 MailScanner[23412]: New Batch: Scanning 1 > messages, 2313 > bytes > Jan 7 21:34:48 prsvr02 MailScanner[23412]: Spam Checks: Found 1 spam > messages > Jan 7 21:34:48 prsvr02 MailScanner[23412]: Virus and Content Scanning: > Starting > > But the message is not delivered (it shouldn't have been), but I expected > it to be quarantined. I don't see it in /var/spool/mqueue > or /var/spool/mqueue.in. Since gtube scores 1000 points in SA, what is your "High Scoring Spam Actions" set to in MailScanner.conf? You need "store" there to quarantine messages. Have you set "Log Spam" to "yes"? It helps when looking in the mail log. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:45:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Buglet and suggested fix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good idea. Will do. David Lee wrote: >Ouch. I've just installed MS 4.37.7 on a new Fedora Core 2 box, and it >"blackholed" the first few emails (nothing delivered, nothing bounced). >Fortunately it is a test box. > >For the "mqueue.in" and "incoming", (also "quarantine") directories, our >convention differs from the defaults in "MailScanner.conf" . > >Alas, what caught us out is that the MailScanner startup procedure doesn't >read MailScanner.conf for these values, but instead has them separately >hardcoded in "/etc/sysconfig/MailScanner" as INQDIR and WORKDIR. > >This replication of data (compare: single source and multiple derivations) >seems unnecessary. Further, "/etc/sysconfig/MailScanner" already has an >example of deriving information from "MailScanner.conf" at its: > MTA=`perl ... /etc/MailScanner/MailScanner.conf` > >Could I suggest that "/etc/sysconfig/MailScanner" be adjusted in future >releases to use a similar technique to set INQDIR and WORKDIR, please? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:49:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > jester wrote: > >> I too am having the same problem. In trying to trace this problem we >> have >> tried turning off SA, Razor and DSPAM, and only using RBL checks and the >> mqueue.in is still continually climbing. After I restart MailScanner it >> seems to run fine and clear queue in a few minutes, but, after running >> for >> over an hour, the queue.in will climb back to over 1k (almost like >> something is dying, but no idea as to what is). I have checked razor in >> dbug and shows to be ok, same with SA. I have run MailScanner in debug >> and >> all seems fine. I have no idea what could be causing this. >> >> Using MailScanner 4.3.3 >> SA 3.0.2 >> DSPAM 3.2.4 >> RedHat 1gig memory >> >> Any help would be much appreciated! > > > Are you running a caching name server? If not do so as it could well be > DNS issues. Some ISPs get excited about too many DNS requests and start > to tar pit for example. The other slow down I have also seen is a slow > down due to IPv6 resolution so it's also worth a check if you are not > running IPv6 on your network. Have you tried running a few batches through it in Debug=yes mode? Are you running MIME-tools 5.415? If so, upgrade to 5.416 (latest) or my patched 5.415 (which I distribute with 4.37.7) as this fixes a potentially important problem. -- -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:51:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > --On Friday, January 7, 2005 4:51 PM +0000 Julian Field > wrote: > > >> It actually uses a patched version of 5.415 as the 5.416 wasn't ready >> when I needed it to be. The patches provide the same functionality as >> 5.416 does. > > > Patched since when ? I ask because I hate RPM, and so I've been using > the > tar version and insatlling things manually. I haven't re-installed > 5.4.15 > since it was included in earlier versions. > > Personally, what I would find usefull is when a new release is made, > if you > could mention any of the supporting actors that need to be updated as > well. Sorry, I forgot to put it in the ChangeLog. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:52:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That re-install would have installed the upgraded MIME-tools, which is where the problem probably was. jester wrote: > No cache servers and no IPV6, but what has worked is a reinstall of > all the > MailScanner modules (html parser, SA and Razor) and forced the new copies > of the files over the old ones. This seems to have solved the queue > problem > and is working fine now. > > Im not sure why this has fixed my problem (since same files, same > sizes and > all) , but its ran for over 5 hrs now and the mqueue.in is less than > 10 now > consistently. I know longer see delays or large build ups. > > At 12:38 PM 1/7/2005, you wrote: > >> jester wrote: >> >>> I too am having the same problem. In trying to trace this problem we >>> have >>> tried turning off SA, Razor and DSPAM, and only using RBL checks and >>> the >>> mqueue.in is still continually climbing. After I restart MailScanner it >>> seems to run fine and clear queue in a few minutes, but, after running >>> for >>> over an hour, the queue.in will climb back to over 1k (almost like >>> something is dying, but no idea as to what is). I have checked razor in >>> dbug and shows to be ok, same with SA. I have run MailScanner in debug >>> and >>> all seems fine. I have no idea what could be causing this. >>> >>> Using MailScanner 4.3.3 >>> SA 3.0.2 >>> DSPAM 3.2.4 >>> RedHat 1gig memory >>> >>> Any help would be much appreciated! >> >> >> Are you running a caching name server? If not do so as it could well be >> DNS issues. Some ISPs get excited about too many DNS requests and start >> to tar pit for example. The other slow down I have also seen is a slow >> down due to IPv6 resolution so it's also worth a check if you are not >> running IPv6 on your network. >> >> Drew >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Spydernet has scanned this message for viruses and >> dangerous content. >> >> >> !DSPAM:41df18c8161032079651118! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:54:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try upgrading to the very latest MIME-tools and see if this fixes the problem. Avery Day wrote: > This is the second time I have had this happen in 6 weeks. Incoming and > outgoing email will get stuck in the postfix queue. This time it went on > for almost 7 hours before anyone noticed. After restarting Mailscanner > (which also restarts postfix) everything will then get delivered. Any > thoughts or suggestions as to why this is happening. I had to completely > take Mailscanner out of the process of things untill I can track down > the exact problem. I did not find much of anything in my log files. What > can I look for in my log files? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Sat Jan 8 22:34:47 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I am running perl-MIME-tools-5.415-2 the latest RPM package available for RHEL 3.0 Thanks, schrock Julian Field wrote: > Try upgrading to the very latest MIME-tools and see if this fixes the > problem. > > Avery Day wrote: > >> This is the second time I have had this happen in 6 weeks. Incoming and >> outgoing email will get stuck in the postfix queue. This time it went on >> for almost 7 hours before anyone noticed. After restarting Mailscanner >> (which also restarts postfix) everything will then get delivered. Any >> thoughts or suggestions as to why this is happening. I had to completely >> take Mailscanner out of the process of things untill I can track down >> the exact problem. I did not find much of anything in my log files. What >> can I look for in my log files? > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 9 12:12:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The latest 5.415-3 (which is the same as 5.416) is provided with the most recent MailScanner release. You can also just use CPAN to upgrade to 5.416. Avery Day wrote: > Julian, > > I am running perl-MIME-tools-5.415-2 the latest RPM package available > for RHEL 3.0 > > Thanks, > schrock > > > Julian Field wrote: > >> Try upgrading to the very latest MIME-tools and see if this fixes the >> problem. >> >> Avery Day wrote: >> >>> This is the second time I have had this happen in 6 weeks. Incoming and >>> outgoing email will get stuck in the postfix queue. This time it >>> went on >>> for almost 7 hours before anyone noticed. After restarting Mailscanner >>> (which also restarts postfix) everything will then get delivered. Any >>> thoughts or suggestions as to why this is happening. I had to >>> completely >>> take Mailscanner out of the process of things untill I can track down >>> the exact problem. I did not find much of anything in my log files. >>> What >>> can I look for in my log files? >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jvane at INVITATION.ORG Sun Jan 9 19:47:48 2005 From: jvane at INVITATION.ORG (Jim Van Etten) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: For some reason when I upgraded my spamassassin to 3.0.1 from 2.6 most of the spam is getting through. I never had this problem before. I have cleared my bayes directory so it could start fresh. The header for X-Spam-Status looks like this for example: No, score=1.6 required=5.0 tests=FIN_FREE,FORGED_RCVD_HELO, FROM_ENDS_IN_NUMS,HTML_FONT_BIG,HTML_IMAGE_RATIO_04,HTML_MESSAGE, HTML_TAG_BALANCE_BODY,URI_OFFERS autolearn=no version=3.0.1 How in the world can the score be only 1.6 while detecting all the listed items. This should score much higher. Any help would be greatly appreciated. Thanks Jim ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 9 19:58:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Clear out all your old spamassassin rules directories. Also, what is generating the X-Spam-Status header? This sure ain't MailScanner. Jim Van Etten wrote: >For some reason when I upgraded my spamassassin to 3.0.1 from 2.6 most of >the spam is getting through. I never had this problem before. I have cleared >my bayes directory so it could start fresh. > >The header for X-Spam-Status looks like this for example: > >No, score=1.6 required=5.0 tests=FIN_FREE,FORGED_RCVD_HELO, >FROM_ENDS_IN_NUMS,HTML_FONT_BIG,HTML_IMAGE_RATIO_04,HTML_MESSAGE, >HTML_TAG_BALANCE_BODY,URI_OFFERS autolearn=no version=3.0.1 > >How in the world can the score be only 1.6 while detecting all the listed >items. This should score much higher. Any help would be greatly appreciated. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Sun Jan 9 21:14:16 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:08 2006 Subject: clamav error.. Message-ID: Hi there, hope everyone slipped through into the new year.. my question.. just tested to send me the eicar-testfile as tar.gz in two different files. one names *.tar.gz and one *.tgz all worked fine..but still some error in the logfile, which made me think.. here are the errors: Jan 9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning: Starting Jan 9 22:10:38 marcel MailScanner[30889]: eicar.com Jan 9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput: unrecognised line "eicar.com". Please contact the authors! Jan 9 22:10:38 marcel MailScanner[30889]: /tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: Eicar-Test-Signature FOUND Jan 9 22:10:38 marcel MailScanner[30889]: /tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected Archive FOUND Jan 9 22:10:38 marcel MailScanner[30889]: (Real infected archive: /var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz) and within the warning all virus-scanners reported eicar..except Clamscan.. At Sun Jan 9 22:10:41 2005 the virus scanner said: ClamAV: eigar.tgz contains a virus AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar --> eicar.com <<< Contains code of the Eicar-Test-Signature virus F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File Bitdefender: Found virus EICAR-Test-File (not a virus) in file eigar.tgz i do not use the perl-module for clamscan..but the original programm.. maybe i should switch?? greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 9 21:53:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: clamav error.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In the cleaned message, or in the postmaster notification generated by MailScanner, does it say that MailScanner detected the virus with ClamAV? i.e. is the problem "real" or is it just in the logs? Marcel Blenkers wrote: >Hi there, > >hope everyone slipped through into the new year.. > >my question.. > >just tested to send me the eicar-testfile as tar.gz in two different >files. >one names *.tar.gz and one *.tgz > >all worked fine..but still some error in the logfile, which made me >think.. > >here are the errors: > >Jan 9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning: >Starting >Jan 9 22:10:38 marcel MailScanner[30889]: eicar.com >Jan 9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput: >unrecognised line "eicar.com". Please contact the authors! >Jan 9 22:10:38 marcel MailScanner[30889]: >/tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: Eicar-Test-Signature >FOUND >Jan 9 22:10:38 marcel MailScanner[30889]: >/tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected Archive FOUND >Jan 9 22:10:38 marcel MailScanner[30889]: (Real infected archive: >/var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz) > > >and within the warning all virus-scanners reported eicar..except >Clamscan.. > >At Sun Jan 9 22:10:41 2005 the virus scanner said: > ClamAV: eigar.tgz contains a virus > AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar >--> eicar.com <<< Contains code of the Eicar-Test-Signature virus > F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File > Bitdefender: Found virus EICAR-Test-File (not a virus) in file >eigar.tgz > > >i do not use the perl-module for clamscan..but the original programm.. > >maybe i should switch?? > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jvane at INVITATION.ORG Mon Jan 10 02:46:58 2005 From: jvane at INVITATION.ORG (Jim VanEtten) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: Where would this directory be for Mailscanners implementation of Spamassassin? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Jan 10 08:15:43 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:08 2006 Subject: clamav error.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is the problem I've been taking about. It let the virus pass to my mail server. Koen Julian Field wrote: > In the cleaned message, or in the postmaster notification generated by > MailScanner, does it say that MailScanner detected the virus with ClamAV? > i.e. is the problem "real" or is it just in the logs? > > Marcel Blenkers wrote: > >> Hi there, >> >> hope everyone slipped through into the new year.. >> >> my question.. >> >> just tested to send me the eicar-testfile as tar.gz in two different >> files. >> one names *.tar.gz and one *.tgz >> >> all worked fine..but still some error in the logfile, which made me >> think.. >> >> here are the errors: >> >> Jan 9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning: >> Starting >> Jan 9 22:10:38 marcel MailScanner[30889]: eicar.com >> Jan 9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput: >> unrecognised line "eicar.com". Please contact the authors! >> Jan 9 22:10:38 marcel MailScanner[30889]: >> /tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: Eicar-Test-Signature >> FOUND >> Jan 9 22:10:38 marcel MailScanner[30889]: >> /tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected Archive >> FOUND >> Jan 9 22:10:38 marcel MailScanner[30889]: (Real infected archive: >> /var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz) >> >> >> and within the warning all virus-scanners reported eicar..except >> Clamscan.. >> >> At Sun Jan 9 22:10:41 2005 the virus scanner said: >> ClamAV: eigar.tgz contains a virus >> AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar >> --> eicar.com <<< Contains code of the Eicar-Test-Signature virus >> F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File >> Bitdefender: Found virus EICAR-Test-File (not a virus) in file >> eigar.tgz >> >> >> i do not use the perl-module for clamscan..but the original programm.. >> >> maybe i should switch?? >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 10 09:04:20 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: Jim looks like the upgrade is using some broken (non-3.x syntax) rules somewhere. use spamassassin -p /path/to/spam.assassin.prefs.conf -D --lint to find out what rules are working anymore. Also as Julian suggests the /etc/mail/spamassassin is the normal place for 'local' rules to be placed. I'd also check that you've not got spamd/spamc running/configured somehow as the X-Spam-Status isn't a MailScanner header... In order to find out what rules have what scores make sure the following is set in MailScanner.conf.. SpamScore Number Instead Of Stars = yes Include Scores In SpamAssassin Report = yes Spam Score Number Format = %5.2f -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Van Etten wrote: > For some reason when I upgraded my spamassassin to 3.0.1 from 2.6 most of > the spam is getting through. I never had this problem before. I have cleared > my bayes directory so it could start fresh. > > The header for X-Spam-Status looks like this for example: > > No, score=1.6 required=5.0 tests=FIN_FREE,FORGED_RCVD_HELO, > FROM_ENDS_IN_NUMS,HTML_FONT_BIG,HTML_IMAGE_RATIO_04,HTML_MESSAGE, > HTML_TAG_BALANCE_BODY,URI_OFFERS autolearn=no version=3.0.1 > > How in the world can the score be only 1.6 while detecting all the listed > items. This should score much higher. Any help would be greatly appreciated. > > Thanks > Jim > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From emil at NETSAMSKIPTI.IS Mon Jan 10 15:06:28 2005 From: emil at NETSAMSKIPTI.IS (Emil Valsson) Date: Thu Jan 12 21:28:08 2006 Subject: Attachment scanning. Message-ID: Hello, I have a small problem. I dont want MailScanner to scan or trash messages that have attachments over maybe 0.5 or 1M. How would I do that? I tried to set the following in clamd.conf: ArchiveMaxFileSize 1M That has no effect, he is still trashing attachments, especially .zip files. Im using the latest MailScanner for Redhat/Fedora and latest clamav. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 16:18:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Attachment scanning. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check in your MailScanner.conf file for the settings Maximum Attachment Size Maximum Message Size Emil Valsson wrote: > Hello, I have a small problem. I dont want MailScanner to scan or > trash messages that have attachments over maybe 0.5 or 1M. How would I > do that? > I tried to set the following in clamd.conf: > > ArchiveMaxFileSize 1M > > That has no effect, he is still trashing attachments, especially .zip > files. Im using the latest MailScanner for Redhat/Fedora and latest > clamav. > > Thank you. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 16:50:35 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Everyone. We have been using MailScanner for a couple of years now, and I must say that it is great! My company has been steadily growing larger and larger, and we do business with quite a few people via email. Our clients, upon seeing some sort of proof from us, will give us an okay to print via email, and the need to archive mail for a sort of paper trail when disputes arise has always been in the back of our mind. We have about 4 or 5 people who deal with these clients, and they hang onto their mail for a couple of months before deleting everything. Sometimes we instances come up where if we had the email, we would have gotten paid for the job, but unfortunately was deleted. I have been trying to work out a solution using MailScanner to archive a months worth of mail, tar it up and burn these off to CD or something. We have one MailServer, sitting on the Internet side of our firewall, that all of our 20+ employees who have email, check via POP3. Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, ViSpan, and SquirrelMail I am curious to know if anyone is currently, or has considered, setting up some sort of archiving action and how you may have approached it? Does anyone have any thoughts or guidance. I have looked through the FAQ's and am working my mind through the "Archive Mail =" configuration so as to set up some sort of streamlined process to maybe backup mail for these 4 or 5 users weekly, then all the weeklys into a monthly, montly's onto a CD. as well as some way to retrieve and view the messages easily to find the particular mail. Any thoughts, ideas, or redirects? Any help or comments would be welcomed. Thank you, Craig D. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Jan 10 16:56:01 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you considered using IMAP for your email? All your mail is kept on the server, so you can keep it as long as you want. I have a few thousand emails over many months stored right now. I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, ClamAV, and SpamAssassin. Our mail server allows you to use either IMAP or POP. If you want to know more, I am usually around on the #mailscanner chatroom on IRC. MailScanner on IRC Community Support irc.freenode.net #mailscanner On Mon, 2005-01-10 at 11:50, Craig Daters wrote: Hello Everyone. We have been using MailScanner for a couple of years now, and I must say that it is great! My company has been steadily growing larger and larger, and we do business with quite a few people via email. Our clients, upon seeing some sort of proof from us, will give us an okay to print via email, and the need to archive mail for a sort of paper trail when disputes arise has always been in the back of our mind. We have about 4 or 5 people who deal with these clients, and they hang onto their mail for a couple of months before deleting everything. Sometimes we instances come up where if we had the email, we would have gotten paid for the job, but unfortunately was deleted. I have been trying to work out a solution using MailScanner to archive a months worth of mail, tar it up and burn these off to CD or something. We have one MailServer, sitting on the Internet side of our firewall, that all of our 20+ employees who have email, check via POP3. Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, ViSpan, and SquirrelMail I am curious to know if anyone is currently, or has considered, setting up some sort of archiving action and how you may have approached it? Does anyone have any thoughts or guidance. I have looked through the FAQ's and am working my mind through the "Archive Mail =" configuration so as to set up some sort of streamlined process to maybe backup mail for these 4 or 5 users weekly, then all the weeklys into a monthly, montly's onto a CD. as well as some way to retrieve and view the messages easily to find the particular mail. Any thoughts, ideas, or redirects? Any help or comments would be welcomed. Thank you, Craig D. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Mon Jan 10 16:57:15 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:08 2006 Subject: OT: One-Way Email List Server Message-ID: I know this is OT. Looking for some insight from my peers. Does anyone know of a email list management application (free or otherwise) besides Lsoft's product that supports one-way lists? Either windows or *nix is fine. I know of major-domo and listproc, howerver I'm not sure if any of those supports just simple one way lists. Thanks Errol ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Mon Jan 10 17:05:13 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:28:08 2006 Subject: OT: One-Way Email List Server Message-ID: Mailgust is one that I know of...pretty full featured. http://www.mailgust.org/ Errol Neal wrote: >I know this is OT. Looking for some insight from my peers. >Does anyone know of a email list management application (free or >otherwise) besides Lsoft's product that supports one-way lists? Either >windows or *nix is fine. I know of major-domo and listproc, howerver I'm >not sure if any of those supports just simple one way lists. >Thanks > > >Errol > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 10 17:04:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: Craig I do the entire outside email traffic. tar it up after three days, then manually burnt to CD once I get enough to fit onto a CD. If you make the "Archive Mail = users.rule" you can populate the rule file with the users you want to archive. I then have a script that's called by cron to tar.gz up the directories.. #!/usr/bin/perl # # IMPORTANT NOTE: # # Change the next line to 0 instead of 1 to enable this script. # By default it will be disabled and will not do anything. # $disabled = 0; $archive_dir = '/usr/MailScanner/archive/'; $backup_dir = '/usr/MailScanner/backup_archive'; $days_to_keep = 2; exit if $disabled; # Standardise the format of the directory name die 'Path for archive_dir must be absolute' unless $archive_dir =~ /^\//; $archive_dir =~ s/\/$//; # Delete trailing slash # Now get the content list for the directory. opendir(QDIR, $archive_dir) or die "Couldn't read directory $archive_dir"; # Loop through this list looking for any *directory* which hasn't been # modified in the last $days_to_keep days. # Unfortunately this will do nothing if the filesystem is backed up using tar. while($entry = readdir(QDIR)) { next if $entry =~ /^\./; $backup_file = $backup_dir . '/' . $entry . '.tgz'; $entry = $archive_dir . '/' . $entry; system("tar zcf $backup_file --remove-files $entry ; rm -rf $entry") if -d $entry && -M $entry > $days_to_keep; } closedir(QDIR); -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Craig Daters wrote: > Hello Everyone. We have been using MailScanner for a couple of years > now, and I must say that it is great! My company has been steadily > growing larger and larger, and we do business with quite a few people > via email. Our clients, upon seeing some sort of proof from us, will > give us an okay to print via email, and the need to archive mail for a > sort of paper trail when disputes arise has always been in the back of > our mind. > > We have about 4 or 5 people who deal with these clients, and they hang > onto their mail for a couple of months before deleting everything. > Sometimes we instances come up where if we had the email, we would have > gotten paid for the job, but unfortunately was deleted. > > I have been trying to work out a solution using MailScanner to archive a > months worth of mail, tar it up and burn these off to CD or something. > > We have one MailServer, sitting on the Internet side of our firewall, > that all of our 20+ employees who have email, check via POP3. > > Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, > ViSpan, and SquirrelMail > > I am curious to know if anyone is currently, or has considered, setting > up some sort of archiving action and how you may have approached it? > Does anyone have any thoughts or guidance. > > I have looked through the FAQ's and am working my mind through the > "Archive Mail =" configuration so as to set up some sort of streamlined > process to maybe backup mail for these 4 or 5 users weekly, then all the > weeklys into a monthly, montly's onto a CD. as well as some way to > retrieve and view the messages easily to find the particular mail. > > Any thoughts, ideas, or redirects? Any help or comments would be welcomed. > > Thank you, > > Craig D. > > -- > > Craig Daters (craig@westpress.com) > Systems Administrator > West Press Print Communications > > 1663 West Grant Road > Tucson, Arizona 85705 > (520) 624-4939 > (520) 624-2715 fax > > www.westpress.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Mon Jan 10 17:05:40 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Got two questions today 1) Is there a simple way to import variables in inline signatures (short of writing custom functions or modifying MailScanner) to at least include things like message id. One of our 2005 goals is not to reinvent the wheel. 2) Any feedback on "uceprotect.net" blacklists? They appear to be free and have a high correlation with our internally generated blacklists. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Mon Jan 10 17:07:11 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: One more catch.. FULL html support :/ -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Errol Neal Sent: Monday, January 10, 2005 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: One-Way Email List Server I know this is OT. Looking for some insight from my peers. Does anyone know of a email list management application (free or otherwise) besides Lsoft's product that supports one-way lists? Either windows or *nix is fine. I know of major-domo and listproc, howerver I'm not sure if any of those supports just simple one way lists. Thanks Errol ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Mon Jan 10 17:10:25 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Errol Neal > Sent: Monday, January 10, 2005 12:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: One-Way Email List Server > > One more catch.. FULL html support :/ > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Errol Neal > Sent: Monday, January 10, 2005 11:57 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: One-Way Email List Server > > I know this is OT. Looking for some insight from my peers. > Does anyone know of a email list management application (free or > otherwise) besides Lsoft's product that supports one-way lists? Either > windows or *nix is fine. I know of major-domo and listproc, howerver I'm > not sure if any of those supports just simple one way lists. > Thanks > > > Errol > We use and like GNU MailMan. HTML is OK. http://www.gnu.org/software/mailman/ Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon Jan 10 17:19:48 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: Errol Neal wrote: > One more catch.. FULL html support :/ > Mailman? Don't recall if it does one-way lists, but I'd be really surprised if it didn't... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 10 17:11:14 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:08 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hkbyte wrote: > I am learning how to write custom function. I attached my function to > Non Spam actions. If my return value are 'deliver' and 'store' , both > work properly as I want. But when I change 'store' return value to > 'bounce' , it failed and the maillog said "Does not make sense to > bounce non-spam". How can I send a custom bounce back message to sender. > Thanks. Bounce back message to a spammer is useless, as they are usually; Not going to care. Not going to read it. Will see it as a valid domain, and will turn their attacks up. See number 1 and 2 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 17:28:24 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > Have you considered using IMAP for your email? All your mail is kept > on the server, so you can keep it as long as you want. I have a few > thousand emails over many months stored right now. > > I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, > ClamAV, and SpamAssassin. > > Our mail server allows you to use either IMAP or POP. > > If you want to know more, I am usually around on the #mailscanner > chatroom on IRC. > > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > > On Mon, 2005-01-10 at 11:50, Craig Daters wrote: > >> /Hello Everyone. We have been using MailScanner for a couple of years >>now, and I must say that it is great! My company has been steadily >>growing larger and larger, and we do business with quite a few people >>via email. Our clients, upon seeing some sort of proof from us, will >>give us an okay to print via email, and the need to archive mail for a >>sort of paper trail when disputes arise has always been in the back of >>our mind. >> >>We have about 4 or 5 people who deal with these clients, and they hang >>onto their mail for a couple of months before deleting everything. >>Sometimes we instances come up where if we had the email, we would have >>gotten paid for the job, but unfortunately was deleted. >> >>I have been trying to work out a solution using MailScanner to archive a >>months worth of mail, tar it up and burn these off to CD or something. >> >>We have one MailServer, sitting on the Internet side of our firewall, >>that all of our 20+ employees who have email, check via POP3. >> >>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>ViSpan, and SquirrelMail >> >>I am curious to know if anyone is currently, or has considered, setting >>up some sort of archiving action and how you may have approached it? >>Does anyone have any thoughts or guidance. >> >>I have looked through the FAQ's and am working my mind through the >>"Archive Mail =" configuration so as to set up some sort of streamlined >>process to maybe backup mail for these 4 or 5 users weekly, then all the >>weeklys into a monthly, montly's onto a CD. as well as some way to >>retrieve and view the messages easily to find the particular mail. >> >>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >> >>Thank you, >> >>Craig D. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >>/ >>/ www.westpress.com >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ ( http://www.mailscanner.biz/maq/ ) and >>the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html ). >> >>Support MailScanner development - buy the book off the website! / >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* I have considered IMAP, but I don't know enough about it to make an informed decision to use it. I have only ever used POP3. I would suspect also that I might want to use Quota's for this type of config, and I do not know much about that either. We process a couple of gigabytes a month worth of email with all of the file attachments that we take in, so I would be afraid of my drive filling up too soon. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Jan 10 17:34:57 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig, I forgot to mention that all my users and quota management are done via MySQL. If you are worried about disk space, IMAP does build up. You don't have to have everyone on IMAP, as you can put important email on IMAP and others on POP. On Mon, 2005-01-10 at 12:28, Craig Daters wrote: Wess Bechard wrote: > Have you considered using IMAP for your email? All your mail is kept > on the server, so you can keep it as long as you want. I have a few > thousand emails over many months stored right now. > > I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, > ClamAV, and SpamAssassin. > > Our mail server allows you to use either IMAP or POP. > > If you want to know more, I am usually around on the #mailscanner > chatroom on IRC. > > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > > On Mon, 2005-01-10 at 11:50, Craig Daters wrote: > >> /Hello Everyone. We have been using MailScanner for a couple of years >>now, and I must say that it is great! My company has been steadily >>growing larger and larger, and we do business with quite a few people >>via email. Our clients, upon seeing some sort of proof from us, will >>give us an okay to print via email, and the need to archive mail for a >>sort of paper trail when disputes arise has always been in the back of >>our mind. >> >>We have about 4 or 5 people who deal with these clients, and they hang >>onto their mail for a couple of months before deleting everything. >>Sometimes we instances come up where if we had the email, we would have >>gotten paid for the job, but unfortunately was deleted. >> >>I have been trying to work out a solution using MailScanner to archive a >>months worth of mail, tar it up and burn these off to CD or something. >> >>We have one MailServer, sitting on the Internet side of our firewall, >>that all of our 20+ employees who have email, check via POP3. >> >>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>ViSpan, and SquirrelMail >> >>I am curious to know if anyone is currently, or has considered, setting >>up some sort of archiving action and how you may have approached it? >>Does anyone have any thoughts or guidance. >> >>I have looked through the FAQ's and am working my mind through the >>"Archive Mail =" configuration so as to set up some sort of streamlined >>process to maybe backup mail for these 4 or 5 users weekly, then all the >>weeklys into a monthly, montly's onto a CD. as well as some way to >>retrieve and view the messages easily to find the particular mail. >> >>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >> >>Thank you, >> >>Craig D. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >>/ >>/ www.westpress.com >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ ( http://www.mailscanner.biz/maq/ ) and >>the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html ). >> >>Support MailScanner development - buy the book off the website! / >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* I have considered IMAP, but I don't know enough about it to make an informed decision to use it. I have only ever used POP3. I would suspect also that I might want to use Quota's for this type of config, and I do not know much about that either. We process a couple of gigabytes a month worth of email with all of the file attachments that we take in, so I would be afraid of my drive filling up too soon. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 17:37:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > 1) Is there a simple way to import variables in inline signatures (short > of writing custom functions or modifying MailScanner) to at least > include things like message id. One of our 2005 goals is not to reinvent > the wheel. Can I ask why you want this, and what you are trying to achieve? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 17:38:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > hkbyte wrote: > >> I am learning how to write custom function. I attached my function to >> Non Spam actions. If my return value are 'deliver' and 'store' , both >> work properly as I want. But when I change 'store' return value to >> 'bounce' , it failed and the maillog said "Does not make sense to >> bounce non-spam". How can I send a custom bounce back message to sender. >> Thanks. > > > Bounce back message to a spammer is useless, as they are usually; He wants to bounce back to a NON-spammer. Bouncing a message which is not spam doesn't make much sense to me (hence the error message). Why would you want to reject mail you have decided you want to deliver? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 17:39:01 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Craig > > I do the entire outside email traffic. > > tar it up after three days, then manually burnt to CD once I get enough > to fit onto a CD. > > If you make the "Archive Mail = users.rule" you can populate the rule > file with the users you want to archive. > > I then have a script that's called by cron to tar.gz up the directories.. > > #!/usr/bin/perl > > > # > # IMPORTANT NOTE: > # > # Change the next line to 0 instead of 1 to enable this script. > # By default it will be disabled and will not do anything. > # > > $disabled = 0; > > > > $archive_dir = '/usr/MailScanner/archive/'; > $backup_dir = '/usr/MailScanner/backup_archive'; > $days_to_keep = 2; > > exit if $disabled; > > # Standardise the format of the directory name > die 'Path for archive_dir must be absolute' unless $archive_dir =~ /^\//; > $archive_dir =~ s/\/$//; # Delete trailing slash > > # Now get the content list for the directory. > opendir(QDIR, $archive_dir) or die "Couldn't read directory $archive_dir"; > > # Loop through this list looking for any *directory* which hasn't been > # modified in the last $days_to_keep days. > # Unfortunately this will do nothing if the filesystem is backed up > using tar. > while($entry = readdir(QDIR)) { > next if $entry =~ /^\./; > $backup_file = $backup_dir . '/' . $entry . '.tgz'; > $entry = $archive_dir . '/' . $entry; > system("tar zcf $backup_file --remove-files $entry ; rm -rf > $entry") if > -d $entry && -M $entry > $days_to_keep; > } > closedir(QDIR); > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Craig Daters wrote: > >> Hello Everyone. We have been using MailScanner for a couple of years >> now, and I must say that it is great! My company has been steadily >> growing larger and larger, and we do business with quite a few people >> via email. Our clients, upon seeing some sort of proof from us, will >> give us an okay to print via email, and the need to archive mail for a >> sort of paper trail when disputes arise has always been in the back of >> our mind. >> >> We have about 4 or 5 people who deal with these clients, and they hang >> onto their mail for a couple of months before deleting everything. >> Sometimes we instances come up where if we had the email, we would have >> gotten paid for the job, but unfortunately was deleted. >> >> I have been trying to work out a solution using MailScanner to archive a >> months worth of mail, tar it up and burn these off to CD or something. >> >> We have one MailServer, sitting on the Internet side of our firewall, >> that all of our 20+ employees who have email, check via POP3. >> >> Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >> ViSpan, and SquirrelMail >> >> I am curious to know if anyone is currently, or has considered, setting >> up some sort of archiving action and how you may have approached it? >> Does anyone have any thoughts or guidance. >> >> I have looked through the FAQ's and am working my mind through the >> "Archive Mail =" configuration so as to set up some sort of streamlined >> process to maybe backup mail for these 4 or 5 users weekly, then all the >> weeklys into a monthly, montly's onto a CD. as well as some way to >> retrieve and view the messages easily to find the particular mail. >> >> Any thoughts, ideas, or redirects? Any help or comments would be >> welcomed. >> >> Thank you, >> >> Craig D. >> >> -- >> >> Craig Daters (craig@westpress.com) >> Systems Administrator >> West Press Print Communications >> >> 1663 West Grant Road >> Tucson, Arizona 85705 >> (520) 624-4939 >> (520) 624-2715 fax >> >> www.westpress.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Thanks Martin, This gives me an idea of how to start a backup script. I do not want to back up all of it, as this would be to big. I only want to back up like 4 or 5 users email is all. Then be able to restore it somewhere to be able to find a particular message, preferably from a windows machine as no one other than myself knows how to use Linux.... -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 10 17:47:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: > Thanks Martin, > > This gives me an idea of how to start a backup script. I do not want to > back up all of it, as this would be to big. I only want to back up like > 4 or 5 users email is all. Then be able to restore it somewhere to be > able to find a particular message, preferably from a windows machine as > no one other than myself knows how to use Linux.... > > -- > > Craig Daters (craig@westpress.com) > Systems Administrator > West Press Print Communications > Craig you could get the users into MailWatch so they can release their own email from within the DB...you'd have to keep the uncompressed emails around for more days though as the MW interace only deals with the rfc-822 format emails, not uncompresseing/extracting on the fly. The MW stuff can (and will) look into the users table to allow non-admin users to check their own email for spam etc... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Mon Jan 10 17:53:02 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: On Mon, Jan 10, 2005 at 08:19:48AM -0900, Kevin Miller wrote: > Errol Neal wrote: > > One more catch.. FULL html support :/ > Mailman? Don't recall if it does one-way lists, but I'd be really surprised > if it didn't... If by one way lists the OP means a list that only sends out to the members, but that the members cannot post to, then this is easy in Mailman. We have a number of lists that work that way. Basically you only allow whoever is authorized to post the newsletter or announcement or whatever to post to that list. Noone else can post. We use it for stuff like press releases. -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 17:53:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > Martin Hepworth wrote: > >> Craig >> >> I do the entire outside email traffic. >> >> tar it up after three days, then manually burnt to CD once I get enough >> to fit onto a CD. >> >> If you make the "Archive Mail = users.rule" you can populate the rule >> file with the users you want to archive. >> >> I then have a script that's called by cron to tar.gz up the >> directories.. >> >> > Thanks Martin, > > This gives me an idea of how to start a backup script. I do not want to > back up all of it, as this would be to big. I only want to back up like > 4 or 5 users email is all. Then be able to restore it somewhere to be > able to find a particular message, preferably from a windows machine as > no one other than myself knows how to use Linux.... > Use a ruleset to only archive the mail for a few users, and archive each of them into a separate mbox file. See the comment above the "Archive Mail" setting for info on this. An mbox file is, more or less, a plain old text file containing all the messages archived into that file. If you back these up into a .tgz file somewhere, your Windows staff can use Winzip to open up the archive and then use any old text editor (or even Word if they must!) and search the text file for relevant keywords/dates/whatever. The Windows users will have to get used to seeing the full headers of each message, but they will soon get used to it. And it's enormously easier and faster to search than most other ways of hunting through messages in a large mailbox. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Mon Jan 10 18:00:21 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Can I ask why you want this, and what you are trying to achieve? Its more of a political issue than technical accomplishment but becuase of the size and the number of different clients we have it comes up more often than I'd like to admit it. I don't stand behind these requests or acknowledge that they make sense -- I just need to execute them. 1) Certain users require different signatures and mail actions depending on their department membership or job function. For example, certain marketing departments are required to include disclaimers about the message/product. Law firms and stock brokerages need to include additional timestamps when the message is processed at the mail server for an employee that deals with customers but not for marketing/etc that deal with other businesses (ie, when is the transaction confirmation sent out of the network). 2) Certain users and companies require different signatures depending on the time of the day the message is relayed. They use third party chat/im software that indicates their chat availability so if the message is sent during the business hours the chat/online link is included in the signature. 3) Most users want to inline the senders IP address, email address, etc so that the recipients can easilly see where the message came from without looking at the message headers. Although I've explained that this can be easilly spoofed I think we can use a link in combination with sql logging to provide an additional level of authenticity/verification. ... and other general requests like signatures, fortunes, etc. We're seeing a bigger and bigger trend in enterprises where they are looking to move more of the functions to the mail server and turn their mail client into a dumb mail reading/writing terminal. This despite their $$$ investments in tools like Outlook/Exchange which most people are finding hard to use. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Jan 10 18:30:56 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: Hi! >>> One more catch.. FULL html support :/ >> Mailman? Don't recall if it does one-way lists, but I'd be really surprised >> if it didn't... > If by one way lists the OP means a list that only sends out to the > members, but that the members cannot post to, then this is easy in > Mailman. We have a number of lists that work that way. Basically you > only allow whoever is authorized to post the newsletter or announcement > or whatever to post to that list. Noone else can post. We use it for > stuff like press releases. You can eitehr restrict postings by listmembers of by admins only (moderated). Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 18:46:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fair enough. You can already put in $from and $subject as it stands. If you apply this patch to Message.pm you will be able to use $id as well. -----SNIP----- --- Message.pm.old 2004-12-22 17:22:02.000000000 +0000 +++ Message.pm 2005-01-10 18:41:49.000000000 +0000 @@ -2474,7 +2474,7 @@ # Work out the list of all the infected attachments, including # reports applying to the whole message - my($attach, $text, %infected, $filename, $from, $subject); + my($attach, $text, %infected, $filename, $from, $subject, $id); while (($attach, $text) = each %{$this->{allreports}}) { # It affects the entire message if the entity of this file matches # the entity of the entire message. @@ -2492,6 +2492,7 @@ $infected{MailScanner::Config::LanguageValue($this, 'notnamed')} = 1; } $filename = join(', ', keys %infected); + $id = $this->{id}; $from = $this->{from}; $subject = $this->{subject}; -----SNIP----- Vlad Mazek wrote: >> >> Can I ask why you want this, and what you are trying to achieve? > > > Its more of a political issue than technical accomplishment but becuase > of the size and the number of different clients we have it comes up more > often than I'd like to admit it. I don't stand behind these requests or > acknowledge that they make sense -- I just need to execute them. > > 1) Certain users require different signatures and mail actions depending > on their department membership or job function. For example, certain > marketing departments are required to include disclaimers about the > message/product. Law firms and stock brokerages need to include > additional timestamps when the message is processed at the mail server > for an employee that deals with customers but not for marketing/etc that > deal with other businesses (ie, when is the transaction confirmation > sent out of the network). > > 2) Certain users and companies require different signatures depending on > the time of the day the message is relayed. They use third party chat/im > software that indicates their chat availability so if the message is > sent during the business hours the chat/online link is included in the > signature. > > 3) Most users want to inline the senders IP address, email address, etc > so that the recipients can easilly see where the message came from > without looking at the message headers. Although I've explained that > this can be easilly spoofed I think we can use a link in combination > with sql logging to provide an additional level of > authenticity/verification. > > ... and other general requests like signatures, fortunes, etc. We're > seeing a bigger and bigger trend in enterprises where they are looking > to move more of the functions to the mail server and turn their mail > client into a dumb mail reading/writing terminal. This despite their $$$ > investments in tools like Outlook/Exchange which most people are finding > hard to use. > > -Vlad > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:05:27 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > Craig, > > I forgot to mention that all my users and quota management are done via > MySQL. > > If you are worried about disk space, IMAP does build up. You don't have > to have everyone on IMAP, as you can put important email on IMAP and > others on POP. > > On Mon, 2005-01-10 at 12:28, Craig Daters wrote: > >>/Wess Bechard wrote: >>> Have you considered using IMAP for your email? All your mail is kept >>> on the server, so you can keep it as long as you want. I have a few >>> thousand emails over many months stored right now. >>> >>> I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, >>> ClamAV, and SpamAssassin. >>> >>> Our mail server allows you to use either IMAP or POP. >>> >>> If you want to know more, I am usually around on the #mailscanner >>> chatroom on IRC. >>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> >>> On Mon, 2005-01-10 at 11:50, Craig Daters wrote: >>> >>>> /Hello Everyone. We have been using MailScanner for a couple of years >>>>now, and I must say that it is great! My company has been steadily >>>>growing larger and larger, and we do business with quite a few people >>>>via email. Our clients, upon seeing some sort of proof from us, will >>>>give us an okay to print via email, and the need to archive mail for a >>>>sort of paper trail when disputes arise has always been in the back of >>>>our mind. >>>> >>>>We have about 4 or 5 people who deal with these clients, and they hang >>>>onto their mail for a couple of months before deleting everything. >>>>Sometimes we instances come up where if we had the email, we would have >>>>gotten paid for the job, but unfortunately was deleted. >>>> >>>>I have been trying to work out a solution using MailScanner to archive a >>>>months worth of mail, tar it up and burn these off to CD or something. >>>> >>>>We have one MailServer, sitting on the Internet side of our firewall, >>>>that all of our 20+ employees who have email, check via POP3. >>>> >>>>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>>>ViSpan, and SquirrelMail >>>> >>>>I am curious to know if anyone is currently, or has considered, setting >>>>up some sort of archiving action and how you may have approached it? >>>>Does anyone have any thoughts or guidance. >>>> >>>>I have looked through the FAQ's and am working my mind through the >>>>"Archive Mail =" configuration so as to set up some sort of streamlined >>>>process to maybe backup mail for these 4 or 5 users weekly, then all the >>>>weeklys into a monthly, montly's onto a CD. as well as some way to >>>>retrieve and view the messages easily to find the particular mail. >>>> >>>>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >>>> >>>>Thank you, >>>> >>>>Craig D. >>>> >>>>-- >>>> >>>>Craig Daters (craig@westpress.com) >>>>Systems Administrator >>>>West Press Print Communications >>>> >>>>1663 West Grant Road >>>>Tucson, Arizona 85705 >>>>(520) 624-4939 >>>>(520) 624-2715 fax >>>>/ >>>>/ //_www.westpress.com_ <_http://www.westpress.com_> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ ( _http://www.mailscanner.biz/maq/_ <_http://www.mailscanner.biz/maq/_> ) and >>>>the archives ( _http://www.jiscmail.ac.uk/lists/mailscanner.html_ <_http://www.jiscmail.ac.uk/lists/mailscanner.html_> ). >>>> >>>>Support MailScanner development - buy the book off the website! / >>>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) >>> and the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >>> >>> *Support MailScanner development - buy the book off the website!* >> >>I have considered IMAP, but I don't know enough about it to make an >>informed decision to use it. I have only ever used POP3. >> >>I would suspect also that I might want to use Quota's for this type of >>config, and I do not know much about that either. We process a couple of >>gigabytes a month worth of email with all of the file attachments that >>we take in, so I would be afraid of my drive filling up too soon. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >> >>_www.westpress.com_ >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) and >>the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >> >>Support MailScanner development - buy the book off the website!/ >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* How do you manage your users and quota via MySQL? -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:09:04 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Craig Daters wrote: > >> Martin Hepworth wrote: >> >>> Craig >>> >>> I do the entire outside email traffic. >>> >>> tar it up after three days, then manually burnt to CD once I get enough >>> to fit onto a CD. >>> >>> If you make the "Archive Mail = users.rule" you can populate the rule >>> file with the users you want to archive. >>> >>> I then have a script that's called by cron to tar.gz up the >>> directories.. >>> >>> >> Thanks Martin, >> >> This gives me an idea of how to start a backup script. I do not want to >> back up all of it, as this would be to big. I only want to back up like >> 4 or 5 users email is all. Then be able to restore it somewhere to be >> able to find a particular message, preferably from a windows machine as >> no one other than myself knows how to use Linux.... >> > Use a ruleset to only archive the mail for a few users, and archive each > of them into a separate mbox file. See the comment above the "Archive > Mail" setting for info on this. An mbox file is, more or less, a plain > old text file containing all the messages archived into that file. If > you back these up into a .tgz file somewhere, your Windows staff can use > Winzip to open up the archive and then use any old text editor (or even > Word if they must!) and search the text file for relevant > keywords/dates/whatever. > > The Windows users will have to get used to seeing the full headers of > each message, but they will soon get used to it. And it's enormously > easier and faster to search than most other ways of hunting through > messages in a large mailbox. > This is what I was more or less leaning towards, I wasn't sure if there was a more elegant way to go about it.... -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Mon Jan 10 19:07:04 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: >> Thanks Martin, >> >> This gives me an idea of how to start a backup script. I do not want to >> back up all of it, as this would be to big. I only want to back up like >> 4 or 5 users email is all. Then be able to restore it somewhere to be >> able to find a particular message, preferably from a windows machine as >> no one other than myself knows how to use Linux.... >> >> -- >> >> Craig Daters (craig@westpress.com) >> Systems Administrator >> West Press Print Communications >> > > Craig > > you could get the users into MailWatch so they can release their own > email from within the DB...you'd have to keep the uncompressed emails > around for more days though as the MW interace only deals with the > rfc-822 format emails, not uncompresseing/extracting on the fly. > > The MW stuff can (and will) look into the users table to allow non-admin > users to check their own email for spam etc... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Martin, Sorry to jump in here but something you said caught my attention. You said "The MW stuff can (and will) look into the users table to allow non-admin users to check their own email for spam etc..." Can you clarify: are you saying that if the user has a real login account on the server, they would be able to log into MailWatch and see their spam and infected emails and release mail themselves? Or do they use their email user/password, which I guess would make more sense, now wouldn't it ;-) Dave Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Jan 10 19:14:35 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] With Courier-IMAP/POP, I used authdaemon, which is part of the Courier-IMAP package. I simply tell authdaemon to use MySQL to check the email address and password. Quotas are handled on the same user table. Gentoo: http://www.gentoo.org/doc/en/virt-mail-howto.xml This document details how to create a virtual mailhosting system based upon postfix, mysql, courier-imap, and cyrus-sasl. I modified this setup to work with MailScanner, ClamAV, and SpamAssassin. You can use this guide for other distros, as it does give you the configurations to use, and the names of the programs, which are available to most distros. On Mon, 2005-01-10 at 14:05, Craig Daters wrote: Wess Bechard wrote: > Craig, > > I forgot to mention that all my users and quota management are done via > MySQL. > > If you are worried about disk space, IMAP does build up. You don't have > to have everyone on IMAP, as you can put important email on IMAP and > others on POP. > > On Mon, 2005-01-10 at 12:28, Craig Daters wrote: > >>/Wess Bechard wrote: >>> Have you considered using IMAP for your email? All your mail is kept >>> on the server, so you can keep it as long as you want. I have a few >>> thousand emails over many months stored right now. >>> >>> I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, >>> ClamAV, and SpamAssassin. >>> >>> Our mail server allows you to use either IMAP or POP. >>> >>> If you want to know more, I am usually around on the #mailscanner >>> chatroom on IRC. >>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> >>> On Mon, 2005-01-10 at 11:50, Craig Daters wrote: >>> >>>> /Hello Everyone. We have been using MailScanner for a couple of years >>>>now, and I must say that it is great! My company has been steadily >>>>growing larger and larger, and we do business with quite a few people >>>>via email. Our clients, upon seeing some sort of proof from us, will >>>>give us an okay to print via email, and the need to archive mail for a >>>>sort of paper trail when disputes arise has always been in the back of >>>>our mind. >>>> >>>>We have about 4 or 5 people who deal with these clients, and they hang >>>>onto their mail for a couple of months before deleting everything. >>>>Sometimes we instances come up where if we had the email, we would have >>>>gotten paid for the job, but unfortunately was deleted. >>>> >>>>I have been trying to work out a solution using MailScanner to archive a >>>>months worth of mail, tar it up and burn these off to CD or something. >>>> >>>>We have one MailServer, sitting on the Internet side of our firewall, >>>>that all of our 20+ employees who have email, check via POP3. >>>> >>>>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>>>ViSpan, and SquirrelMail >>>> >>>>I am curious to know if anyone is currently, or has considered, setting >>>>up some sort of archiving action and how you may have approached it? >>>>Does anyone have any thoughts or guidance. >>>> >>>>I have looked through the FAQ's and am working my mind through the >>>>"Archive Mail =" configuration so as to set up some sort of streamlined >>>>process to maybe backup mail for these 4 or 5 users weekly, then all the >>>>weeklys into a monthly, montly's onto a CD. as well as some way to >>>>retrieve and view the messages easily to find the particular mail. >>>> >>>>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >>>> >>>>Thank you, >>>> >>>>Craig D. >>>> >>>>-- >>>> >>>>Craig Daters (craig@westpress.com) >>>>Systems Administrator >>>>West Press Print Communications >>>> >>>>1663 West Grant Road >>>>Tucson, Arizona 85705 >>>>(520) 624-4939 >>>>(520) 624-2715 fax >>>>/ >>>>/ //_www.westpress.com_ <_http://www.westpress.com_> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ ( _http://www.mailscanner.biz/maq/_ <_http://www.mailscanner.biz/maq/_> ) and >>>>the archives ( _http://www.jiscmail.ac.uk/lists/mailscanner.html_ <_http://www.jiscmail.ac.uk/lists/mailscanner.html_> ). >>>> >>>>Support MailScanner development - buy the book off the website! / >>>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) >>> and the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >>> >>> *Support MailScanner development - buy the book off the website!* >> >>I have considered IMAP, but I don't know enough about it to make an >>informed decision to use it. I have only ever used POP3. >> >>I would suspect also that I might want to use Quota's for this type of >>config, and I do not know much about that either. We process a couple of >>gigabytes a month worth of email with all of the file attachments that >>we take in, so I would be afraid of my drive filling up too soon. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >> >>_www.westpress.com_ >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) and >>the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >> >>Support MailScanner development - buy the book off the website!/ >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* How do you manage your users and quota via MySQL? -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:50:36 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: >> Thanks Martin, >> >> This gives me an idea of how to start a backup script. I do not want to >> back up all of it, as this would be to big. I only want to back up like >> 4 or 5 users email is all. Then be able to restore it somewhere to be >> able to find a particular message, preferably from a windows machine as >> no one other than myself knows how to use Linux.... >> >> -- >> >> Craig Daters (craig@westpress.com) >> Systems Administrator >> West Press Print Communications >> > > Craig > > you could get the users into MailWatch so they can release their own > email from within the DB...you'd have to keep the uncompressed emails > around for more days though as the MW interace only deals with the > rfc-822 format emails, not uncompresseing/extracting on the fly. > > The MW stuff can (and will) look into the users table to allow non-admin > users to check their own email for spam etc... > I do have other users set up to check their quarantined stuff, and I had considered storing the email in the DB, but was unsure how this would affect the load on our server as we process almost 2GB of mail a month, (due to all the file attachments/jobs that we receive to print...) and the resulting DB would be almost as large for the few users that I want to keep mail around for. If I don't need to be worried about it though, I'm all over it :) -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:52:51 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > With Courier-IMAP/POP, I used authdaemon, which is part of the > Courier-IMAP package. I simply tell authdaemon to use MySQL to check > the email address and password. Quotas are handled on the same user table. > > Gentoo: http://www.gentoo.org/doc/en/virt-mail-howto.xml > This document details how to create a virtual mailhosting system based > upon postfix, mysql, courier-imap, and cyrus-sasl. > > I modified this setup to work with MailScanner, ClamAV, and SpamAssassin. > > You can use this guide for other distros, as it does give you the > configurations to use, and the names of the programs, which are > available to most distros. > > On Mon, 2005-01-10 at 14:05, Craig Daters wrote: > I will have to check this out. Thanks -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jan 10 21:21:30 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:09 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Ugo Bellavance wrote: > >> About 10 MB of code... would you rather load it everytime or have 10 MB >> of RAM used all the time? > > > It doesn't have to actually load it from disk every time unless you're > really starved for memory and then your server is already crawling > anyway. It's a fairly light operation to reuse old pages in memory. > Hmm, you're right, I didn't think enough I guess. I guess that's why there isn't much difference between running dccproc and dccifd. If anyone has comparison data, please let us know. Thanks, > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at SUDORA.COM Mon Jan 10 21:54:03 2005 From: james at SUDORA.COM (James A. Pattie) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | Craig Daters wrote: | |> Martin Hepworth wrote: |> |>> Craig |>> |>> I do the entire outside email traffic. |>> |>> tar it up after three days, then manually burnt to CD once I get enough |>> to fit onto a CD. |>> |>> If you make the "Archive Mail = users.rule" you can populate the rule |>> file with the users you want to archive. |>> |>> I then have a script that's called by cron to tar.gz up the |>> directories.. |>> |>> |> Thanks Martin, |> |> This gives me an idea of how to start a backup script. I do not want to |> back up all of it, as this would be to big. I only want to back up like |> 4 or 5 users email is all. Then be able to restore it somewhere to be |> able to find a particular message, preferably from a windows machine as |> no one other than myself knows how to use Linux.... |> | Use a ruleset to only archive the mail for a few users, and archive each | of them into a separate mbox file. See the comment above the "Archive | Mail" setting for info on this. An mbox file is, more or less, a plain | old text file containing all the messages archived into that file. If | you back these up into a .tgz file somewhere, your Windows staff can use | Winzip to open up the archive and then use any old text editor (or even | Word if they must!) and search the text file for relevant | keywords/dates/whatever. | | The Windows users will have to get used to seeing the full headers of | each message, but they will soon get used to it. And it's enormously | easier and faster to search than most other ways of hunting through | messages in a large mailbox. Or you use Mozilla Thunderbird and import the mbox file into their "Local Folders" and then use the nice gui to search, print, etc. - -- James A. Pattie james@sudora.com Linux -- SysAdmin / Programmer Sudora, LLC http://www.sudora.com/ GPG Key Available at https://services.sudora.com/gpgkeys/james.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB4vl7Sl+1j6z8MycRAuniAJ41kzSw1ULxp23OYzU8FW/1fex86ACfTFGK a/XgQJ8L2eoBC1aUGSG/mkw= =LCun -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 22:03:36 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James A. Pattie wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > | Craig Daters wrote: > | > |> Martin Hepworth wrote: > |> > |>> Craig > |>> > |>> I do the entire outside email traffic. > |>> > |>> tar it up after three days, then manually burnt to CD once I get enough > |>> to fit onto a CD. > |>> > |>> If you make the "Archive Mail = users.rule" you can populate the rule > |>> file with the users you want to archive. > |>> > |>> I then have a script that's called by cron to tar.gz up the > |>> directories.. > |>> > |>> > |> Thanks Martin, > |> > |> This gives me an idea of how to start a backup script. I do not want to > |> back up all of it, as this would be to big. I only want to back up like > |> 4 or 5 users email is all. Then be able to restore it somewhere to be > |> able to find a particular message, preferably from a windows machine as > |> no one other than myself knows how to use Linux.... > |> > | Use a ruleset to only archive the mail for a few users, and archive each > | of them into a separate mbox file. See the comment above the "Archive > | Mail" setting for info on this. An mbox file is, more or less, a plain > | old text file containing all the messages archived into that file. If > | you back these up into a .tgz file somewhere, your Windows staff can use > | Winzip to open up the archive and then use any old text editor (or even > | Word if they must!) and search the text file for relevant > | keywords/dates/whatever. > | > | The Windows users will have to get used to seeing the full headers of > | each message, but they will soon get used to it. And it's enormously > | easier and faster to search than most other ways of hunting through > | messages in a large mailbox. > > Or you use Mozilla Thunderbird and import the mbox file into their "Local > Folders" and then use the nice gui to search, print, etc. > > - -- > James A. Pattie > james@sudora.com > > Linux -- SysAdmin / Programmer > Sudora, LLC > http://www.sudora.com/ > I had no idea Thunderbird could do this! I knew that I liked this app for a reason :) I will deffinately have to remember this, thanks James. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at bithose.com Mon Jan 10 22:49:04 2005 From: mailscanner at bithose.com (Jameel Akari) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: While we're on the subject of the Archive function and the fact that it can dump to an mbox file, is there a way to tell MailScanner to use a new mbox file while it is running? This would be handy so that an external script could rotate to a new mbox file for each day/week.. otherwise you end up with a huge file that becomes unwieldy after a few days. If you just cron something to copy/move files around, you can end up with race conditions and mail output following old filehandles and general ugliness. To be safe, it seems like you'd have to stop and restart MailScanner while you move the file(s) around. Or perhaps you can have some sort of rule or macro define that filename so that it automatically switches to a new file each day, something like: archive_$DATE.mbox -> archive_20040110.mbox for today, archve_20040111.mbox for tomorrow, etc. Then you only work on the rotated-out file. And is it generally considered "ok" to just cat mbox files together? So if I had two MailScanner servers that generated their own Archive mbox files, and I want one consolidated file, can they just be cat'ed together? Or is order important? And at risk of being burnt at the stake for heresy, how well might it handle a single mbox between two machines over NFS? -- #!/jameel/akari sleep 4800; make clean && make breakfast ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 23:18:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jameel Akari wrote: > While we're on the subject of the Archive function and the fact that it > can dump to an mbox file, is there a way to tell MailScanner to use a new > mbox file while it is running? Your best bet is to HUP MailScanner and then immediately move new mbox files into place. It takes a second or two before the first message will be processed, which should give you enough time to get the new mboxes in place. Though obviously this isn't as "Solid" as it should be, I quite agree. Ideally you should stop and restart. > Or perhaps you can have some sort of rule or macro define that > filename so > that it automatically switches to a new file each day, something like: > archive_$DATE.mbox -> archive_20040110.mbox for today, > archve_20040111.mbox for tomorrow, etc. Then you only work on the > rotated-out file. That's not a bad idea, but makes it ever more complex to use and configure. > And at risk of being burnt at the stake for heresy, how well might it > handle a single mbox between two machines over NFS? It can be done (we do it) reliably. But it is pretty hard as you need to be totally paranoid about the locking. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cslyon at gmail.com Tue Jan 11 04:53:45 2005 From: cslyon at gmail.com (Chris Lyon) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: I have seen a few messages float around the list on this subject and wanted to give some of my input on it. I have been tracking the "User unknown" messages for about a week now on one of my MailScanner systems and have found something odd. About 90% of all the "User unknown" messages are coming from different hosts not seen before. So in other words a single IP address will open an SMTP connection, send a message anywhere from 5 to 29 recipients and drop the connection. We will generate the "User unknown" back to then during the connection since they are not on the list. That same IP address will usually will do this style of attack three or four times in a few seconds. Only about 10% of all the "User unknown" attacks show the same IP address again. (This has only been a week and maybe this number will change) The names they are using are standard dictionary stuff. bob@, jeff@, todd@...etc. So what are they hunting for? Are they trying to get past the spam engine? Are they hunting for valid names? I think they doing all of the above but am mainly hunting for names. So with that said is using LDAP on the MTA giving too much information back to the spammers as what addresses are good/bad? Any feedback? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From myeasytech at YAHOO.COM.HK Tue Jan 11 05:47:16 2005 From: myeasytech at YAHOO.COM.HK (hkbyte) Date: Thu Jan 12 21:28:09 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> hkbyte wrote: >> >>> I am learning how to write custom function. I attached my function to >>> Non Spam actions. If my return value are 'deliver' and 'store' , both >>> work properly as I want. But when I change 'store' return value to >>> 'bounce' , it failed and the maillog said "Does not make sense to >>> bounce non-spam". How can I send a custom bounce back message to >>> sender. >>> Thanks. >> >> >> >> Bounce back message to a spammer is useless, as they are usually; > > > He wants to bounce back to a NON-spammer. Bouncing a message which is > not spam doesn't make much sense to me (hence the error message). Why > would you want to reject mail you have decided you want to deliver? > Julian, I want to restrict user to send outgoing email based on some restrictions. I want to tell the sender why his mail is rejected. BTW, I have another question about the "@headers" attributes. It seems that the format are different with different MTAs. Is there any simple way I can retreive some header fields? e.g. The return-path and date fields. --hkbyte ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jan 11 06:59:32 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig, > 4 or 5 users email is all. Then be able to restore it somewhere to be > able to find a particular message, preferably from a windows > machine as > no one other than myself knows how to use Linux.... I am glad to see that you are being helped. However: Is there _any_ reason why nearly all of your mails contain a consiberable part of all previous mail as a quote? This makes reading your mails very hard! Please stop that. Only quote the necessary parts and if possible, answer part after part and not quote everything on top and then answer in one paragraph afterwards. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Tue Jan 11 08:34:31 2005 From: dh at UPTIME.AT ([UTF-8] David Höhn) Date: Thu Jan 12 21:28:09 2006 Subject: Buglet in Report? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello. I am not quite sure whether this is an MTA or Mailscanner issue. When I get a Bad Filename Report with the full hearders in it, it seems that the MIME decoding on the subject is not properly applied. Since I gets oemthing similar to this: The following e-mails were found to have: Bad Filename Detected ~ Sender: XXXX IP Address: 213.46.255.21 ~ Recipient: XXXXX ~ Subject: =?iso-8859-1?Q?Re:_{Bad_Filename}_Timetable_f=FCr_Dienstag?= ~ MessageID: j0B8UHAp017705 ~ Achtung: MailScanner: Attempt to hide real filename extension (protokoll com.sult.doc) Now for 8859-1 that is a none issue, for something like big5 it gets annoying :) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) iD8DBQFB44+XPMoaMn4kKR4RA2nYAJkBtP3Ep5W7iZbBcCMj+tzZONzbtACgnjCe xK4KlDeq8Ij2CEWPMHh02EY= =RWPW -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From misterpo at IFRANCE.COM Tue Jan 11 09:02:13 2005 From: misterpo at IFRANCE.COM (Mister PO) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: Hello all, My Mailscanner RedHat 9 Linux server logs its activity in the /var/log/maillog file. I have added the following section to /etc/logrotate.conf to purge logs daily : /var/log/maillog { daily create rotate 3 } but my log file is still growing and logrotate doesn't do its job. Do I need stop and start MailScanner to help logrotate do its job ? I know there is a postrotate instruction, but is there prerotate one ? Thanks in advance for your help, PO. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 09:02:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: CCraig Daters wrote: > Martin Hepworth wrote: > >>> Thanks Martin, >>> >>> This gives me an idea of how to start a backup script. I do not want to >>> back up all of it, as this would be to big. I only want to back up like >>> 4 or 5 users email is all. Then be able to restore it somewhere to be >>> able to find a particular message, preferably from a windows machine as >>> no one other than myself knows how to use Linux.... >>> >>> -- >>> >>> Craig Daters (craig@westpress.com) >>> Systems Administrator >>> West Press Print Communications >>> >> >> Craig >> >> you could get the users into MailWatch so they can release their own >> email from within the DB...you'd have to keep the uncompressed emails >> around for more days though as the MW interace only deals with the >> rfc-822 format emails, not uncompresseing/extracting on the fly. >> >> The MW stuff can (and will) look into the users table to allow non-admin >> users to check their own email for spam etc... >> > I do have other users set up to check their quarantined stuff, and I had > considered storing the email in the DB, but was unsure how this would > affect the load on our server as we process almost 2GB of mail a month, > (due to all the file attachments/jobs that we receive to print...) and > the resulting DB would be almost as large for the few users that I want > to keep mail around for. > > If I don't need to be worried about it though, I'm all over it :) > > -- > Craig Daters (craig@westpress.com) > Systems Administrator > West Press Print Communications Craig The Database doesn't hold the actual email, that is left on the disk in either rfc822 or queue file format depending on the settings in MailScanner.conf If you're already using the non-admin user's function to check against quarantined stuff then its more of less the same thing for 'normal' email. You just need to make sure you are archiving the email for X days for those users an dthey can then forward the email to themselves if they are daft enough to have a deleted the billing/work email. Thinking about all this, wouldn't it be better to add better controls into the work flow so that work/billing info is held per job somewhere like a document repository. That way if someone isn't available for work you can still see their work to be done etc??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 09:07:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: Chris We use something similar to this. I can't say that I've analysed where the non-user errors are coming from, but 66% of all the inbound spam is for non-existant users. So this keeps my server load down quite a bit.. Given the effectiveness of MS/SA/ClamAV/Sophos at trapping unwanted emails I'm not that worried that the bad guys might be brute force harvesting email addresses this way. In fact bring it on! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Lyon wrote: > I have seen a few messages float around the list on this subject and > wanted to give some of my input on it. I have been tracking the "User > unknown" > messages for about a week now on one of my MailScanner systems and > have found something odd. About 90% of all the "User unknown" messages > are coming from different hosts not seen before. So in other words a > single IP address will open an SMTP connection, send a message > anywhere from 5 to 29 recipients and drop the connection. We will > generate the "User unknown" back to then during the connection since > they are not on the list. That same IP address will usually will do > this style of attack three or four times in a few seconds. Only about > 10% of all the "User unknown" attacks show the same IP address again. > (This has only been a week and maybe this number will > change) The names they are using are standard dictionary stuff. bob@, > jeff@, todd@...etc. So what are they hunting for? Are they trying to > get past the spam engine? Are they hunting for valid names? > > > I think they doing all of the above but am mainly hunting for names. > So with that said is using LDAP on the MTA giving too much information > back to the spammers as what addresses are good/bad? > > > Any feedback? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 09:14:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Jameel Akari wrote: > >> While we're on the subject of the Archive function and the fact that it >> can dump to an mbox file, is there a way to tell MailScanner to use a >> new >> mbox file while it is running? > > > Your best bet is to HUP MailScanner and then immediately move new mbox > files into place. It takes a second or two before the first message will > be processed, which should give you enough time to get the new mboxes in > place. > > Though obviously this isn't as "Solid" as it should be, I quite agree. > Ideally you should stop and restart. > >> Or perhaps you can have some sort of rule or macro define that >> filename so >> that it automatically switches to a new file each day, something like: >> archive_$DATE.mbox -> archive_20040110.mbox for today, >> archve_20040111.mbox for tomorrow, etc. Then you only work on the >> rotated-out file. > > > That's not a bad idea, but makes it ever more complex to use and > configure. I have implemented this in the attached patch for Message.pm. You can put the magic string _DATE_ anywhere in the "Archive Mail" setting (more than once if you want to). This keyword will be replaced with the current date in yyyymmdd format when the archive is written. Let me know how you get on. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] --- Message.pm.old 2005-01-10 18:46:10.000000000 +0000 +++ Message.pm 2005-01-11 09:05:58.000000000 +0000 @@ -205,6 +205,14 @@ # Work out where to archive/copy this message. # Could do all the archiving in a different separate place. $archiveplaces = MailScanner::Config::Value('archivemail', $this); + if ($archiveplaces =~ /_DATE_/) { + # Only do the work for the date substitution if we really have to + my($day, $month, $year, $date); + ($day, $month, $year) = (localtime)[3,4,5]; + $date = sprintf("%04d%02d%02d", $year+1900, $month+1, $day); + $archiveplaces =~ s/_DATE_/$date/g; + #print STDERR "Archive location is $archiveplaces\n"; + } @{$this->{archiveplaces}} = ((defined $archiveplaces)?split(" ", $archiveplaces):()); bless $this, $type; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 11 09:37:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: The logging of mail-related entries to a maillog file is usually not done directly by each program (sendmail, MailScanner ...), but rather by the syslogd daemon. So the "resposible program" that need be informed the file has changed is syslogd. So you'd need an entry to handle all "syslogds files", and in that have a postrotate /usr/bin/killall -HUP syslogd # endscript ... or similar. man syslogd syslog.conf .... might be good reading;) (Many, if not most systems come with an entry for syslogd already configured) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mister PO > Sent: den 11 januari 2005 10:02 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Logrotate and MailScanner > > > Hello all, > > My Mailscanner RedHat 9 Linux server logs its activity in the > /var/log/maillog file. > > I have added the following section to /etc/logrotate.conf to > purge logs daily : > > /var/log/maillog { > daily > create > rotate 3 > } > > but my log file is still growing and logrotate doesn't do its job. > > Do I need stop and start MailScanner to help logrotate do its job ? > > I know there is a postrotate instruction, but is there prerotate one ? > > Thanks in advance for your help, > > PO. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 11 09:46:10 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: I'd tend to agree with Martin here. Even if the domain would be mapped, ATM this type of thing has more benefit than badness. Also, the names you cite ring a bell... Some viruses "guess" names like that, and there the sole purpose is spreading, not really "mapping out the domain" (ie no "intelligence", nor "reporting" is really involved). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 11 januari 2005 10:07 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: LDAP/MTA helping Spammers? > > > Chris > > We use something similar to this. I can't say that I've analysed where > the non-user errors are coming from, but 66% of all the > inbound spam is > for non-existant users. So this keeps my server load down > quite a bit.. > > Given the effectiveness of MS/SA/ClamAV/Sophos at trapping unwanted > emails I'm not that worried that the bad guys might be brute force > harvesting email addresses this way. In fact bring it on! > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Chris Lyon wrote: > > I have seen a few messages float around the list on this subject and > > wanted to give some of my input on it. I have been tracking > the "User > > unknown" > > messages for about a week now on one of my MailScanner systems and > > have found something odd. About 90% of all the "User > unknown" messages > > are coming from different hosts not seen before. So in other words a > > single IP address will open an SMTP connection, send a message > > anywhere from 5 to 29 recipients and drop the connection. We will > > generate the "User unknown" back to then during the connection since > > they are not on the list. That same IP address will usually will do > > this style of attack three or four times in a few seconds. > Only about > > 10% of all the "User unknown" attacks show the same IP > address again. > > (This has only been a week and maybe this number will > > change) The names they are using are standard dictionary > stuff. bob@, > > jeff@, todd@...etc. So what are they hunting for? Are they trying to > > get past the spam engine? Are they hunting for valid names? > > > > > > I think they doing all of the above but am mainly hunting for names. > > So with that said is using LDAP on the MTA giving too much > information > > back to the spammers as what addresses are good/bad? > > > > > > Any feedback? > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgutlon at YAHOO.COM Tue Jan 11 10:17:34 2005 From: rgutlon at YAHOO.COM (Rick Gutlon) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: I believe you need to restart cron in order for the changes in your logrotate.conf file to take effect. An example would be /etc/rc.d/init.d/crond restart Regards - --- Mister PO wrote: > Hello all, > > My Mailscanner RedHat 9 Linux server logs its > activity in the > /var/log/maillog file. > > I have added the following section to > /etc/logrotate.conf to purge logs daily : > > /var/log/maillog { > daily > create > rotate 3 > } > > but my log file is still growing and logrotate > doesn't do its job. > > Do I need stop and start MailScanner to help > logrotate do its job ? > > I know there is a postrotate instruction, but is > there prerotate one ? > > Thanks in advance for your help, > > PO. > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.g.m.peters at utwente.nl Tue Jan 11 10:24:24 2005 From: p.g.m.peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:28:09 2006 Subject: MS supporting Sendmail X? Message-ID: Any idea whether MS wiil support sendmail X? It appears Sendmail X will be completly different from the current Sendmail esp. i.r.t. queue handling. It looks like Sendmail X goes the "different programmes for different functions" way. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 11 10:34:25 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: Um, no... That is generally not how it's done. True, logrotate is run from cron, but the only time you need inform cron is when you add logrotate as such, not when you change logrotate.conf (ex: on most linux distros the logrotate command is run from a script in /etc/cron.daily (which are run by the runparts thing), and is invoked like logrotate /etc/logrotate.conf ... which would lead to changes to that file (or any file it references) to be automatically included). What is needed is to either change a preexisting entry for syslogd files (ex: many linux distros would have that in /etc/logrotate.d/syslogd), or creating one. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Gutlon > Sent: den 11 januari 2005 11:18 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Logrotate and MailScanner > > > I believe you need to restart cron in order for the > changes in your logrotate.conf file to take effect. An > example would be /etc/rc.d/init.d/crond restart > > Regards - > > --- Mister PO wrote: > > > Hello all, > > > > My Mailscanner RedHat 9 Linux server logs its > > activity in the > > /var/log/maillog file. > > > > I have added the following section to > > /etc/logrotate.conf to purge logs daily : > > > > /var/log/maillog { > > daily > > create > > rotate 3 > > } > > > > but my log file is still growing and logrotate > > doesn't do its job. > > > > Do I need stop and start MailScanner to help > > logrotate do its job ? > > > > I know there is a postrotate instruction, but is > > there prerotate one ? > > > > Thanks in advance for your help, > > > > PO. > > > > ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with > > the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and > > the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - now with 250MB free storage. Learn more. > http://info.mail.yahoo.com/mail_250 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ddw at BAS.AC.UK Tue Jan 11 10:34:47 2005 From: ddw at BAS.AC.UK (Douglas Willis) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Is anyone running this module on an Opteron system? If so what OS an versions are you running? -- Douglas Willis (ddw@nerc-bas.ac.uk) British Antarctic Survey High Cross, Madingley Road Cambridge, CB3 0ET, United Kingdom tel: +44 1223 221400, fax: +44 1223 362616 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony.johansson at SVENSKAKYRKAN.SE Tue Jan 11 12:26:54 2005 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:28:09 2006 Subject: Forward blocked files Message-ID: Is it possible to not just block filenames or filetypes but forward these messages to a specific mailbox? I do not want to quarantine viruses, just forward non-infected files that we normally block. /Tony ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Tue Jan 11 14:03:59 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Douglas Willis > Sent: Tuesday, January 11, 2005 5:35 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SAVI-Perl & AMD Opteron processors. > > Hi, > > Is anyone running this module on an Opteron system? > > If so what OS an versions are you running? > > -- > Douglas Willis (ddw@nerc-bas.ac.uk) Two Opteron systems: System 1: -------------------------------------------------------------- model name : AMD Opteron(tm) Processor 242 stepping : 8 cpu MHz : 1593.924 cache size : 1024 KB MemTotal: 2057732 kB OS: CentOS release 3.3 (final) Kernel: 2.4.21-20.0.1.ELsmp # MailScanner -V Running on Linux mta20.safeguardmail.net 2.4.21-20.0.1.ELsmp #1 SMP Fri Dec 3 01:31:00 GMT 2004 i686 athlon i386 GNU/Linux This is CentOS release 3.3 (final) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.10 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000002 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI -------------------------------------------------------------- System 2: -------------------------------------------------------------- model name : AMD Opteron(tm) Processor 242 physical id : 0 siblings : 1 stepping : 10 MemTotal: 2057732 kB OS: Red Hat Enterprise Linux ES release 3 (Taroon Update 4) Kernel: 2.4.21-20.0.1.ELsmp # MailScanner -V 'Running on Linux mta10.safeguardmail.net 2.4.21-20.ELsmp #1 SMP Wed Aug 18 20:34:58 EDT 2004 x86_64 x86_64 x86_64 GNU/Linux This is Red Hat Enterprise Linux ES release 3 (Taroon Update 4) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.00 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.01 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000002 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.31 URI Both systems are fully up2date except for the kernels. Both System run very well. Neither is heavily loaded yet. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jan 11 14:53:51 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: Most of the "dangerous content" checks that I carry out with MailScanner are controlled via rules files. In all cases the actions of the rules is to either "deliver", "delete", "striphtml" or "attachment". I do not use "disarm" with one exception. In MailScanner.conf I have Allow WebBugs = disarm If I see in the logs "Content Checks: Detected and will disarm HTML message in jBAtTRU022337" does this _only_ refer to the "disarming" of web bugs or can it also refer to actions taken over other content which did not involve the specific "disarm" action? Looking at the log records for other "dangerous content" actions the empirical answer to the above question is "yes". Could this be confirmed please. Thanks Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ddw at BAS.AC.UK Tue Jan 11 14:56:26 2005 From: ddw at BAS.AC.UK (Douglas Willis) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Douglas Willis >>Sent: Tuesday, January 11, 2005 5:35 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: SAVI-Perl & AMD Opteron processors. >> >>Hi, >> >>Is anyone running this module on an Opteron system? >> >>If so what OS an versions are you running? >> >>-- >>Douglas Willis (ddw@nerc-bas.ac.uk) >> >> > > >Two Opteron systems: > >System 1: >-------------------------------------------------------------- >model name : AMD Opteron(tm) Processor 242 >stepping : 8 >cpu MHz : 1593.924 >cache size : 1024 KB >MemTotal: 2057732 kB >OS: CentOS release 3.3 (final) >Kernel: 2.4.21-20.0.1.ELsmp > ># MailScanner -V >Running on >Linux mta20.safeguardmail.net 2.4.21-20.0.1.ELsmp #1 SMP Fri Dec 3 01:31:00 >GMT 2004 i686 athlon i386 GNU/Linux >This is CentOS release 3.3 (final) >This is Perl version 5.008000 (5.8.0) > >This is MailScanner version 4.37.7 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.01 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.04 Fcntl >2.71 File::Basename >2.05 File::Copy >2.01 FileHandle >1.05 File::Path >0.13 File::Temp >1.23 HTML::Entities >3.26 HTML::Parser >2.24 HTML::TokeParser >1.20 IO >1.09 IO::File >1.122 IO::Pipe >3.05 MIME::Base64 >5.415 MIME::Decoder >5.415 MIME::Decoder::UU >5.415 MIME::Head >5.415 MIME::Parser >3.03 MIME::QuotedPrint >5.415 MIME::Tools >0.09 Net::CIDR >1.05 POSIX >1.75 Socket >0.03 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.806 DB_File >1.10 Digest >1.01 Digest::HMAC >2.20 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >0.13 Mail::ClamAV >3.000002 Mail::SpamAssassin >missing Mail::SPF::Query >missing Net::CIDR::Lite >0.48 Net::DNS >missing Net::LDAP >1.94 Parse::RecDescent >missing SAVI > > What sort of mail volumes are you running through them? I notice that neither is using SAVI. Is this due to the code not compiling on the Opteron or just because you use other Anti-Virus solutions? -- Douglas Willis (ddw@nerc-bas.ac.uk) British Antarctic Survey High Cross, Madingley Road Cambridge, CB3 0ET, United Kingdom tel: +44 1223 221400, fax: +44 1223 362616 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jan 11 15:09:22 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:09 2006 Subject: custom inline signatures and RBL feedback Message-ID: Will this make it to the next version? I'd love to be able to use it in the inline warnings/sigs, etc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, January 10, 2005 1:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: custom inline signatures and RBL feedback Fair enough. You can already put in $from and $subject as it stands. If you apply this patch to Message.pm you will be able to use $id as well. -----SNIP----- --- Message.pm.old 2004-12-22 17:22:02.000000000 +0000 +++ Message.pm 2005-01-10 18:41:49.000000000 +0000 @@ -2474,7 +2474,7 @@ # Work out the list of all the infected attachments, including # reports applying to the whole message - my($attach, $text, %infected, $filename, $from, $subject); + my($attach, $text, %infected, $filename, $from, $subject, $id); while (($attach, $text) = each %{$this->{allreports}}) { # It affects the entire message if the entity of this file matches # the entity of the entire message. @@ -2492,6 +2492,7 @@ $infected{MailScanner::Config::LanguageValue($this, 'notnamed')} = 1; } $filename = join(', ', keys %infected); + $id = $this->{id}; $from = $this->{from}; $subject = $this->{subject}; -----SNIP----- Vlad Mazek wrote: >> >> Can I ask why you want this, and what you are trying to achieve? > > > Its more of a political issue than technical accomplishment but > becuase of the size and the number of different clients we have it > comes up more often than I'd like to admit it. I don't stand behind > these requests or acknowledge that they make sense -- I just need to execute them. > > 1) Certain users require different signatures and mail actions > depending on their department membership or job function. For example, > certain marketing departments are required to include disclaimers > about the message/product. Law firms and stock brokerages need to > include additional timestamps when the message is processed at the > mail server for an employee that deals with customers but not for > marketing/etc that deal with other businesses (ie, when is the > transaction confirmation sent out of the network). > > 2) Certain users and companies require different signatures depending > on the time of the day the message is relayed. They use third party > chat/im software that indicates their chat availability so if the > message is sent during the business hours the chat/online link is > included in the signature. > > 3) Most users want to inline the senders IP address, email address, > etc so that the recipients can easilly see where the message came from > without looking at the message headers. Although I've explained that > this can be easilly spoofed I think we can use a link in combination > with sql logging to provide an additional level of > authenticity/verification. > > ... and other general requests like signatures, fortunes, etc. We're > seeing a bigger and bigger trend in enterprises where they are looking > to move more of the functions to the mail server and turn their mail > client into a dumb mail reading/writing terminal. This despite their > $$$ investments in tools like Outlook/Exchange which most people are > finding hard to use. > > -Vlad > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 15:14:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It will disarm those features you told it to. The "disarm HTML" in the message means it will be trying to disarm the requested bits of the HTML. If you didn't specify "disarm" then it won't do it, it will only disarm the bits you told it to. Hope that answers your question. Given a question "a or b" the answer cannot easily be "yes" :-) Quentin Campbell wrote: >Most of the "dangerous content" checks that I carry out with MailScanner >are controlled via rules files. In all cases the actions of the rules is >to either "deliver", "delete", "striphtml" or "attachment". > >I do not use "disarm" with one exception. In MailScanner.conf I have > > Allow WebBugs = disarm > >If I see in the logs "Content Checks: Detected and will disarm HTML >message in jBAtTRU022337" does this _only_ refer to the "disarming" of >web bugs or can it also refer to actions taken over other content which >did not involve the specific "disarm" action? > >Looking at the log records for other "dangerous content" actions the >empirical answer to the above question is "yes". Could this be confirmed >please. > >Thanks > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 15:15:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh yes, don't worry. It will be in the next release. Anything else you need in that bit while I'm at it? Alex Neuman van der Hans wrote: >Will this make it to the next version? I'd love to be able to use it in the >inline warnings/sigs, etc. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, January 10, 2005 1:47 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: custom inline signatures and RBL feedback > >Fair enough. You can already put in > $from >and > $subject >as it stands. > >If you apply this patch to Message.pm you will be able to use $id as well. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jan 11 15:23:16 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: Julian If the only thing I have told MailScanner to "disarm" are web bugs, then why is it apparently finding web bugs in mail that contain no tags in the HTML? The mail in question probably orginates as RTF from Outlook clients. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 11 January 2005 15:15 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question > >It will disarm those features you told it to. The "disarm HTML" in the >message means it will be trying to disarm the requested bits of the >HTML. If you didn't specify "disarm" then it won't do it, it will only >disarm the bits you told it to. > >Hope that answers your question. Given a question "a or b" the answer >cannot easily be "yes" :-) > >Quentin Campbell wrote: > >>Most of the "dangerous content" checks that I carry out with >MailScanner >>are controlled via rules files. In all cases the actions of >the rules is >>to either "deliver", "delete", "striphtml" or "attachment". >> >>I do not use "disarm" with one exception. In MailScanner.conf I have >> >> Allow WebBugs = disarm >> >>If I see in the logs "Content Checks: Detected and will disarm HTML >>message in jBAtTRU022337" does this _only_ refer to the "disarming" of >>web bugs or can it also refer to actions taken over other >content which >>did not involve the specific "disarm" action? >> >>Looking at the log records for other "dangerous content" actions the >>empirical answer to the above question is "yes". Could this >be confirmed >>please. >> >>Thanks >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>-------------------------------------------------------------- >---------- >>"Any opinion expressed above is mine. The University can get its own." >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 15:33:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you have told it to disarm web bugs, it has to search the message for them, at which point it will also disarm them. I think that's how it works... :-) Quentin Campbell wrote: >Julian > >If the only thing I have told MailScanner to "disarm" are web bugs, then >why is it apparently finding web bugs in mail that contain no tags >in the HTML? > >The mail in question probably orginates as RTF from Outlook clients. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 11 January 2005 15:15 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question >> >>It will disarm those features you told it to. The "disarm HTML" in the >>message means it will be trying to disarm the requested bits of the >>HTML. If you didn't specify "disarm" then it won't do it, it will only >>disarm the bits you told it to. >> >>Hope that answers your question. Given a question "a or b" the answer >>cannot easily be "yes" :-) >> >>Quentin Campbell wrote: >> >> >> >>>Most of the "dangerous content" checks that I carry out with >>> >>> >>MailScanner >> >> >>>are controlled via rules files. In all cases the actions of >>> >>> >>the rules is >> >> >>>to either "deliver", "delete", "striphtml" or "attachment". >>> >>>I do not use "disarm" with one exception. In MailScanner.conf I have >>> >>> Allow WebBugs = disarm >>> >>>If I see in the logs "Content Checks: Detected and will disarm HTML >>>message in jBAtTRU022337" does this _only_ refer to the "disarming" of >>>web bugs or can it also refer to actions taken over other >>> >>> >>content which >> >> >>>did not involve the specific "disarm" action? >>> >>>Looking at the log records for other "dangerous content" actions the >>>empirical answer to the above question is "yes". Could this >>> >>> >>be confirmed >> >> >>>please. >>> >>>Thanks >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>-------------------------------------------------------------- >>> >>> >>---------- >> >> >>>"Any opinion expressed above is mine. The University can get its own." >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Tue Jan 11 15:36:08 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: I'm testing MailScanner and I'm getting the following rejected message sent back to the postmaster for Notification mesasges... I can send emails successfully to this account, but the Notification messages get rejected. Any ideas? Thanks, Diane The original message was received at Sun, 9 Jan 2005 16:34:10 -0600 from localhost [127.0.0.1] with id j09MYAcI009862 ----- The following addresses had permanent fatal errors ----- (reason: 550 Administrative prohibition) ----- Transcript of session follows ----- ... while talking to kdinet.com.mail5.psmtp.com.: >>> DATA <<< 550 Administrative prohibition 554 5.0.0 Service unavailable [-- Attachment #2 --] [-- Type: message/delivery-status, Encoding: 7bit, Size: 0.3K --] Reporting-MTA: dns; prsvr02.km-law.local Arrival-Date: Sun, 9 Jan 2005 16:34:10 -0600 Final-Recipient: RFC822; drolland@kdinet.com Action: failed Status: 5.2.0 Remote-MTA: DNS; kdinet.com.mail5.psmtp.com Diagnostic-Code: SMTP; 550 Administrative prohibition Last-Attempt-Date: Sun, 9 Jan 2005 16:34:12 -0600 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jan 11 15:41:38 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:09 2006 Subject: custom inline signatures and RBL feedback Message-ID: $to (envelope and header), $rcvd_from_ip, $reason_for_munging_the_message (it's spam, it's a virus, it's bad content), $action (disarmed this, disarmed that, deleted, stored, etc.) These are just suggestions, not requests. Would love the functionality, though! Good luck, and Happy New Year... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, January 11, 2005 10:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: custom inline signatures and RBL feedback Oh yes, don't worry. It will be in the next release. Anything else you need in that bit while I'm at it? Alex Neuman van der Hans wrote: >Will this make it to the next version? I'd love to be able to use it in >the inline warnings/sigs, etc. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Monday, January 10, 2005 1:47 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: custom inline signatures and RBL feedback > >Fair enough. You can already put in > $from >and > $subject >as it stands. > >If you apply this patch to Message.pm you will be able to use $id as well. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Tue Jan 11 15:55:30 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Douglas Willis > Sent: Tuesday, January 11, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl & AMD Opteron processors. > > Steve Swaney wrote: > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Douglas Willis > >>Sent: Tuesday, January 11, 2005 5:35 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: SAVI-Perl & AMD Opteron processors. > >> > >>Hi, > >> > >>Is anyone running this module on an Opteron system? > >> > >>If so what OS an versions are you running? > >> > >>-- > >>Douglas Willis (ddw@nerc-bas.ac.uk) > >> > >> > > > > > >Two Opteron systems: > > > > > What sort of mail volumes are you running through them? > > I notice that neither is using SAVI. > Is this due to the code not compiling on the Opteron or just because you > use other Anti-Virus solutions? > They have only recently come on line so there is very low volume, just around 10,000 per day. Load never seems to get much above 0.5 on the system that's running MailWatch and hovers around 0.0 on the other system. We're running bitdefender clamav so no SAVI is necessary. We've had no problem compiling or installing anything. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cslyon at gmail.com Tue Jan 11 16:28:40 2005 From: cslyon at gmail.com (Chris Lyon) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: On Tue, 11 Jan 2005 10:46:10 +0100, Steen, Glenn wrote: > I'd tend to agree with Martin here. Even if the domain would be mapped, > ATM this type of thing has more benefit than badness. I am not disagreeing that the benefit isn't there but from a security standpoint it is always better to give less information that more information. So either at the MTA or in MS wouldn't it be better to just silently delete? Not sending any "User unknown"? > > Also, the names you cite ring a bell... Some viruses "guess" names like > that, and there the sole purpose is spreading, not really "mapping out > the domain" (ie no "intelligence", nor "reporting" is really involved). I do recall a few of these virus but I would also think they would be coming back from the same IP over and over. That accounts for only 10% of the 5000 hits in a week on our system. > > -- Glenn > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > > Sent: den 11 januari 2005 10:07 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: LDAP/MTA helping Spammers? > > > > > > Chris > > > > We use something similar to this. I can't say that I've analysed where > > the non-user errors are coming from, but 66% of all the > > inbound spam is > > for non-existant users. So this keeps my server load down > > quite a bit.. > > > > Given the effectiveness of MS/SA/ClamAV/Sophos at trapping unwanted > > emails I'm not that worried that the bad guys might be brute force > > harvesting email addresses this way. In fact bring it on! > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Chris Lyon wrote: > > > I have seen a few messages float around the list on this subject and > > > wanted to give some of my input on it. I have been tracking > > the "User > > > unknown" > > > messages for about a week now on one of my MailScanner systems and > > > have found something odd. About 90% of all the "User > > unknown" messages > > > are coming from different hosts not seen before. So in other words a > > > single IP address will open an SMTP connection, send a message > > > anywhere from 5 to 29 recipients and drop the connection. We will > > > generate the "User unknown" back to then during the connection since > > > they are not on the list. That same IP address will usually will do > > > this style of attack three or four times in a few seconds. > > Only about > > > 10% of all the "User unknown" attacks show the same IP > > address again. > > > (This has only been a week and maybe this number will > > > change) The names they are using are standard dictionary > > stuff. bob@, > > > jeff@, todd@...etc. So what are they hunting for? Are they trying to > > > get past the spam engine? Are they hunting for valid names? > > > > > > > > > I think they doing all of the above but am mainly hunting for names. > > > So with that said is using LDAP on the MTA giving too much > > information > > > back to the spammers as what addresses are good/bad? > > > > > > > > > Any feedback? > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 16:31:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: Julian nice to know the commercial world eventually catches up.. What's New in Eudora 6.2 Email ScamWatch ScamWatch combats "phishing" schemes that use disguised URL's to gather personal information. Eudora now detects if the URL in the link differs suspiciously from the host name and warns you to exercise caution before making the connection. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 16:39:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: Chris Lyon wrote: > On Tue, 11 Jan 2005 10:46:10 +0100, Steen, Glenn wrote: > >>I'd tend to agree with Martin here. Even if the domain would be mapped, >>ATM this type of thing has more benefit than badness. > > > I am not disagreeing that the benefit isn't there but from a security > standpoint it is always better to give less information that more > information. So either at the MTA or in MS wouldn't it be better to > just silently delete? Not sending any "User unknown"? > Depends on risk you attach to having your email addresses 'known'. Also depends on the server load (66% of my inbound email is spam/malware for non existant addresses)....and if the message does get through you end up bouncing it by the final MX and then having to deal with the bounce of the bounce as the 'from' address prob won't work either.... A straight '550 no such user' from the MailScanner inbound MTA is much cleaner IHMO. For me the risk of having someone brute force the email addresses buy guessing is less than the email gateway being DOS-ed by thousands of emails I need to get MS to process to decide what to do with it. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 16:39:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would be very interested to hear if it is actually any good at it. I finally stopped paying Eudora for not fixing bugs, when Thunderbird appeared. Far superior app, it doesn't crash and it actually does what it says on the tin! The only thing I miss is PGP support (it has Enigmail which has GPG, but no PGP which I need for 1 purpose). Martin Hepworth wrote: > Julian > > nice to know the commercial world eventually catches up.. > > What's New in Eudora 6.2 Email > > ScamWatch > ScamWatch combats "phishing" schemes that use disguised URL's to gather > personal information. Eudora now detects if the URL in the link differs > suspiciously from the host name and warns you to exercise caution before > making the connection. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Tue Jan 11 16:52:51 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Lyon wrote: >I am not disagreeing that the benefit isn't there but from a security >standpoint it is always better to give less information that more >information. So either at the MTA or in MS wouldn't it be better to >just silently delete? Not sending any "User unknown"? > > Definately not better to silently delete, unless you have unlimited bandwidth. These are just probes off fresh machines, the second you accept the email without an error code that email address is validated and sold and you are placed in a second wave of attacks where they throw an even bigger dictionary at you. As per your direct email to me: Fresh (ie, not in a blacklist) owned boxes are used to launch dictionary attacks first -- some RBLs run a check against the IP for reverse dns, open proxy, rfc-ignorant, etc. Spammers usually they try to load balance their attacks through the entire block that the system has access to which is why you are seeing such a low hit rate per IP. Try plotting the amount of hits against a /24 instead of just a single ip. After the dictionary attacks, they are used to launch spam, then viruses and finally they are switched to open relay where dozens of people who have purchased the spamming software can use the compromised systems to launch their own content. The faster and sooner you can block them, the better. If it is a legitimate system, you will have the administrator contact you. At ExchangeDefender we field about 2-3 trouble tickets per day from remote mail admins but we block between 100-300 per day and slighly over 400 a day on weekends. Think about it this way: What are the odds that a mail system with no PTR will connect to my network and attempt to hit 20+ unknown recipients? -Vlad Mazek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jan 11 17:53:15 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I am not disagreeing that the benefit isn't there but from a > security standpoint it is always better to give less > information that more information. So either at the MTA or in > MS wouldn't it be better to just silently delete? Not sending any > "User unknown"? Good lord no. If a perfectly valid sender misspells the recipient noone will ever know! Moreover you have to distinguish between viruses/worms that are trying to brute-force stuff and spammers trying all kinds of addresses. There is no medicine against viruses/worms brute-force attacks. You can teergrube them a bit but you will not stop them. Our statistics show however that at least some spam-networks seem to "recognize" that certain accounts do not work anymore and will delete those e-mails from their lists. A lot of our customers started of with thousands of delivery attempts to non-existing users and from the point we started sending back "550 user unknown" things got a _LOT_ better for them. Of course you give hackers etc. a bit more insight since you tell them which addresses are valid and which ones are not. This is not a big risk though since security by obscurity never worked out. It aids but it is not sufficient anyways. And as I stated above, the risk of loosing valid mail due to silently deleting is not acceptable for most business users. Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Tue Jan 11 18:43:26 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > The only thing I miss is PGP support (it has Enigmail which has GPG, but > no PGP which I need for 1 purpose). Is it what your're looking for? 01/05/2005 Enigmail v0.90.0 has been released. Complete OpenPGP key management http://software.newsforge.com/article.pl?sid=05/01/06/1557216 -- Regards, Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at TRCINTL.COM Tue Jan 11 19:11:00 2005 From: lists at TRCINTL.COM (Kyle Harris) Date: Thu Jan 12 21:28:09 2006 Subject: AV Update Logging to SysLog Message-ID: I have a small script I put together a while back that looks through the mail log and gives me some basic information such as when the AV's that I'm running last updated and what viruses each AV has found. It is very similar to Vispan only it runs from the command line and gives very basic, daily information. Anyway, I recently discovered that some of the MailScanner autoupdate scripts do not write to the SysLog (my script looks for these entries). I use ClamAV, eTrust, and BitDefender. ClamAV (and eTrust) write something such as follows to the maillog: Found clamav installed Running autoupdate for clamav ClamAV did not need updating (or ClamAV updated, if that is the case) However, the BitDefender autoupdate script writes nothing to the maillog file. I took a look at some of the other autoupdate scripts and it appears that there are others that don't write to the SysLog. For the sake of continuity, anyone else think it would be a good idea for them to all log updates in a similar manner? In the event the answer is yes, I took a look at the BitDefender autoupdate that comes with MailScanner and found it to be a bit difficult to follow. I then had a look at the clamav-autoupdate script that Julian originally wrote and I found it quite easy to modify it to work with BitDefender. I have attached that script to this message in case it would be of use to anyone else, and it does log updates to SysLog. I believe it is a bit cleaner than the original script, however I have done limited testing of it. Thoughts? Kyle H. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "bitdefender-autoupdate") ] [ 2.7KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Tue Jan 11 19:47:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcin Ro¿ek wrote: > Julian Field wrote: > >> The only thing I miss is PGP support (it has Enigmail which has GPG, but >> no PGP which I need for 1 purpose). > > Is it what your're looking for? > > 01/05/2005 Enigmail v0.90.0 has been released. Complete OpenPGP key > management > > http://software.newsforge.com/article.pl?sid=05/01/06/1557216 I only installed it today, so presumably I have the latest version. I need to use an encryption key which uses the IDEA algorithm, which I understand GPG does not support. I can work around it at the moment, so it's not a killer problem. More awkward though as I have to do the PGP signing via the clipboard and the PGP app. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at SUDORA.COM Tue Jan 11 20:23:00 2005 From: james at SUDORA.COM (James A. Pattie) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Craig Daters wrote: | James A. Pattie wrote: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Julian Field wrote: |> | Craig Daters wrote: |> | |> |> Martin Hepworth wrote: |> |> |> |>> Craig |> |>> |> |>> I do the entire outside email traffic. |> |>> |> |>> tar it up after three days, then manually burnt to CD once I get |> enough |> |>> to fit onto a CD. |> |>> |> |>> If you make the "Archive Mail = users.rule" you can populate the rule |> |>> file with the users you want to archive. |> |>> |> |>> I then have a script that's called by cron to tar.gz up the |> |>> directories.. |> |>> |> |>> |> |> Thanks Martin, |> |> |> |> This gives me an idea of how to start a backup script. I do not |> want to |> |> back up all of it, as this would be to big. I only want to back up |> like |> |> 4 or 5 users email is all. Then be able to restore it somewhere to be |> |> able to find a particular message, preferably from a windows |> machine as |> |> no one other than myself knows how to use Linux.... |> |> |> | Use a ruleset to only archive the mail for a few users, and archive |> each |> | of them into a separate mbox file. See the comment above the "Archive |> | Mail" setting for info on this. An mbox file is, more or less, a plain |> | old text file containing all the messages archived into that file. If |> | you back these up into a .tgz file somewhere, your Windows staff can |> use |> | Winzip to open up the archive and then use any old text editor (or even |> | Word if they must!) and search the text file for relevant |> | keywords/dates/whatever. |> | |> | The Windows users will have to get used to seeing the full headers of |> | each message, but they will soon get used to it. And it's enormously |> | easier and faster to search than most other ways of hunting through |> | messages in a large mailbox. |> |> Or you use Mozilla Thunderbird and import the mbox file into their "Local |> Folders" and then use the nice gui to search, print, etc. |> |> - -- |> James A. Pattie |> james@sudora.com |> |> Linux -- SysAdmin / Programmer |> Sudora, LLC |> http://www.sudora.com/ |> | I had no idea Thunderbird could do this! I knew that I liked this app | for a reason :) Yup, I just found out how to do it yesterday before I saw this thread. :) It's currently a manual process, but the instructions were really easy. I ran across it in the Thunderbird FAQ section. | | I will deffinately have to remember this, thanks James. - -- James A. Pattie james@sudora.com Linux -- SysAdmin / Programmer Sudora, LLC http://www.sudora.com/ GPG Key Available at https://services.sudora.com/gpgkeys/james.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5DWjSl+1j6z8MycRAgj1AJ9K0mJ2SNS3l35RhgbATbkOi9PCfgCbBJwo 1PX+fCTnaz9p3XEqMVLMp7o= =SiMe -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Tue Jan 11 20:44:31 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I only installed it today, so presumably I have the latest version. I > need to use an encryption key which uses the IDEA algorithm, which I > understand GPG does not support. Perhaps this will help... http://www.gnupg.org/(en)/documentation/faqs.html#q3.3 -- Regards, Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Jan 11 20:39:33 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: We have just finished updating spamassassin to Version 3 and I remember seeing something on this list about which extra rules you should remove if you use rules_du_jour here is a list of the extra's I have… -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf -rw-r--r-- 1 root root 3927 Apr 24 2004 70_sare_bayes_poison_nxm.cf -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf -rw-r--r-- 1 root root 13211 May 11 2004 72_sare_bml_post25x.cf -rw-r--r-- 1 root root 10147 May 1 2004 99_sare_fraud_post25x.cf -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf -rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus-warnings.cf -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf Thank you. Philip Parsons ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 20:51:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcin Ro¿ek wrote: > Julian Field wrote: > >> I only installed it today, so presumably I have the latest version. I >> need to use an encryption key which uses the IDEA algorithm, which I >> understand GPG does not support. > > Perhaps this will help... > http://www.gnupg.org/(en)/documentation/faqs.html#q3.3 That looks just the job. Now I've just got to figure out how to get it into a Darwin "port"... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 11 21:04:21 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: > I'm testing MailScanner and I'm getting the following rejected message > sent back to the postmaster for Notification mesasges... > > I can send emails successfully to this account, but the Notification > messages get rejected. > > Any ideas? > > Thanks, > Diane > > The original message was received at Sun, 9 Jan 2005 16:34:10 -0600 > from localhost [127.0.0.1] > with id j09MYAcI009862 > > ----- The following addresses had permanent fatal errors ----- > > (reason: 550 Administrative prohibition) > > ----- Transcript of session follows ----- > ... while talking to kdinet.com.mail5.psmtp.com.: >>>> DATA > <<< 550 Administrative prohibition > > 554 5.0.0 Service unavailable > > [-- Attachment #2 --] > [-- Type: message/delivery-status, Encoding: 7bit, Size: 0.3K --] > > Reporting-MTA: dns; prsvr02.km-law.local > Arrival-Date: Sun, 9 Jan 2005 16:34:10 -0600 > > Final-Recipient: RFC822; drolland@kdinet.com > Action: failed > Status: 5.2.0 > Remote-MTA: DNS; kdinet.com.mail5.psmtp.com > Diagnostic-Code: SMTP; 550 Administrative prohibition > Last-Attempt-Date: Sun, 9 Jan 2005 16:34:12 -0600 > Diane, This could be a restriction caused by rules on the MTA, or it could be a permissions thing. I am assuming from your post in the ClamAV group a couple days ago that you are using Postfix? If so, double-check the settings in MailScanner.conf, especially the Systems Settings section (near the top) and the Notices to System Administrators section (nearer the bottom). I don't use Postfix so I'll have to defer to someone else who does for detailed settings, however, the comments are pretty clear. Don't give up, there are a few here who use Postfix successfully and I'm sure you'll get the help you need. It may be helpful to include your specific configuration and maybe a snippet of your MailScanner.conf (System Settings) to get a more detailed response. Kind regards, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 11 21:12:47 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: >It may be helpful to include your specific configuration and maybe a snippet >of your MailScanner.conf (System Settings) to get a more detailed response. > > And indeed the part of the mail log that details the events around the bounce. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 11 21:13:35 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Ken Goods wrote: > >> It may be helpful to include your specific configuration and maybe a >> snippet of your MailScanner.conf (System Settings) to get a more >> detailed response. >> >> > And indeed the part of the mail log that details the events around the > bounce. > > Drew Better yet! Thanks Drew. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jan 11 21:18:27 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] At 03:39 PM 1/11/2005, Philip Parsons wrote: >We have just finished updating spamassassin to Version 3 and I remember >seeing something on this list about which extra rules you should remove if >you use rules_du_jour here is a list of the extra's I have^Å > >-rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf I don't know about the others, I don't think any of them are included, but antidrug is built into SA 3.x and you should remove it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Jan 11 21:27:03 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: I don't use any extra rulesets after upgrading to SA3.x Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Philip Parsons Sent: Tuesday, January 11, 2005 2:40 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Updated spamassassin to version 3 We have just finished updating spamassassin to Version 3 and I remember seeing something on this list about which extra rules you should remove if you use rules_du_jour here is a list of the extra's I have. -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf -rw-r--r-- 1 root root 3927 Apr 24 2004 70_sare_bayes_poison_nxm.cf -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf -rw-r--r-- 1 root root 13211 May 11 2004 72_sare_bml_post25x.cf -rw-r--r-- 1 root root 10147 May 1 2004 99_sare_fraud_post25x.cf -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf -rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus-warnings.cf -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf Thank you. Philip Parsons ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 21:33:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Marcin Ro¿ek wrote: > >> Julian Field wrote: >> >>> I only installed it today, so presumably I have the latest version. I >>> need to use an encryption key which uses the IDEA algorithm, which I >>> understand GPG does not support. >> >> >> Perhaps this will help... >> http://www.gnupg.org/(en)/documentation/faqs.html#q3.3 > > > That looks just the job. Now I've just got to figure out how to get it > into a Darwin "port"... Done it. Many thanks for the pointer to the faq. Enigmail will be more useful now :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Tue Jan 11 21:59:03 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ken Goods > Sent: Tuesday, January 11, 2005 3:14 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Notification messages failing > > Drew Marshall wrote: > > Ken Goods wrote: > > > >> It may be helpful to include your specific configuration > and maybe a > >> snippet of your MailScanner.conf (System Settings) to get a more > >> detailed response. > >> > >> > > And indeed the part of the mail log that details the events > around the > > bounce. > > > > Drew Thanks guys! MTA is sendmail not postfix. Below are my System settings and the portion of the maillog file # System settings # --------------- # # How many MailScanner processes do you want to run at a time? # There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic. # If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure. # If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB. # # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 # User to run as (not normally used for sendmail) # If you want to change the ownership or permissions of the quarantine or # temporary files created by MailScanner, please see the "Incoming Work" # settings later in this file. #Run As User = mail #Run As User = postfix Run As User = # Group to run as (not normally used for sendmail) #Run As Group = mail #Run As Group = postfix Run As Group = # How often (in seconds) should each process check the incoming mail # queue for new messages? If you have a quiet mail server, you might # want to increase this value so it causes less load on your server, at # the cost of slightly increasing the time taken for an average message # to be processed. Queue Scan Interval = 5 # Set location of incoming mail queue # # This can be any one of # 1. A directory name # Example: /var/spool/mqueue.in # 2. A wildcard giving directory names # Example: /var/spool/mqueue.in/* # 3. The name of a file containing a list of directory names, # which can in turn contain wildcards. # Example: /etc/MailScanner/mqueue.in.list.conf # # If you are using sendmail and have your queues split into qf, df, xf # directories, then just specify the main directory, do not give me the # directory names of the qf,df,xf directories. # Example: if you have /var/spool/mqueue.in/qf # /var/spool/mqueue.in/df # /var/spool/mqueue.in/xf # then just tell me /var/spool/mqueue.in. I will find the subdirectories # automatically. # Incoming Queue Dir = /var/spool/mqueue.in # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/mqueue # Set where to unpack incoming messages before scanning them # This can completely safely use tmpfs or a ramdisk, which will # give you a significant performance improvement. # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset. Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id number so you can stop MailScanner PID file = /var/run/MailScanner.pid # To avoid resource leaks, re-start periodically Restart Every = 14400 # Set whether to use postfix, sendmail, exim or zmailer. # If you are using postfix, then see the "SpamAssassin User State Dir" # setting near the end of this file MTA = sendmail # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It is the command used to attempt delivery of outgoing cleaned/disinfected # messages. # This is not usually required for sendmail. # This can also be the filename of a ruleset. #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf #For sendmail users: Sendmail2 = /usr/sbin/sendmail #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf Sendmail2 = /usr/sbin/sendmail maillog Jan 9 15:01:04 prsvr02 MailScanner[9035]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:04 prsvr02 update.virus.scanners: Delaying cron job up to 600 seconds Jan 9 15:01:04 prsvr02 MailScanner[9035]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:04 prsvr02 MailScanner[9035]: Using locktype = flock Jan 9 15:01:04 prsvr02 MailScanner[9035]: New Batch: Scanning 2 messages, 5972 bytes Jan 9 15:01:05 prsvr02 MailScanner[9035]: Virus and Content Scanning: Starting Jan 9 15:01:05 prsvr02 MailScanner[9035]: Filename Checks: Windows/DOS Executable (j09KPQHP008851 eicar.com) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Filename Checks: Windows/DOS Executable (j09KPhCe008852 eicar.com) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Other Checks: Found 2 problems Jan 9 15:01:05 prsvr02 MailScanner[9035]: Content Checks: Detected and will disarm HTML message in j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Content Checks: Detected and will disarm HTML message in j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved entire message to /var/spool/MailScanner/quarantine/20050109/j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar.com" to /var/spool/MailScanner/quarantine/20050109/j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar_com.zip" to /var/spool/MailScanner/quarantine/20050109/j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved entire message to /var/spool/MailScanner/quarantine/20050109/j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar.com" to /var/spool/MailScanner/quarantine/20050109/j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar_com.zip" to /var/spool/MailScanner/quarantine/20050109/j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Cleaned: Delivered 2 cleaned messages Jan 9 15:01:05 prsvr02 sendmail[9057]: j09L1574009057: from=<>, size=856, class=0, nrcpts=1, msgid=<200501092101.j09L1574009057@prsvr02.km-law.local>, relay=root@localhost Jan 9 15:01:05 prsvr02 sendmail[9060]: j09KPQHP008851: to=, delay=00:35:39, xdelay=00:00:00, mailer=local, pri=122347, dsn=2.0.0, stat=Sent Jan 9 15:01:05 prsvr02 sendmail[9060]: j09KPhCe008852: to=, delay=00:35:22, xdelay=00:00:00, mailer=local, pri=122513, dsn=2.0.0, stat=Sent Jan 9 15:01:05 prsvr02 sendmail[9061]: j09L15fH009061: from=<>, size=1110, class=0, nrcpts=1, msgid=<200501092101.j09L1574009057@prsvr02.km-law.local>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Jan 9 15:01:05 prsvr02 sendmail[9061]: j09L15fH009061: to=, delay=00:00:00, mailer=esmtp, pri=31110, stat=queued Jan 9 15:01:05 prsvr02 sendmail[9057]: j09L1574009057: to=drolland@kdinet.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30856, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j09L15fH009061 Message accepted for delivery) Jan 9 15:01:05 prsvr02 sendmail[9064]: j09L15pe009064: from=<>, size=856, class=0, nrcpts=1, msgid=<200501092101.j09L15pe009064@prsvr02.km-law.local>, relay=root@localhost Jan 9 15:01:05 prsvr02 sendmail[9066]: j09L15pB009066: from=<>, size=1110, class=0, nrcpts=1, msgid=<200501092101.j09L15pe009064@prsvr02.km-law.local>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Jan 9 15:01:05 prsvr02 sendmail[9066]: j09L15pB009066: to=, delay=00:00:00, mailer=esmtp, pri=31110, stat=queued Jan 9 15:01:05 prsvr02 sendmail[9064]: j09L15pe009064: to=drolland@kdinet.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30856, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j09L15pB009066 Message accepted for delivery) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Sender Warnings: Delivered 2 warnings to virus senders Jan 9 15:01:05 prsvr02 sendmail[9067]: j09L1511009067: from=postmaster, size=3437, class=0, nrcpts=1, msgid=<200501092101.j09L1511009067@prsvr02.km-law.local>, relay=root@localhost Jan 9 15:01:05 prsvr02 sendmail[9069]: j09L15SK009069: from=, size=3712, class=0, nrcpts=1, msgid=<200501092101.j09L1511009067@prsvr02.km-law.local>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Jan 9 15:01:05 prsvr02 sendmail[9067]: j09L1511009067: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33437, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j09L15SK009069 Message accepted for delivery) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Notices: Warned about 2 messages Jan 9 15:01:05 prsvr02 MailScanner[9035]: New Batch: Scanning 3 messages, 7267 bytes Jan 9 15:01:08 prsvr02 MailScanner[9035]: Virus and Content Scanning: Starting Jan 9 15:01:08 prsvr02 MailScanner[9035]: Uninfected: Delivered 3 messages Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: postmaster notify: Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L18kD009085: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32434, dsn=2.0.0, stat=Sent Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L15fH009061: to=, delay=00:00:06, xdelay=00:00:01, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L15fH009061: j09L18kE009085: postmaster notify: Service unavailable Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L18kE009085: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32434, dsn=2.0.0, stat=Sent Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L15SK009069: to=root, delay=00:00:06, xdelay=00:00:00, mailer=local, pri=123712, dsn=2.0.0, stat=Sent Jan 9 15:01:14 prsvr02 MailScanner[9089]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:14 prsvr02 MailScanner[9089]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:14 prsvr02 MailScanner[9089]: Using locktype = flock Jan 9 15:01:24 prsvr02 MailScanner[9090]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:24 prsvr02 MailScanner[9090]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:24 prsvr02 MailScanner[9090]: Using locktype = flock Jan 9 15:01:34 prsvr02 MailScanner[9091]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:34 prsvr02 MailScanner[9091]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:35 prsvr02 MailScanner[9091]: Using locktype = flock Jan 9 15:01:44 prsvr02 MailScanner[9092]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:44 prsvr02 MailScanner[9092]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:44 prsvr02 MailScanner[9092]: Using locktype = flock ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 22:35:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: postmaster notify: Service unavailable That's the important bit. For some reason your SMTP server is insisting on TLS encryption, when the sendmail binary appears to be unable to do. Someone else with more experience of TLS is needed here. Can you make sendmail not insist on TLS when the connection is coming from localhost? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Tue Jan 11 22:37:41 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: This is interesting. Can you do an ldd on your sendmail binary. Also, can you post your sendmail.mc thx -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, January 11, 2005 5:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Notification messages failing Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: postmaster notify: Service unavailable That's the important bit. For some reason your SMTP server is insisting on TLS encryption, when the sendmail binary appears to be unable to do. Someone else with more experience of TLS is needed here. Can you make sendmail not insist on TLS when the connection is coming from localhost? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 11 22:38:55 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, >relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, >cipher=AES256-SHA, bits=256/256 > > That will be the important bit then, some form of TLS/ authentication error by the looks. I'm not a Sendmail user so I'll have to hand over to someone else but this looks like the bit. Nothing to do with MailScanner at all. >Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: >to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, >pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, >stat=Service unavailable >Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: >postmaster notify: Service unavailable > > Sorry I can't be more help Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 11 23:06:01 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Diane Rolland wrote: > >> Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, >> relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, >> cipher=AES256-SHA, bits=256/256 >> >> > That will be the important bit then, some form of TLS/ authentication > error by the looks. I'm not a Sendmail user so I'll have to hand over to > someone else but this looks like the bit. Nothing to do with MailScanner > at all. I wouldn't call myself a TLS expert at all but I see these lines all the time without any error. To me it just means that two TLS capable MTA:s negotiated for authentication but it failed as in no matching certificates, not as in an actual technical error. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 23:08:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Drew Marshall wrote: > >> Diane Rolland wrote: >> >>> Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, >>> relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, >>> cipher=AES256-SHA, bits=256/256 >>> >>> >> That will be the important bit then, some form of TLS/ authentication >> error by the looks. I'm not a Sendmail user so I'll have to hand over to >> someone else but this looks like the bit. Nothing to do with MailScanner >> at all. > > > I wouldn't call myself a TLS expert at all but I see these lines all the > time without any error. To me it just means that two TLS capable MTA:s > negotiated for authentication but it failed as in no matching > certificates, not as in an actual technical error. But the line after that failed with a "Service unavailable" error. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 11 23:20:25 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >> I wouldn't call myself a TLS expert at all but I see these lines all the >> time without any error. To me it just means that two TLS capable MTA:s >> negotiated for authentication but it failed as in no matching >> certificates, not as in an actual technical error. > > > But the line after that failed with a "Service unavailable" error. Yes, but I get the verification errors all the time with MTA:s on the internet that are TLS capable, but no errors so I'm not sure it's a TLS problem. It's just that we have not exchanged certificates. But as usual, I could be wrong. :-) But anyway, if it's an internal server it's usually not preferable to use TLS since it will encrypt/decrypt everything even without authentication and that eats some performance. You can control TLS behavior with the access file. It's described here (look especially at bottom): http://sendmail.org/m4/starttls.html -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Tue Jan 11 23:29:06 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Philip Parsons > Sent: Tuesday, January 11, 2005 3:40 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Updated spamassassin to version 3 > > We have just finished updating spamassassin to Version 3 and I remember > seeing something on this list about which extra rules you should remove if > you use rules_du_jour here is a list of the extra's I have. > > -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf > -rw-r--r-- 1 root root 3927 Apr 24 2004 > 70_sare_bayes_poison_nxm.cf > -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf > -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf > -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf > -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf > -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf > -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf > -rw-r--r-- 1 root root 13211 May 11 2004 > 72_sare_bml_post25x.cf > -rw-r--r-- 1 root root 10147 May 1 2004 > 99_sare_fraud_post25x.cf > -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf > -rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus- > warnings.cf > -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf > -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf > > > Thank you. > Philip Parsons > Phil, You migh get rid of all files except a subset of the SpamAssassin Rules Emporium's Rules_Du_Jour files. Remove all of the *.cf files in /etc/mail/spamassassin and any rules_du_jour files in /etc/cron.daily. Then download the Rules_Du_Jour installation files from our website: http://www.fsl.com/support/ Untar this file and cd into the rules_du_jour directory that will be created, then read the INSTALL instructions. The install.sh script works properly on a Linux / sendmail / MailScanner /SpamAssassin 3.0x system. Any other combination is not guaranteed but the install script is extremely simple. Thr rules_du_jour_wrapper script which install in /etc/cron.daily will actually update the rules_du_jour script. The rules_du_jour script will update the additional rules daily if if updated rules are available. The bogus-virus-warnings.cf file that's installed is not updated since it's been modified to take out the all the MailScanner related rules that might catch valid local emails and notices. Hope this helps, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Tue Jan 11 23:40:28 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: > > This is interesting. Can you do an ldd on your sendmail > binary. Also, can you post your sendmail.mc > I'm afraid I don't know what an lld is.... But, here is the sendmail.mc divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for Red Hat Linux')dnl OSTYPE(`linux')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST',`smtp.your.provider') dnl # define(`confDEF_USER_ID',``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # Added the following 4 lines by Diane 12/29/2004 dnl # TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # make -C /usr/share/ssl/certs usage dnl # or use the included makecert.sh script dnl # dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 11 23:44:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >>This is interesting. Can you do an ldd on your sendmail >>binary. Also, can you post your sendmail.mc >> > > I'm afraid I don't know what an lld is.... Here's how to do it, you need the full path to the binary, it's usually /usr/lib/sendmail on all systems. It will show all the libraries the binary uses. # ldd /usr/lib/sendmail linux-gate.so.1 => (0xffffe000) libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0x40022000) libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x40044000) libdb-4.2.so => /usr/lib/libdb-4.2.so (0x40066000) libnsl.so.1 => /lib/libnsl.so.1 (0x40142000) libresolv.so.2 => /lib/libresolv.so.2 (0x40155000) libc.so.6 => /lib/tls/libc.so.6 (0x40166000) libdl.so.2 => /lib/libdl.so.2 (0x40285000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Wed Jan 12 00:14:41 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: > Here's how to do it, you need the full path to the binary, > it's usually /usr/lib/sendmail on all systems. It will show > all the libraries the binary uses. > > # ldd /usr/lib/sendmail > linux-gate.so.1 => (0xffffe000) > libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 > (0x40022000) > libpostfix-util.so.1 => > /usr/lib/libpostfix-util.so.1 (0x40044000) > libdb-4.2.so => /usr/lib/libdb-4.2.so (0x40066000) > libnsl.so.1 => /lib/libnsl.so.1 (0x40142000) > libresolv.so.2 => /lib/libresolv.so.2 (0x40155000) > libc.so.6 => /lib/tls/libc.so.6 (0x40166000) > libdl.so.2 => /lib/libdl.so.2 (0x40285000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) > lld does not appear to be on my system. System is RHE 2.4.21-20.ELsmp ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Wed Jan 12 00:24:06 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Done it. Many thanks for the pointer to the faq. Enigmail will be more > useful now :-) > I'm glad i could help you :) -- Regards, Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Jan 12 00:43:57 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >># ldd /usr/lib/sendmail > > lld does not appear to be on my system. Your typing lld, try ldd, see above. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mallen at FAMILYRADIO.ORG Wed Jan 12 01:19:34 2005 From: mallen at FAMILYRADIO.ORG (Mike Allen) Date: Thu Jan 12 21:28:10 2006 Subject: NOD32 paths needed... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I need to know the precise default path(s) MailScanner uses to call NOD32 antivirus. Nod32 manufacturer does not document where things install on my FreeBSD system and I have already tried that route. I really can look this up in the sources, of course, but if anyone knows the answer, I would surely appreciate it. Thanks. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Wed Jan 12 01:24:45 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: > > This is interesting. Can you do an ldd on your sendmail > binary. Also, can you post your sendmail.mc > prsvr02:/root# ldd /usr/sbin/sendmail libssl.so.4 => /lib/libssl.so.4 (0x0063b000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x0091d000) libdb-4.1.so => /lib/libdb-4.1.so (0x0073b000) libresolv.so.2 => /lib/libresolv.so.2 (0x00af1000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00111000) libnsl.so.1 => /lib/libnsl.so.1 (0x001c8000) libwrap.so.0 => /usr/lib/libwrap.so.0 (0x0013e000) libhesiod.so.0 => /usr/lib/libhesiod.so.0 (0x00147000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x00dc9000) libldap.so.2 => /usr/lib/libldap.so.2 (0x0014b000) liblber.so.2 => /usr/lib/liblber.so.2 (0x006c2000) libc.so.6 => /lib/tls/libc.so.6 (0x001dd000) libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x00441000 ) libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x00315000) libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x006f3000) libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x00f5d000) libdl.so.2 => /lib/libdl.so.2 (0x00a46000) libz.so.1 => /usr/lib/libz.so.1 (0x00175000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00e73000) libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x00a30000) libpam.so.0 => /lib/libpam.so.0 (0x00183000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00d75000) liblaus.so.1 => /lib/liblaus.so.1 (0x00551000) sendmail.mc: divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for Red Hat Linux')dnl OSTYPE(`linux')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST',`smtp.your.provider') dnl # define(`confDEF_USER_ID',``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # Added the following 4 lines by Diane 12/29/2004 dnl # TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # make -C /usr/share/ssl/certs usage dnl # or use the included makecert.sh script dnl # dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Wed Jan 12 01:39:49 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:10 2006 Subject: NOD32 paths needed... Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Allen > Sent: Tuesday, January 11, 2005 8:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: NOD32 paths needed... > > I need to know the precise default path(s) MailScanner uses to call > NOD32 antivirus. > > Nod32 manufacturer does not document where things install on my FreeBSD > system > and I have already tried that route. > > I really can look this up in the sources, of course, but if anyone knows > the answer, I would surely > appreciate it. Thanks. > > Mike > Mike, look for a file called virus.scanners.conf in the ...etc/MailScanner directory. There should be two lines something like: nod32-1.99 /usr/lib/MailScanner/nod32-wrapper /usr/sbin nod32 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32 The third field is the top level install location. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Wed Jan 12 02:02:04 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:28:10 2006 Subject: skipping extension checking for a few users Message-ID: Hi Everyone, I am a bit confused.... how do I leave attachment checking on, but turn it off for a few users who do not like their email being filtered? Cheers, Andrew. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 07:57:45 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. It seems to have appeared sometime after I installed 4.35.11-1. Some of the mail that passes through them is being delivered with an empty or corrupted body. In all cases the messages seem to be multipart MIME. Most often the HTML part is corrupt or empty but the text part is OK. However sometimes that may be empty as well. The only common factors are: 1. The original messages was probably sent as RTF format, and 2. I see in the logs for each failed message the MailScanner warning: "Content Checks: Detected and will disarm HTML message in jBAtTRU022337" This can only apply to WebBugs that are detected since that is the only time I use the "disarm" action. But there should be _no_ web bugs present in these messages since most of the empty messages are from colleagues who sent a one/two line message. They have all used Outlook/Exchange to send theses messages. We know that the messages are the correct size and format when they reach the mail gateways. I suspect that a problem with RTF format messages is at the heart of this beaviour but have not collected enough consistent evidence yet. Any suggestions about fixing the problem would be welcome. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 11 January 2005 15:34 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question > >If you have told it to disarm web bugs, it has to search the >message for >them, at which point it will also disarm them. I think that's how it >works... :-) > >Quentin Campbell wrote: > >>Julian >> >>If the only thing I have told MailScanner to "disarm" are web >bugs, then >>why is it apparently finding web bugs in mail that contain no > tags >>in the HTML? >> >>The mail in question probably orginates as RTF from Outlook clients. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>-------------------------------------------------------------- >---------- >>"Any opinion expressed above is mine. The University can get its own." >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 11 January 2005 15:15 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question >>> >>>It will disarm those features you told it to. The "disarm >HTML" in the >>>message means it will be trying to disarm the requested bits of the >>>HTML. If you didn't specify "disarm" then it won't do it, it >will only >>>disarm the bits you told it to. >>> >>>Hope that answers your question. Given a question "a or b" the answer >>>cannot easily be "yes" :-) >>> >>>Quentin Campbell wrote: >>> >>> >>> >>>>Most of the "dangerous content" checks that I carry out with >>>> >>>> >>>MailScanner >>> >>> >>>>are controlled via rules files. In all cases the actions of >>>> >>>> >>>the rules is >>> >>> >>>>to either "deliver", "delete", "striphtml" or "attachment". >>>> >>>>I do not use "disarm" with one exception. In MailScanner.conf I have >>>> >>>> Allow WebBugs = disarm >>>> >>>>If I see in the logs "Content Checks: Detected and will disarm HTML >>>>message in jBAtTRU022337" does this _only_ refer to the >"disarming" of >>>>web bugs or can it also refer to actions taken over other >>>> >>>> >>>content which >>> >>> >>>>did not involve the specific "disarm" action? >>>> >>>>Looking at the log records for other "dangerous content" actions the >>>>empirical answer to the above question is "yes". Could this >>>> >>>> >>>be confirmed >>> >>> >>>>please. >>>> >>>>Thanks >>>> >>>>Quentin >>>>--- >>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>-------------------------------------------------------------- >>>> >>>> >>>---------- >>> >>> >>>>"Any opinion expressed above is mine. The University can >get its own." >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From aldas at POST.VILSAT.NET Wed Jan 12 09:34:09 2005 From: aldas at POST.VILSAT.NET (Aldas) Date: Thu Jan 12 21:28:10 2006 Subject: can't get rid of *.header files in MS's incoming dir Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there, I have been using MS for long time , almost from the project begining, i have to say it is really great program and i really enjoy it. My old system is running on Redhat 6.2 with sendmail 8.11.6 and MS 4.32.5 Now i am setting up new system on Gentoo with ldap authentification, Postfix 2.1.5 & MS 4.37.7 Everything seems to work perfect except one anoying problem, after each message was scanned and delivered there is *.header file left in incoming dir. After some time i have huge amount of those header files and seems they are not going to disapear. I've looked MS's conf file for 10x, searched google and FAQs with no success. If someone has any ideas i'll be very thankful Best regards, Baldzius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 09:15:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: Steve Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Philip Parsons >>Sent: Tuesday, January 11, 2005 3:40 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Updated spamassassin to version 3 >> >>We have just finished updating spamassassin to Version 3 and I remember >>seeing something on this list about which extra rules you should remove if >>you use rules_du_jour here is a list of the extra's I have. >> >>-rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf >>-rw-r--r-- 1 root root 3927 Apr 24 2004 >>70_sare_bayes_poison_nxm.cf >>-rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf >>-rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf >>-rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf >>-rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf >>-rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf >>-rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf >>-rw-r--r-- 1 root root 13211 May 11 2004 >>72_sare_bml_post25x.cf >>-rw-r--r-- 1 root root 10147 May 1 2004 >>99_sare_fraud_post25x.cf >>-rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf >>-rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus- >>warnings.cf >>-rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf >>-rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf >> >> >>Thank you. >>Philip Parsons >> > > > > Phil, > > You migh get rid of all files except a subset of the SpamAssassin Rules > Emporium's Rules_Du_Jour files. Remove all of the *.cf files in > /etc/mail/spamassassin and any rules_du_jour files in /etc/cron.daily. > > Then download the Rules_Du_Jour installation files from our website: > > http://www.fsl.com/support/ > > Untar this file and cd into the rules_du_jour directory that will be > created, then read the INSTALL instructions. The install.sh script works > properly on a Linux / sendmail / MailScanner /SpamAssassin 3.0x system. Any > other combination is not guaranteed but the install script is extremely > simple. > > Thr rules_du_jour_wrapper script which install in /etc/cron.daily will > actually update the rules_du_jour script. The rules_du_jour script will > update the additional rules daily if if updated rules are available. The > bogus-virus-warnings.cf file that's installed is not updated since it's been > modified to take out the all the MailScanner related rules that might catch > valid local emails and notices. > > > Hope this helps, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. Steve another option is the my_rules_du_jour (from same site as rules_du_jour...wwww.exit0.us), which does something similar to what your script does. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 09:18:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip disable the ALL_TRUSTED ruleset that comes with SA 3.x. It can drop the scores too low and alot of people on the SA-user list have trouble with it. edit spam.assassin.prefs.conf score ALL_TRUSTED 0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Philip Parsons wrote: > We have just finished updating spamassassin to Version 3 and I remember > seeing something on this list about which extra rules you should remove > if you use rules_du_jour here is a list of the extra's I have^Å > > -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf > -rw-r--r-- 1 root root 3927 Apr 24 2004 > 70_sare_bayes_poison_nxm.cf > -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf > -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf > -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf > -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf > -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf > -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf > -rw-r--r-- 1 root root 13211 May 11 2004 > 72_sare_bml_post25x.cf > -rw-r--r-- 1 root root 10147 May 1 2004 > 99_sare_fraud_post25x.cf > -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf > -rw-r--r-- 1 root root 104973 Jan 1 11:22 > bogus-virus-warnings.cf > -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf > -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf > > > Thank you. > Philip Parsons > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 09:28:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh and another one..(assumung you have auto_whitelist turned off) the auto_whitelist disable setting in MailScanner.conf doesn't work, ie doesn't talk to SA properly. You need to set this in spam.assassin.prefs.conf instead. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin Hepworth wrote: > Philip > > disable the ALL_TRUSTED ruleset that comes with SA 3.x. It can drop the > scores too low and alot of people on the SA-user list have trouble with it. > > edit spam.assassin.prefs.conf > > score ALL_TRUSTED 0 > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Philip Parsons wrote: > >> We have just finished updating spamassassin to Version 3 and I >> remember seeing something on this list about which extra rules you >> should remove if you use rules_du_jour here is a list of the extra's I >> have^Å >> >> -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf >> -rw-r--r-- 1 root root 3927 Apr 24 2004 >> 70_sare_bayes_poison_nxm.cf >> -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf >> -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf >> -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf >> -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf >> -rw-r--r-- 1 root root 385 Sep 19 19:35 >> 70_sare_ratware.cf >> -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf >> -rw-r--r-- 1 root root 13211 May 11 2004 >> 72_sare_bml_post25x.cf >> -rw-r--r-- 1 root root 10147 May 1 2004 >> 99_sare_fraud_post25x.cf >> -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf >> -rw-r--r-- 1 root root 104973 Jan 1 11:22 >> bogus-virus-warnings.cf >> -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf >> -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf >> >> >> Thank you. >> Philip Parsons >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website > ! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:22:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And you did either login directly as root or else did su - and not just su or else your path will be wrong. Peter Bonivart wrote: > Diane Rolland wrote: > >>> # ldd /usr/lib/sendmail >> >> >> lld does not appear to be on my system. > > > Your typing lld, try ldd, see above. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:24:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: skipping extension checking for a few users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please read up about rulesets. This is documented in the MAQ (address at the bottom of every list posting), the FAQ (look on www.mailscanner.info) and the Book which I thoroughly recommend you buy as it will explain all this stuff in detail. It's $39.95 and available straight off www.mailscanner.info. Andrew wrote: > Hi Everyone, > > I am a bit confused.... how do I leave attachment checking on, but turn > it off for a few users who do not like their email being filtered? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:26:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check you are using the correct "Lock Type" in MailScanner.conf. If running sendmail 8.13 or later, you need Lock Type = posix. Quentin Campbell wrote: >We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. >It seems to have appeared sometime after I installed 4.35.11-1. > >Some of the mail that passes through them is being delivered with an >empty or corrupted body. In all cases the messages seem to be multipart >MIME. Most often the HTML part is corrupt or empty but the text part is >OK. However sometimes that may be empty as well. The only common factors >are: > >1. The original messages was probably sent as RTF format, and >2. I see in the logs for each failed message the MailScanner warning: > >"Content Checks: Detected and will disarm HTML message in jBAtTRU022337" > >This can only apply to WebBugs that are detected since that is the only >time I use the "disarm" action. But there should be _no_ web bugs >present in these messages since most of the empty messages are from >colleagues who sent a one/two line message. They have all used >Outlook/Exchange to send theses messages. > >We know that the messages are the correct size and format when they >reach the mail gateways. I suspect that a problem with RTF format >messages is at the heart of this beaviour but have not collected enough >consistent evidence yet. > > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 11 January 2005 15:34 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question >> >>If you have told it to disarm web bugs, it has to search the >>message for >>them, at which point it will also disarm them. I think that's how it >>works... :-) >> >>Quentin Campbell wrote: >> >> >> >>>Julian >>> >>>If the only thing I have told MailScanner to "disarm" are web >>> >>> >>bugs, then >> >> >>>why is it apparently finding web bugs in mail that contain no >>> >>> >> tags >> >> >>>in the HTML? >>> >>>The mail in question probably orginates as RTF from Outlook clients. >>> >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>Sent: 11 January 2005 15:15 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question >>>> >>>>It will disarm those features you told it to. The "disarm >>>> >>>> >>HTML" in the >> >> >>>>message means it will be trying to disarm the requested bits of the >>>>HTML. If you didn't specify "disarm" then it won't do it, it >>>> >>>> >>will only >> >> >>>>disarm the bits you told it to. >>>> >>>>Hope that answers your question. Given a question "a or b" the answer >>>>cannot easily be "yes" :-) >>>> >>>>Quentin Campbell wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Most of the "dangerous content" checks that I carry out with >>>>> >>>>> >>>>> >>>>> >>>>MailScanner >>>> >>>> >>>> >>>> >>>>>are controlled via rules files. In all cases the actions of >>>>> >>>>> >>>>> >>>>> >>>>the rules is >>>> >>>> >>>> >>>> >>>>>to either "deliver", "delete", "striphtml" or "attachment". >>>>> >>>>>I do not use "disarm" with one exception. In MailScanner.conf I have >>>>> >>>>>Allow WebBugs = disarm >>>>> >>>>>If I see in the logs "Content Checks: Detected and will disarm HTML >>>>>message in jBAtTRU022337" does this _only_ refer to the >>>>> >>>>> >>"disarming" of >> >> >>>>>web bugs or can it also refer to actions taken over other >>>>> >>>>> >>>>> >>>>> >>>>content which >>>> >>>> >>>> >>>> >>>>>did not involve the specific "disarm" action? >>>>> >>>>>Looking at the log records for other "dangerous content" actions the >>>>>empirical answer to the above question is "yes". Could this >>>>> >>>>> >>>>> >>>>> >>>>be confirmed >>>> >>>> >>>> >>>> >>>>>please. >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:32:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have added this line to the spam.assassin.prefs.conf in the next release. Martin Hepworth wrote: > Philip > > disable the ALL_TRUSTED ruleset that comes with SA 3.x. It can drop > the scores too low and alot of people on the SA-user list have trouble > with it. > > edit spam.assassin.prefs.conf > > score ALL_TRUSTED 0 > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Philip Parsons wrote: > >> We have just finished updating spamassassin to Version 3 and I >> remember seeing something on this list about which extra rules you >> should remove if you use rules_du_jour here is a list of the extra's >> I have^Å >> >> -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf >> -rw-r--r-- 1 root root 3927 Apr 24 2004 >> 70_sare_bayes_poison_nxm.cf >> -rw-r--r-- 1 root root 211390 Oct 3 18:18 >> 70_sare_header.cf >> -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf >> -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf >> -rw-r--r-- 1 root root 17548 Aug 9 08:34 >> 70_sare_random.cf >> -rw-r--r-- 1 root root 385 Sep 19 19:35 >> 70_sare_ratware.cf >> -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf >> -rw-r--r-- 1 root root 13211 May 11 2004 >> 72_sare_bml_post25x.cf >> -rw-r--r-- 1 root root 10147 May 1 2004 >> 99_sare_fraud_post25x.cf >> -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf >> -rw-r--r-- 1 root root 104973 Jan 1 11:22 >> bogus-virus-warnings.cf >> -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf >> -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf >> >> >> Thank you. >> Philip Parsons >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:35:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: can't get rid of *.header files in MS's incoming dir Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check that all your paths specifed in MailScanner.conf are real absolute paths and none of them involve any symlinks. Also check the permissions on /var/spool/MailScanner/incoming. Do you get any errors in the maillog? Are these files being created with the right owner and permissions? Aldas wrote: > Hi there, > > I have been using MS for long time , almost from the project begining, i > have to say it is really great program and i really enjoy it. My old > system is running on Redhat 6.2 with sendmail 8.11.6 and MS 4.32.5 > > Now i am setting up new system on Gentoo with ldap authentification, > Postfix 2.1.5 & MS 4.37.7 > Everything seems to work perfect except one anoying problem, after each > message was scanned and delivered there is *.header file left in > incoming dir. After some time i have huge amount of those header files > and seems they are not going to disapear. I've looked MS's conf file for > 10x, searched google and FAQs with no success. If someone has any ideas > i'll be very thankful -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 11:26:16 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: Julian Thanks for the response. That is unlikely to be the problem as I recently checked all the mail gateways to ensure that MailScanner invocations were not re-processing the same message. This had been happening on one of the 8 gateways but it turned out that this system had an old RH AS 3 kernel and this was responsible for the locking problem. All the systems are now up2date as far as RH AS 3 patches are concerned. All the systems use the Sendmail that comes with these system; the last time they were updated this was Sendmail 8.12.11. I use the default locking in MailScanner. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 12 January 2005 10:27 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - a related problem > >Check you are using the correct "Lock Type" in MailScanner.conf. If >running sendmail 8.13 or later, you need Lock Type = posix. > >Quentin Campbell wrote: > >>We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. >>It seems to have appeared sometime after I installed 4.35.11-1. >> >>Some of the mail that passes through them is being delivered with an >>empty or corrupted body. In all cases the messages seem to be >multipart >>MIME. Most often the HTML part is corrupt or empty but the >text part is >>OK. However sometimes that may be empty as well. The only >common factors >>are: >> >>1. The original messages was probably sent as RTF format, and >>2. I see in the logs for each failed message the MailScanner warning: >> >>"Content Checks: Detected and will disarm HTML message in >jBAtTRU022337" >> >>This can only apply to WebBugs that are detected since that >is the only >>time I use the "disarm" action. But there should be _no_ web bugs >>present in these messages since most of the empty messages are from >>colleagues who sent a one/two line message. They have all used >>Outlook/Exchange to send theses messages. >> >>We know that the messages are the correct size and format when they >>reach the mail gateways. I suspect that a problem with RTF format >>messages is at the heart of this beaviour but have not >collected enough >>consistent evidence yet. >> >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 11 January 2005 15:34 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question >>> >>>If you have told it to disarm web bugs, it has to search the >>>message for >>>them, at which point it will also disarm them. I think that's how it >>>works... :-) >>> >>>Quentin Campbell wrote: >>> >>> >>> >>>>Julian >>>> >>>>If the only thing I have told MailScanner to "disarm" are web >>>> >>>> >>>bugs, then >>> >>> >>>>why is it apparently finding web bugs in mail that contain no >>>> >>>> >>> tags >>> >>> >>>>in the HTML? >>>> >>>>The mail in question probably orginates as RTF from Outlook clients. >>>> >>>> >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list >>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>Sent: 11 January 2005 15:15 >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: "Banned Content" question >>>>> >>>>>It will disarm those features you told it to. The "disarm >>>>> >>>>> >>>HTML" in the >>> >>> >>>>>message means it will be trying to disarm the requested bits of the >>>>>HTML. If you didn't specify "disarm" then it won't do it, it >>>>> >>>>> >>>will only >>> >>> >>>>>disarm the bits you told it to. >>>>> >>>>>Hope that answers your question. Given a question "a or b" >the answer >>>>>cannot easily be "yes" :-) >>>>> >>>>>Quentin Campbell wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Most of the "dangerous content" checks that I carry out with >>>>>> >>>>>> >>>>>> >>>>>> >>>>>MailScanner >>>>> >>>>> >>>>> >>>>> >>>>>>are controlled via rules files. In all cases the actions of >>>>>> >>>>>> >>>>>> >>>>>> >>>>>the rules is >>>>> >>>>> >>>>> >>>>> >>>>>>to either "deliver", "delete", "striphtml" or "attachment". >>>>>> >>>>>>I do not use "disarm" with one exception. In >MailScanner.conf I have >>>>>> >>>>>>Allow WebBugs = disarm >>>>>> >>>>>>If I see in the logs "Content Checks: Detected and will >disarm HTML >>>>>>message in jBAtTRU022337" does this _only_ refer to the >>>>>> >>>>>> >>>"disarming" of >>> >>> >>>>>>web bugs or can it also refer to actions taken over other >>>>>> >>>>>> >>>>>> >>>>>> >>>>>content which >>>>> >>>>> >>>>> >>>>> >>>>>>did not involve the specific "disarm" action? >>>>>> >>>>>>Looking at the log records for other "dangerous content" >actions the >>>>>>empirical answer to the above question is "yes". Could this >>>>>> >>>>>> >>>>>> >>>>>> >>>>>be confirmed >>>>> >>>>> >>>>> >>>>> >>>>>>please. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 11:31:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you capture a message (in its complete version) that suffers the problem consistently? Quentin Campbell wrote: >Julian > >Thanks for the response. > >That is unlikely to be the problem as I recently checked all the mail >gateways to ensure that MailScanner invocations were not re-processing >the same message. This had been happening on one of the 8 gateways but >it turned out that this system had an old RH AS 3 kernel and this was >responsible for the locking problem. > >All the systems are now up2date as far as RH AS 3 patches are concerned. >All the systems use the Sendmail that comes with these system; the last >time they were updated this was Sendmail 8.12.11. I use the default >locking in MailScanner. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 12 January 2005 10:27 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - a related problem >> >>Check you are using the correct "Lock Type" in MailScanner.conf. If >>running sendmail 8.13 or later, you need Lock Type = posix. >> >>Quentin Campbell wrote: >> >> >> >>>We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. >>>It seems to have appeared sometime after I installed 4.35.11-1. >>> >>>Some of the mail that passes through them is being delivered with an >>>empty or corrupted body. In all cases the messages seem to be >>> >>> >>multipart >> >> >>>MIME. Most often the HTML part is corrupt or empty but the >>> >>> >>text part is >> >> >>>OK. However sometimes that may be empty as well. The only >>> >>> >>common factors >> >> >>>are: >>> >>>1. The original messages was probably sent as RTF format, and >>>2. I see in the logs for each failed message the MailScanner warning: >>> >>>"Content Checks: Detected and will disarm HTML message in >>> >>> >>jBAtTRU022337" >> >> >>>This can only apply to WebBugs that are detected since that >>> >>> >>is the only >> >> >>>time I use the "disarm" action. But there should be _no_ web bugs >>>present in these messages since most of the empty messages are from >>>colleagues who sent a one/two line message. They have all used >>>Outlook/Exchange to send theses messages. >>> >>>We know that the messages are the correct size and format when they >>>reach the mail gateways. I suspect that a problem with RTF format >>>messages is at the heart of this beaviour but have not >>> >>> >>collected enough >> >> >>>consistent evidence yet. >>> >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>Sent: 11 January 2005 15:34 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question >>>> >>>>If you have told it to disarm web bugs, it has to search the >>>>message for >>>>them, at which point it will also disarm them. I think that's how it >>>>works... :-) >>>> >>>>Quentin Campbell wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Julian >>>>> >>>>>If the only thing I have told MailScanner to "disarm" are web >>>>> >>>>> >>>>> >>>>> >>>>bugs, then >>>> >>>> >>>> >>>> >>>>>why is it apparently finding web bugs in mail that contain no >>>>> >>>>> >>>>> >>>>> >>>> tags >>>> >>>> >>>> >>>> >>>>>in the HTML? >>>>> >>>>>The mail in question probably orginates as RTF from Outlook clients. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: MailScanner mailing list >>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>Sent: 11 January 2005 15:15 >>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>Subject: Re: "Banned Content" question >>>>>> >>>>>>It will disarm those features you told it to. The "disarm >>>>>> >>>>>> >>>>>> >>>>>> >>>>HTML" in the >>>> >>>> >>>> >>>> >>>>>>message means it will be trying to disarm the requested bits of the >>>>>>HTML. If you didn't specify "disarm" then it won't do it, it >>>>>> >>>>>> >>>>>> >>>>>> >>>>will only >>>> >>>> >>>> >>>> >>>>>>disarm the bits you told it to. >>>>>> >>>>>>Hope that answers your question. Given a question "a or b" >>>>>> >>>>>> >>the answer >> >> >>>>>>cannot easily be "yes" :-) >>>>>> >>>>>>Quentin Campbell wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>Most of the "dangerous content" checks that I carry out with >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>MailScanner >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>are controlled via rules files. In all cases the actions of >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>the rules is >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>to either "deliver", "delete", "striphtml" or "attachment". >>>>>>> >>>>>>>I do not use "disarm" with one exception. In >>>>>>> >>>>>>> >>MailScanner.conf I have >> >> >>>>>>>Allow WebBugs = disarm >>>>>>> >>>>>>>If I see in the logs "Content Checks: Detected and will >>>>>>> >>>>>>> >>disarm HTML >> >> >>>>>>>message in jBAtTRU022337" does this _only_ refer to the >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>"disarming" of >>>> >>>> >>>> >>>> >>>>>>>web bugs or can it also refer to actions taken over other >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>content which >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>did not involve the specific "disarm" action? >>>>>>> >>>>>>>Looking at the log records for other "dangerous content" >>>>>>> >>>>>>> >>actions the >> >> >>>>>>>empirical answer to the above question is "yes". Could this >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>be confirmed >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>please. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Wed Jan 12 11:52:40 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Quentin Campbell > >All the systems are now up2date as far as RH AS 3 patches are concerned. >All the systems use the Sendmail that comes with these system; the last >time they were updated this was Sendmail 8.12.11. I use the default >locking in MailScanner. I also had this problem on sendmail 8.12.10. After changing the locking to posix, the problem was gone. So, although the docs state that the locking problem occurs only from 8.13 on, it seems that also some 8.12 versions are affected. Please set the locking mechanism to "posix" and see if it solves your problem. >Quentin Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Wed Jan 12 13:03:02 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Hello, I've got an installation that seems to have bayes poisening. Obvious spam is being tagged with low bayes scores, etc. There are like 25,000 messages learned. How can I start the whole learning process over without allowing spam in immediately? Is there a way? In other words, first, how do I delete the bayes spam/ham databases, and do I need to then wait for 200 spam/ham to be collected before I can use sa-learn with 1000 spam/ham messages I've gathered recently? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 13:07:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Max autolearning won't occur until bayes is active. Bayes isn't active till you've got 200 of spam and 200 of ham (as you state). Assuming you haven't got a backup to restore, you can get a good starter from www.fsl.com/support. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Max Kipness wrote: > Hello, > > I've got an installation that seems to have bayes poisening. Obvious > spam is being tagged with low bayes scores, etc. There are like 25,000 > messages learned. > > How can I start the whole learning process over without allowing spam in > immediately? Is there a way? In other words, first, how do I delete the > bayes spam/ham databases, and do I need to then wait for 200 spam/ham to > be collected before I can use sa-learn with 1000 spam/ham messages I've > gathered recently? > > Thanks, > Max > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Wed Jan 12 13:20:48 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Thanks, I guess I got confused on the autolearning. I already have plenty of spam to add. How would one clear a bayes database? Thanks, Max ?Max ? ?autolearning won't occur until bayes is active. Bayes isn't ?active till you've got 200 of spam and 200 of ham (as you state). ? ?Assuming you haven't got a backup to restore, you can get a ?good starter from www.fsl.com/support. ? ?-- ?Martin Hepworth ?Snr Systems Administrator ?Solid State Logic ?Tel: +44 (0)1865 842300 ? ? ?Max Kipness wrote: ?> Hello, ?> ?> I've got an installation that seems to have bayes poisening. Obvious ?> spam is being tagged with low bayes scores, etc. There are ?like 25,000 ?> messages learned. ?> ?> How can I start the whole learning process over without ?allowing spam ?> in immediately? Is there a way? In other words, first, how ?do I delete ?> the bayes spam/ham databases, and do I need to then wait for 200 ?> spam/ham to be collected before I can use sa-learn with 1000 ?spam/ham ?> messages I've gathered recently? ?> ?> Thanks, ?> Max ?> ------------------------ MailScanner list ?------------------------ To ?> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: ?> 'leave mailscanner' in the body of the email. ?> Before posting, read the MAQ ?(http://www.mailscanner.biz/maq/) and the ?> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). ?> ?> *Support MailScanner development - buy the book off the website!* ? ?********************************************************************** ? ?This email and any files transmitted with it are confidential ?and intended solely for the use of the individual or entity to ?whom they are addressed. If you have received this email in ?error please notify the system manager. ? ?This footnote confirms that this email message has been swept ?for the presence of computer viruses and is believed to be clean. ? ?********************************************************************** ? ?------------------------ MailScanner list ?------------------------ To unsubscribe, email ?jiscmail@jiscmail.ac.uk with the words: ?'leave mailscanner' in the body of the email. ?Before posting, read the MAQ (http://www.mailscanner.biz/maq/) ?and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). ? ?Support MailScanner development - buy the book off the website! ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 13:26:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Max delete the files... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Max Kipness wrote: > Thanks, I guess I got confused on the autolearning. I already have plenty of > spam to add. > > How would one clear a bayes database? > > Thanks, > Max > > > ?Max > ? > ?autolearning won't occur until bayes is active. Bayes isn't > ?active till you've got 200 of spam and 200 of ham (as you state). > ? > ?Assuming you haven't got a backup to restore, you can get a > ?good starter from www.fsl.com/support. > ? > ?-- > ?Martin Hepworth > ?Snr Systems Administrator > ?Solid State Logic > ?Tel: +44 (0)1865 842300 > ? > ? > ?Max Kipness wrote: > ?> Hello, > ?> > ?> I've got an installation that seems to have bayes poisening. Obvious > ?> spam is being tagged with low bayes scores, etc. There are > ?like 25,000 > ?> messages learned. > ?> > ?> How can I start the whole learning process over without > ?allowing spam > ?> in immediately? Is there a way? In other words, first, how > ?do I delete > ?> the bayes spam/ham databases, and do I need to then wait for 200 > ?> spam/ham to be collected before I can use sa-learn with 1000 > ?spam/ham > ?> messages I've gathered recently? > ?> > ?> Thanks, > ?> Max > ?> ------------------------ MailScanner list > ?------------------------ To > ?> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > ?> 'leave mailscanner' in the body of the email. > ?> Before posting, read the MAQ > ?(http://www.mailscanner.biz/maq/) and the > ?> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > ?> > ?> *Support MailScanner development - buy the book off the website!* > ? > ?********************************************************************** > ? > ?This email and any files transmitted with it are confidential > ?and intended solely for the use of the individual or entity to > ?whom they are addressed. If you have received this email in > ?error please notify the system manager. > ? > ?This footnote confirms that this email message has been swept > ?for the presence of computer viruses and is believed to be clean. > ? > ?********************************************************************** > ? > ?------------------------ MailScanner list > ?------------------------ To unsubscribe, email > ?jiscmail@jiscmail.ac.uk with the words: > ?'leave mailscanner' in the body of the email. > ?Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > ?and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > ? > ?Support MailScanner development - buy the book off the website! > ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Wed Jan 12 14:04:55 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > delete the files... You can also do this: /usr/bin/sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --clear -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ivessm at softecusa.com Wed Jan 12 14:38:47 2005 From: ivessm at softecusa.com (Stewart M. Ives) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The path for sendmail might be: /usr/sbin/sendmail stew > And you did either login directly as root or else did > su - > and not just > su > or else your path will be wrong. > > Peter Bonivart wrote: > > > Diane Rolland wrote: > > > >>> # ldd /usr/lib/sendmail > >> > >> > >> lld does not appear to be on my system. > > > > > > Your typing lld, try ldd, see above. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 15:09:57 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >Sent: 12 January 2005 11:53 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - a related problem > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Quentin Campbell >> >>All the systems are now up2date as far as RH AS 3 patches are >concerned. >>All the systems use the Sendmail that comes with these >system; the last >>time they were updated this was Sendmail 8.12.11. I use the default >>locking in MailScanner. > >I also had this problem on sendmail 8.12.10. After changing >the locking to posix, the problem was gone. So, although the >docs state that the locking problem occurs only from 8.13 on, >it seems that also some 8.12 versions are affected. Please set >the locking mechanism to "posix" and see if it solves your problem. I will do this as a last resort. There are four reasons why I want to investigate other things first. In particular I want to capture a message before then after it has gone through MailSanner and got corrupted: 1. Locking works OK on RH AS 3 systems with an up-to-date kernel. 2. The symptoms we are seeing do not appear to be repeatable so far which makes conclusive testing difficult. 3. I have looked for other evidence of locking problems but cannot find any. For example I can show that all messages tagged as spam by MailScanner have been tagged once only. If there is a locking problem you will see the same message (ie. same Sendmail QID) being tagged as spam more than once by two or more MS processes. 4. The problem appears related to the Web Bug check. I will switch that off first. See below for more details of this. Having looked further at the problem it appears to be related to MIME multipart/alternative messages having all or part of the HTML part corrupted. The text part is not being affected. In all of the cases the logs show that MailScanner has "disarmed" the HTML content. Since I only "disarm" Web Bugs it appears that there may be a bug in the Web Bugs code that causes an intermittent problem. This suspicion is reinforced by the observation that the problem appears to have started when I enabled the Web Bug check late last year. I will first of all try "Allow WebBugs = yes" and see what happens. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 15:30:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What version of MailScanner are you using? I slightly improved the locking code (took out an "improvement" I made a long time ago which I only made after lots of people requested it) in 4.37. It now locks the df as well as the qf, which slows down delivery slightly in some situations, but appears to be more reliable than just locking the qf. Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>Sent: 12 January 2005 11:53 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - a related problem >> >> >> >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>Behalf Of Quentin Campbell >>> >>>All the systems are now up2date as far as RH AS 3 patches are >>> >>> >>concerned. >> >> >>>All the systems use the Sendmail that comes with these >>> >>> >>system; the last >> >> >>>time they were updated this was Sendmail 8.12.11. I use the default >>>locking in MailScanner. >>> >>> >>I also had this problem on sendmail 8.12.10. After changing >>the locking to posix, the problem was gone. So, although the >>docs state that the locking problem occurs only from 8.13 on, >>it seems that also some 8.12 versions are affected. Please set >>the locking mechanism to "posix" and see if it solves your problem. >> >> > >I will do this as a last resort. There are four reasons why I want to >investigate other things first. In particular I want to capture a >message before then after it has gone through MailSanner and got >corrupted: > >1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >2. The symptoms we are seeing do not appear to be repeatable so far >which makes conclusive testing difficult. >3. I have looked for other evidence of locking problems but cannot find >any. For example I can show that all messages tagged as spam by >MailScanner have been tagged once only. If there is a locking problem >you will see the same message (ie. same Sendmail QID) being tagged as >spam more than once by two or more MS processes. >4. The problem appears related to the Web Bug check. I will switch that >off first. See below for more details of this. > >Having looked further at the problem it appears to be related to MIME >multipart/alternative messages having all or part of the HTML part >corrupted. The text part is not being affected. > >In all of the cases the logs show that MailScanner has "disarmed" the >HTML content. Since I only "disarm" Web Bugs it appears that there may >be a bug in the Web Bugs code that causes an intermittent problem. This >suspicion is reinforced by the observation that the problem appears to >have started when I enabled the Web Bug check late last year. I will >first of all try "Allow WebBugs = yes" and see what happens. > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 15:36:05 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: Julian The version of MailScanner on which I have seen the problem is 4.35.10. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 12 January 2005 15:30 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - possibly a Web Bug >code problem > >What version of MailScanner are you using? I slightly improved the >locking code (took out an "improvement" I made a long time ago which I >only made after lots of people requested it) in 4.37. It now locks the >df as well as the qf, which slows down delivery slightly in some >situations, but appears to be more reliable than just locking the qf. > >Quentin Campbell wrote: > >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>Sent: 12 January 2005 11:53 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question - a related problem >>> >>> >>> >>>>From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>Behalf Of Quentin Campbell >>>> >>>>All the systems are now up2date as far as RH AS 3 patches are >>>> >>>> >>>concerned. >>> >>> >>>>All the systems use the Sendmail that comes with these >>>> >>>> >>>system; the last >>> >>> >>>>time they were updated this was Sendmail 8.12.11. I use the default >>>>locking in MailScanner. >>>> >>>> >>>I also had this problem on sendmail 8.12.10. After changing >>>the locking to posix, the problem was gone. So, although the >>>docs state that the locking problem occurs only from 8.13 on, >>>it seems that also some 8.12 versions are affected. Please set >>>the locking mechanism to "posix" and see if it solves your problem. >>> >>> >> >>I will do this as a last resort. There are four reasons why I want to >>investigate other things first. In particular I want to capture a >>message before then after it has gone through MailSanner and got >>corrupted: >> >>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>2. The symptoms we are seeing do not appear to be repeatable so far >>which makes conclusive testing difficult. >>3. I have looked for other evidence of locking problems but >cannot find >>any. For example I can show that all messages tagged as spam by >>MailScanner have been tagged once only. If there is a locking problem >>you will see the same message (ie. same Sendmail QID) being tagged as >>spam more than once by two or more MS processes. >>4. The problem appears related to the Web Bug check. I will >switch that >>off first. See below for more details of this. >> >>Having looked further at the problem it appears to be related to MIME >>multipart/alternative messages having all or part of the HTML part >>corrupted. The text part is not being affected. >> >>In all of the cases the logs show that MailScanner has "disarmed" the >>HTML content. Since I only "disarm" Web Bugs it appears that there may >>be a bug in the Web Bugs code that causes an intermittent >problem. This >>suspicion is reinforced by the observation that the problem appears to >>have started when I enabled the Web Bug check late last year. I will >>first of all try "Allow WebBugs = yes" and see what happens. >> >>Quentin >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 16:01:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In which case try editing SMDiskStore.pm and replace the sub Lock and sub Unlock with this code: # Open and lock the message sub Lock { my $this = shift; #print STDERR "About to lock " . $this->{hpath} . " and " . # $this->{dpath} . "\n"; MailScanner::Lock::openlock($this->{inhhandle}, '+<' . $this->{hpath}, 'w', 'quiet') or return undef; #print STDERR "Got hlock\n"; # If locking the dfile fails, then must close and unlock the qffile too # 14/12/2004 Try putting this back in for now. unless (MailScanner::Lock::openlock($this->{indhandle}, '+<' . $this->{dpath}, 'w', 'quiet')) { #JKF 14/12/2004 open($this->{indhandle}, '+<' . $this->{dpath})) { MailScanner::Lock::unlockclose($this->{inhhandle}); return undef; } #print STDERR "Got dlock\n"; return undef unless $this->{inhhandle} && $this->{indhandle}; return 1; } # Close and unlock the message sub Unlock { my $this = shift; # Now we lock the df file as well, we must unlock it too. MailScanner::Lock::unlockclose($this->{indhandle}); #close($this->{indhandle}); MailScanner::Lock::unlockclose($this->{inhhandle}); } Quentin Campbell wrote: >Julian > >The version of MailScanner on which I have seen the problem is 4.35.10. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 12 January 2005 15:30 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - possibly a Web Bug >>code problem >> >>What version of MailScanner are you using? I slightly improved the >>locking code (took out an "improvement" I made a long time ago which I >>only made after lots of people requested it) in 4.37. It now locks the >>df as well as the qf, which slows down delivery slightly in some >>situations, but appears to be more reliable than just locking the qf. >> >>Quentin Campbell wrote: >> >> >> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>Sent: 12 January 2005 11:53 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question - a related problem >>>> >>>> >>>> >>>> >>>> >>>>>From: MailScanner mailing list >>>>> >>>>> >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >>>>>Behalf Of Quentin Campbell >>>>> >>>>>All the systems are now up2date as far as RH AS 3 patches are >>>>> >>>>> >>>>> >>>>> >>>>concerned. >>>> >>>> >>>> >>>> >>>>>All the systems use the Sendmail that comes with these >>>>> >>>>> >>>>> >>>>> >>>>system; the last >>>> >>>> >>>> >>>> >>>>>time they were updated this was Sendmail 8.12.11. I use the default >>>>>locking in MailScanner. >>>>> >>>>> >>>>> >>>>> >>>>I also had this problem on sendmail 8.12.10. After changing >>>>the locking to posix, the problem was gone. So, although the >>>>docs state that the locking problem occurs only from 8.13 on, >>>>it seems that also some 8.12 versions are affected. Please set >>>>the locking mechanism to "posix" and see if it solves your problem. >>>> >>>> >>>> >>>> >>>I will do this as a last resort. There are four reasons why I want to >>>investigate other things first. In particular I want to capture a >>>message before then after it has gone through MailSanner and got >>>corrupted: >>> >>>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>>2. The symptoms we are seeing do not appear to be repeatable so far >>>which makes conclusive testing difficult. >>>3. I have looked for other evidence of locking problems but >>> >>> >>cannot find >> >> >>>any. For example I can show that all messages tagged as spam by >>>MailScanner have been tagged once only. If there is a locking problem >>>you will see the same message (ie. same Sendmail QID) being tagged as >>>spam more than once by two or more MS processes. >>>4. The problem appears related to the Web Bug check. I will >>> >>> >>switch that >> >> >>>off first. See below for more details of this. >>> >>>Having looked further at the problem it appears to be related to MIME >>>multipart/alternative messages having all or part of the HTML part >>>corrupted. The text part is not being affected. >>> >>>In all of the cases the logs show that MailScanner has "disarmed" the >>>HTML content. Since I only "disarm" Web Bugs it appears that there may >>>be a bug in the Web Bugs code that causes an intermittent >>> >>> >>problem. This >> >> >>>suspicion is reinforced by the observation that the problem appears to >>>have started when I enabled the Web Bug check late last year. I will >>>first of all try "Allow WebBugs = yes" and see what happens. >>> >>>Quentin >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chardlist at CHARD.NET Wed Jan 12 16:05:32 2005 From: chardlist at CHARD.NET (Brendan Chard) Date: Thu Jan 12 21:28:10 2006 Subject: Blank body in some HTML messages Message-ID: I recently upgraded to MS 4.35.11 on FreeBSD and started having problems with one user who sends HTML messages using Earthlink's Mailbox e-mail program. For some of the people he sends messages to the message body is blank. This did not occur before performing the upgrade. All of his HTML messages report the following in the maillog as they are scanned on the way out. Jan 11 07:47:15 server6 MailScanner[24311]: Content Checks: Detected and will disarm HTML message in j0BCl5wg068278 Jan 11 07:47:15 server6 MailScanner[24311]: Uninfected: Delivered 1 messages I saw a post back in November that reported that disabling the phishing checks fixed the problem but there seemed to be no solution posted as to how to get around it with keeping the phishing checks enabled. When the user switches to plain text everything works fine, but the user would prefer to use HTML formatted messages. My Mailscanner.conf file has the following options set for dangerous content scanning: Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Allow IFrame Tags = disarm Log IFrame Tags = no Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = yes Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Any light that can be shed on the empty e-mail bodies would be appreciated. -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rs at FORTCONSULT.NET Wed Jan 12 16:00:11 2005 From: rs at FORTCONSULT.NET (Roel Schouten) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: Hello, My installation of MailScanner does not notify senders of viruses even though I told it to do so. Otherwise my installation works fine (it both filters spam & virus). I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 with PostFix 2.0.16 as MTA. Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 I use the following settings in /etc/MailScanner/MailScanner.conf (I only included the ones, I believe to be relevant): Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Sendmail = /usr/sbin/sendmail Virus Scanners = clamavmodule Quarantine Infections = no Quarantine Silent Viruses = no Notify Senders = yes Notify Senders Of Viruses = yes To test the virus scanning functionality, I use the EICAR test virus. The log does not show any errors: Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, 719 bytes Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: Starting Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module found 1 infections Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B came from 127.0.0.1 Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses MailScanner is able to send notifications to the system administrator by setting "Send Notices = yes", so that works. It also possible to use /usr/sbin/sendmail (Postfix' version of it) to send mails to external addresses from the command line. Any clue? Thanks! Roel Schouten. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 16:16:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is your "Silent Viruses" set to "All-Viruses" by any chance? If so it won't reply to viruses. 99.9% of all viruses now fake the sender's address, so if you reply to them I can guarantee that you will *not* be replying to the owner of the infected PC but some poor innocent 3rd party who is nothing to do with it. Please DON'T do this, it gives MailScanner a very bad name and I end up having to waste my time replying to all these innocent people explaining why someone's faulty setup caused them to get a notification that is nothing to do with them. Roel Schouten wrote: >Hello, > >My installation of MailScanner does not notify senders of viruses even >though I told it to do so. >Otherwise my installation works fine (it both filters spam & virus). > >I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 >with PostFix 2.0.16 as MTA. >Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 > >I use the following settings in /etc/MailScanner/MailScanner.conf (I only >included the ones, I believe to be relevant): > >Run As User = postfix >Run As Group = postfix >Incoming Queue Dir = /var/spool/postfix/hold >Outgoing Queue Dir = /var/spool/postfix/incoming >MTA = postfix >Sendmail = /usr/sbin/sendmail >Virus Scanners = clamavmodule >Quarantine Infections = no >Quarantine Silent Viruses = no >Notify Senders = yes >Notify Senders Of Viruses = yes > >To test the virus scanning functionality, I use the EICAR test virus. >The log does not show any errors: >Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, 719 >bytes >Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: Starting >Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: >Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt >Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module found >1 infections >Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B >came from 127.0.0.1 >Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses > > >MailScanner is able to send notifications to the system administrator by >setting "Send Notices = yes", so that works. >It also possible to use /usr/sbin/sendmail (Postfix' version of it) to send >mails to external addresses from the command line. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Wed Jan 12 16:19:31 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doing that you are supporting viruses, because almost all virus have faked addresses. It´s better not to do that ----- Original Message ----- From: "Roel Schouten" To: Sent: Wednesday, January 12, 2005 5:00 PM Subject: MailScanner does not notify virus senders > Hello, > > My installation of MailScanner does not notify senders of viruses even > though I told it to do so. > Otherwise my installation works fine (it both filters spam & virus). > > I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 > with PostFix 2.0.16 as MTA. > Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 > > I use the following settings in /etc/MailScanner/MailScanner.conf (I only > included the ones, I believe to be relevant): > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > Sendmail = /usr/sbin/sendmail > Virus Scanners = clamavmodule > Quarantine Infections = no > Quarantine Silent Viruses = no > Notify Senders = yes > Notify Senders Of Viruses = yes > > To test the virus scanning functionality, I use the EICAR test virus. > The log does not show any errors: > Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, > 719 > bytes > Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: > Starting > Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: > Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module > found > 1 infections > Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B > came from 127.0.0.1 > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses > > > MailScanner is able to send notifications to the system administrator by > setting "Send Notices = yes", so that works. > It also possible to use /usr/sbin/sendmail (Postfix' version of it) to > send > mails to external addresses from the command line. > > Any clue? Thanks! > > Roel Schouten. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Wed Jan 12 16:07:58 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:28:10 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dear all Forgive me straight away if any of this has been answered before or is stupid on my part. Going through a bit of a baptism-of-fire at the moment with regard to mail servers. We have two mail servers running on Solaris 9 Sparc. Sendmail 8.12.10 utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier today, one of our large mailing lists got hit a couple of times and the servers got a bit busy. However, something went wrong and /tmp filled up with spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands were created in a short time, running /tmp out of i-nodes and thus effectively stopping MailScanner. Killing MailScanner, cleaning /tmp and restarting would then reproduce the problem again soon after. I truss'd the output of a few of the MailScanner processes that were going bad and all they were doing was trying to open new files in /tmp. Before my time, SA 2.6 was running and never provided any problems. Has anybody got any ideas? Are we thinking MailScanner or SA bugs possibly? We certainly are intending to get to SA 3.0.2, but there was some problem on out first attempt yesterday so we're stuck on 3.0.1 for a bit. Regards and Thanks Ade ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Jan 12 16:18:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Blank body in some HTML messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Almost certainly a file locking problem. If you are using sendmail, then please either upgrade to 4.37.7 or read the thread about "Banned Content question" and my latest posting to it. Brendan Chard wrote: >I recently upgraded to MS 4.35.11 on FreeBSD and started having problems >with one user who sends HTML messages using Earthlink's Mailbox e-mail >program. For some of the people he sends messages to the message body is >blank. This did not occur before performing the upgrade. > >All of his HTML messages report the following in the maillog as they are >scanned on the way out. > >Jan 11 07:47:15 server6 MailScanner[24311]: Content Checks: Detected and >will disarm HTML message in j0BCl5wg068278 >Jan 11 07:47:15 server6 MailScanner[24311]: Uninfected: Delivered 1 messages > >I saw a post back in November that reported that disabling the phishing >checks fixed the problem but there seemed to be no solution posted as to how >to get around it with keeping the phishing checks enabled. > >When the user switches to plain text everything works fine, but the user >would prefer to use HTML formatted messages. > >My Mailscanner.conf file has the following options set for dangerous content >scanning: > >Dangerous Content Scanning = yes >Allow Partial Messages = no >Allow External Message Bodies = no >Find Phishing Fraud = yes >Allow IFrame Tags = disarm >Log IFrame Tags = no >Allow Form Tags = disarm >Allow Script Tags = disarm >Allow WebBugs = yes >Allow Object Codebase Tags = disarm >Convert Dangerous HTML To Text = no >Convert HTML To Text = no > >Any light that can be shed on the empty e-mail bodies would be appreciated. > >-Brendan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 12 17:58:35 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hkbyte wrote: > I am working with a solution to block user to send out email by using > bcc. My idea is grapping the "Envelope recipient" during the SMTP > conversation and then check with all To: and CC: headers, if the > envelope recipient do not appear in the headers, the email is rejected. > Is there any help MailScanner can do ? Or where can I put my own Perl > Script if working with MailScanner. Any plans to include this in MailScanner? It would be very helpful to block/delete/reject delivery to addresses that are not in the To:/cc: fields. On the other hand, can anybody think of a legitimate reason for a BCC? -Vlad Mazek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jan 12 18:14:52 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: I make a point of BCC'ing management when responding to user requests for assistance. I've had too many instances of users keeping management in the dark for whatever reason. That way management can ignore (at their own risk) or be aware of any situation regarding support for their servers. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Vlad Mazek Sent: Wednesday, January 12, 2005 12:59 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Block outgoing bcc hkbyte wrote: > I am working with a solution to block user to send out email by using > bcc. My idea is grapping the "Envelope recipient" during the SMTP > conversation and then check with all To: and CC: headers, if the > envelope recipient do not appear in the headers, the email is rejected. > Is there any help MailScanner can do ? Or where can I put my own Perl > Script if working with MailScanner. Any plans to include this in MailScanner? It would be very helpful to block/delete/reject delivery to addresses that are not in the To:/cc: fields. On the other hand, can anybody think of a legitimate reason for a BCC? -Vlad Mazek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Wed Jan 12 17:24:55 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I always use BCC for sending mail when sending to more then one person.  No one needs to know how many people I sent the same message to, and if I send it to multiple people outside of the company, I don't wany someone getting others email address to SPAM them or involve them in unappropriate discussions.  I send it to myself in the To: field and BCC: everyone else I send the message to.  It also keeps people from hitting reply all when they only need to reply to me and sending their reply to the entire group.  I really wish everyone would do this personally!!  Blocking BCC for most things would in my opinion a BAD idea!! Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Jan 12 18:33:12 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: Vlad Mazek wrote: > On the other hand, can anybody think of a legitimate reason for a BCC? Sure. If I'm sending to a large number of people that may or may know each other, I don't clutter up there display w/a bunch of addresses they don't know. I've received messages w/50 or more addresses, none of which I knew. Takes up several lines on the screen pushing the message way down to the bottom. Or if sending out a request for quote or something like that to multiple vendors we may or may not want each vendor to know who the competition is. I'm sure others have legitimate reasons as well. It's a handy feature; not necessarily nefarious... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andy at TIRESWING.NET Wed Jan 12 18:44:17 2005 From: andy at TIRESWING.NET (Andy Norris) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: We've had our forms compromised with BCC problems. Have had to do much filtering on the emails before they're sent out. In fact, we save the text into a directory and have a cron job send them at intervals. We keep a copy for perusal that way. That said, if there were something in MailScanner that would protect server-wide, instead of having to think through each mail form, that would be incredible. Am bcc'ing this to everyone I know. Andy At 12:33 pm 2005-01-12, Kevin Miller wrote: >Vlad Mazek wrote: > > > On the other hand, can anybody think of a legitimate reason for a BCC? > >Sure. If I'm sending to a large number of people that may or may know each >other, I don't clutter up there display w/a bunch of addresses they don't >know. I've received messages w/50 or more addresses, none of which I knew. >Takes up several lines on the screen pushing the message way down to the >bottom. Or if sending out a request for quote or something like that to >multiple vendors we may or may not want each vendor to know who the >competition is. I'm sure others have legitimate reasons as well. It's a >handy feature; not necessarily nefarious... > > >...Kevin >-- >Kevin Miller Registered Linux User No: 307357 >CBJ MIS Dept. Network Systems Admin., Mail Admin. >155 South Seward Street ph: (907) 586-0242 >Juneau, Alaska 99801 fax: (907 586-4500 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 18:45:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > hkbyte wrote: > >> I am working with a solution to block user to send out email by using >> bcc. My idea is grapping the "Envelope recipient" during the SMTP >> conversation and then check with all To: and CC: headers, if the >> envelope recipient do not appear in the headers, the email is rejected. >> Is there any help MailScanner can do ? Or where can I put my own Perl >> Script if working with MailScanner. > > > Any plans to include this in MailScanner? None whatsoever. > It would be very helpful to block/delete/reject delivery to addresses > that are not in the To:/cc: > fields. Sorry, I strongly disagree. > On the other hand, can anybody think of a legitimate reason for a BCC? I will leave others to list out a few of the many reasons for using bcc. Would you really like your email address to be given out to everyone else in every mailing list you are a member of? A spammer subscribes to a list and automatically gets given a 100% accurate list of active email accounts read by people with interest in the list subject. They'll think it's Christmas every day! There are countless reasons for needing bcc, most of which are blindingly obvious. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Wed Jan 12 18:47:39 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: > Vlad Mazek wrote: > >> On the other hand, can anybody think of a legitimate reason for a >> BCC? I use BCC all the time if I'm sending to a small group of people - for larger groups I use custom software. Blocking BCC would be bad Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jan 12 19:11:07 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:10 2006 Subject: user howling "MailScanner ate my mail" Message-ID: Guys, I have a manager howling that he didn't get an important attachment, and didn't get any notice that it got rejected either. The syslog of the message is attached. ClamAV tagged it as a zip-of-death "virus" and then the filename rules complained about bat files. My MailScanner.conf settings contain: Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Deliver Cleaned Messages = no Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes How would the recipient get notified of this event? On a larger note, how come there is no section in the conf setting like "Notifications back to the senders of blocked messages", only for recipients? There is also no indication from my syslogs that the sender ever got a clue about the rejection either, probably due to the "Deliver Silent Viruses" setting. On a side note, the Eicar virus should be added to Non-Forging virus list. I tried to use it for testing, and the "silent viruses" setting gobbled the response. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "widget") 33 lines. ] [ Unable to print this part. ] From admin at thenamegame.com Wed Jan 12 19:24:19 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: We changed the SSH port on our boxes from port 22 to another port due to execessive SSH2 hack attempts on our boxes. Im assume that when MS gets the updates on the hour it via the SSH port? After looking at the f-secure update logs I noticed we haven’t received a virus update since Dec 22, 2004. I looked all over the place for the script that gets updates but port 22 is not defined anywhere so my question is where is the script that determines which port the updates are retrieved on? Id like to change it to the new port but its not defined anywhere. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jan 12 19:35:01 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:10 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Craig > The Database doesn't hold the actual email, that is left on the disk in > either rfc822 or queue file format depending on the settings in > MailScanner.conf > > If you're already using the non-admin user's function to check against > quarantined stuff then its more of less the same thing for 'normal' > email. You just need to make sure you are archiving the email for X days > for those users an dthey can then forward the email to themselves if > they are daft enough to have a deleted the billing/work email. > > Thinking about all this, wouldn't it be better to add better controls > into the work flow so that work/billing info is held per job somewhere > like a document repository. That way if someone isn't available for work > you can still see their work to be done etc??? > Martin, this was a very good idea that had not occurred to me. All this time I was thinking I needed to archive their mail, but they only need a few months worth saved. I have plenty of room for that, so I am going to use this idea. Plus, I don't have to worry about looking everything up for them, they can do it themselves! :) Though, I needed to make a change to the detail.php file of MailWatch. It was pointing to the wrong location and giving me fits at first: In detail.php change following line (line 190 in my file): $quarantinedir = get_conf_var("QuarantineDir"); $quarantine = $quarantinedir.'/'.$row->date.'/'.$row->id; $spam = $quarantinedir."/".$row->date.'/spam/'.$row->id; $notspam = $quarantinedir."/".$row->date.'/not-spam/'.$row->id; Change the $notspam variable to point on the right directory name: $notspam = $quarantinedir."/".$row->date.'/nonspam/'.$row->id; Once I fixed this, I was in business. I just need to change the number of days to hold onto data in my clean-up scripts to accommodate 2-3 months instead of only one. Regarding the better controls comment, I have fought and fought to get them to print out these emails and attach them to our job tickets, etc. but I keep getting the answer that our files do not have the room for all the extra paper this would generate, or similar. So this is my solution in the mean time. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 19:45:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner fetches the updates via whatever mechanism the AV vendor provides. But it's an outgoing connection to get the updates, and you will have moved the incoming SSH port, so that won't have any effect. Michael Freeman wrote: > We changed the SSH port on our boxes from port 22 to another port due > to execessive SSH2 hack attempts on our boxes. Im assume that when MS > gets the updates on the hour it via the SSH port? After looking at the > f-secure update logs I noticed we haven^Òt received a virus update > since Dec 22, 2004. I looked all over the place for the script that > gets updates but port 22 is not defined anywhere so my question is > where is the script that determines which port the updates are > retrieved on? Id like to change it to the new port but its not defined > anywhere. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 12 19:47:25 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >I use BCC all the time if I'm sending to a small group of people - for >larger groups I use custom software. > >Blocking BCC would be bad > > I hope you folks read dilbert because you'll really appreciate this; I spend nearly every day sitting here fielding calls from CxO's who have a compelling business reason for one idea or another and are oblivious to explanations, logic and standards. After a few hours of trying to explain how email works, and after they have shut down every logical argument for why things are implemented the way they are, I actually consider their requirement as that is the only way to get them off the phone. Anyhow, thanks for the input. I'm not saying its a good idea, I'm just saying that the people are asking for a feature and knowing that I'll have to write it anyhow it would help if someone already did it. Today is one of those days where I dream of shutting down ExchangeDefender and MailScanner and letting them choke in viagra ads. I free up customers from junk mail and suddenly they have more time to get creative about ways to ruin my day. :( -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jan 12 19:52:39 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: Hi, This sounds like the issue I just raised with Eicar not being listed in the "Non-Forging Viruses" list. Try modifying your setting to: Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR Then make sure "Notify Senders Of Viruses" is set to yes. I've been playing with this, and these settings got things working for me (MS 4.37.7). Julian, I've managed to get myself really confused on this "notify senders of viruses" thing. My conf file has the following settings: Silent Viruses = HTML-IFrame All-Viruses Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR Notify Senders Of Viruses = yes Does this mean that senders of viruses *only* get notified if the virus is on the non-forging list? Jeff Earickson Colby College On Wed, 12 Jan 2005, Roel Schouten wrote: > Date: Wed, 12 Jan 2005 16:00:11 +0000 > From: Roel Schouten > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner does not notify virus senders > > Hello, > > My installation of MailScanner does not notify senders of viruses even > though I told it to do so. > Otherwise my installation works fine (it both filters spam & virus). > > I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 > with PostFix 2.0.16 as MTA. > Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 > > I use the following settings in /etc/MailScanner/MailScanner.conf (I only > included the ones, I believe to be relevant): > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > Sendmail = /usr/sbin/sendmail > Virus Scanners = clamavmodule > Quarantine Infections = no > Quarantine Silent Viruses = no > Notify Senders = yes > Notify Senders Of Viruses = yes > > To test the virus scanning functionality, I use the EICAR test virus. > The log does not show any errors: > Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, 719 > bytes > Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: Starting > Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: > Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module found > 1 infections > Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B > came from 127.0.0.1 > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses > > > MailScanner is able to send notifications to the system administrator by > setting "Send Notices = yes", so that works. > It also possible to use /usr/sbin/sendmail (Postfix' version of it) to send > mails to external addresses from the command line. > > Any clue? Thanks! > > Roel Schouten. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Wed Jan 12 18:51:28 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unless he is redirecting ports and its to the same port that the outgoing update is on.  That might be causing the problem. ---------- Original Message ----------- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 12 Jan 2005 19:45:31 +0000 Subject: Re: Virus updates no longer happening > MailScanner fetches the updates via whatever mechanism the AV vendor > provides. But it's an outgoing connection to get the updates, and you > will have moved the incoming SSH port, so that won't have any effect. > > Michael Freeman wrote: > > > We changed the SSH port on our boxes from port 22 to another port due > > to execessive SSH2 hack attempts on our boxes. Im assume that when MS > > gets the updates on the hour it via the SSH port? After looking at the > [WINDOWS-1252?]> f-secure update logs I noticed we haven^Òt received a virus update > > since Dec 22, 2004. I looked all over the place for the script that > > gets updates but port 22 is not defined anywhere so my question is > > where is the script that determines which port the updates are > > retrieved on? Id like to change it to the new port but its not defined > > anywhere. > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. ------- End of Original Message ------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From admin at thenamegame.com Wed Jan 12 19:59:25 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: Well it was around Dec 21 that we changed the SSH port on this box so it seems to jive with the fact that because we did so that updates have now stopped. Im running f-secure and their code is encrypted so I cant determine exactly what they are doing. ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris Sweeney Sent: Wednesday, January 12, 2005 1:51 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus updates no longer happening Unless he is redirecting ports and its to the same port that the outgoing update is on. That might be causing the problem. ---------- Original Message ----------- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 12 Jan 2005 19:45:31 +0000 Subject: Re: Virus updates no longer happening > MailScanner fetches the updates via whatever mechanism the AV vendor > provides. But it's an outgoing connection to get the updates, and you > will have moved the incoming SSH port, so that won't have any effect. > > Michael Freeman wrote: > > > We changed the SSH port on our boxes from port 22 to another port due > > to execessive SSH2 hack attempts on our boxes. Im assume that when MS > > gets the updates on the hour it via the SSH port? After looking at the > [WINDOWS-1252?]> f-secure update logs I noticed we haven’t received a virus update > > since Dec 22, 2004. I looked all over the place for the script that > > gets updates but port 22 is not defined anywhere so my question is > > where is the script that determines which port the updates are > > retrieved on? Id like to change it to the new port but its not defined > > anywhere. > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. ------- End of Original Message ------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 19:59:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It means that sender of viruses *only* get notified if either of the following is true: a) Silent Viruses contains All-Viruses and the virus is on the Non-Forging Viruses list or b) Silent Viruses does not contain All-Viruses and does not list the virus that was present in the email message. Sorry for it being confusing, but I had to develop ways of forcing people's installations to adopt the behaviour I wanted them to have, without them having to change any settings they already had (and if possible without them actually noticing I was changing the operation of their system so they wouldn't change it back to doing it badly :-) Jeff A. Earickson wrote: > Hi, > > This sounds like the issue I just raised with Eicar not being listed > in the "Non-Forging Viruses" list. Try modifying your setting > to: > > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR > > Then make sure "Notify Senders Of Viruses" is set to yes. I've been > playing with this, and these settings got things working for me > (MS 4.37.7). > > Julian, > > I've managed to get myself really confused on this "notify senders > of viruses" thing. My conf file has the following settings: > > Silent Viruses = HTML-IFrame All-Viruses > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR > Notify Senders Of Viruses = yes > > Does this mean that senders of viruses *only* get notified if the > virus is on the non-forging list? > > Jeff Earickson > Colby College > > On Wed, 12 Jan 2005, Roel Schouten wrote: > >> Date: Wed, 12 Jan 2005 16:00:11 +0000 >> From: Roel Schouten >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: MailScanner does not notify virus senders >> >> Hello, >> >> My installation of MailScanner does not notify senders of viruses even >> though I told it to do so. >> Otherwise my installation works fine (it both filters spam & virus). >> >> I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel >> 2.4.21-27 >> with PostFix 2.0.16 as MTA. >> Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 >> >> I use the following settings in /etc/MailScanner/MailScanner.conf (I >> only >> included the ones, I believe to be relevant): >> >> Run As User = postfix >> Run As Group = postfix >> Incoming Queue Dir = /var/spool/postfix/hold >> Outgoing Queue Dir = /var/spool/postfix/incoming >> MTA = postfix >> Sendmail = /usr/sbin/sendmail >> Virus Scanners = clamavmodule >> Quarantine Infections = no >> Quarantine Silent Viruses = no >> Notify Senders = yes >> Notify Senders Of Viruses = yes >> >> To test the virus scanning functionality, I use the EICAR test virus. >> The log does not show any errors: >> Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 >> messages, 719 >> bytes >> Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: >> Starting >> Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: >> Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt >> Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV >> Module found >> 1 infections >> Jan 12 16:46:36 mail MailScanner[15031]: Infected message >> 2A34F581F5.4AD7B >> came from 127.0.0.1 >> Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses >> >> >> MailScanner is able to send notifications to the system administrator by >> setting "Send Notices = yes", so that works. >> It also possible to use /usr/sbin/sendmail (Postfix' version of it) >> to send >> mails to external addresses from the command line. >> >> Any clue? Thanks! >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jan 12 20:19:47 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Freeman wrote: > Well it was around Dec 21 that we changed the SSH port on this box so it > seems to jive with the fact that because we did so that updates have now > stopped. Im running f-secure and their code is encrypted so I cant > determine exactly what they are doing. IF all else fails temporarily change ssl port back to 22 and try a manual update. Then you will know for sure. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Wed Jan 12 21:45:18 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:10 2006 Subject: Stored Spam vs Virus Infected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm having a problem with stored spam, when users try to retrieve by having them resent they are rescanned by MailScanner again which then detects a virus and doesn't send. Works fine when the email doesn't contain a virus. The log entries show that on Jan 4, this email was determined to be spam and stored. The user then tried to retrieve it on the 11th and a virus was detected. Why wasn't the virus detected on the 4th? What am I missing? Is virus scanning not done if action is store? or if the message is spam? Stored mail is stored as queue files, resends drop the file back in the mqueue.in directory with some changes to ensure they aren't detected as spam again. Please let me know if you need addtional information. Running MailScanner 4.32.5 with Sendmail/Sophos/ClamAV Thanks in advance, Derek Jan 4 12:57:50 lime sendmail[18121]: [ID 801593 mail.info] j04HvkO18121: from=, size=28581, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=Daemon0, relay=ASte-Genev-Bois-152-1-51-102.w82-121.abo.wanadoo.fr [82.121.149.102] Jan 4 12:57:50 lime sendmail[18121]: [ID 801593 mail.info] j04HvkO18121: to=, delay=00:00:03, mailer=esmtp, pri=58581, stat=queued Jan 4 13:21:52 lime MailScanner[14001]: Message j04HvkO18121 from 82.121.149.102 (pete-ohkipleung@toto.csustan.edu) to algorithmics.com is spam, SpamAssassin (score=7.004, required 4.5, autolearn=disabled, HTML_90_100 0.19, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.71, MIME_HTML_ONLY 1.16, MSGID_SPAM_LETTERS 3.15, RCVD_IN_NJABL_DUL 1.66, RCVD_IN_SORBS_DUL 0.14) Jan 4 13:26:24 lime MailScanner[14001]: Spam Actions: message j04HvkO18121 actions are store Jan 11 08:51:32 lime MailScanner[5464]: SophosSAVI::INFECTED:: W32/Bagle-AA:: ./j04HvkO18121/MoreInfo.exe Jan 11 08:51:39 lime MailScanner[5464]: /var/spool/MailScanner/incoming/5464/./j04HvkO18121/MoreInfo.exe: Worm.Bagle.Z FOUND Jan 11 08:51:40 lime MailScanner[5464]: Infected message j04HvkO18121 came from 82.121.149.102 Jan 11 08:51:40 lime MailScanner[5464]: Filename Checks: Possible Windows executable attack (j04HvkO18121 MoreInfo.exe) ------------------------------------------------------------------- This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 21:58:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Stored Spam vs Virus Infected Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If the message was just stored as its spam action, and you aren't running a new enough version to have the "Keep Spam and MCP Archive Clean" setting (I think that's what I called it) then it will store the message in the archive in just the state it received it. This will include any infections. Upgrade to the latest version and make sure you have it set to keep the spam archive clean, and it will delete infected spam from the archive, so that your users can't retrieve infected messages. In the past I always had the archives carefully store the messages in exactly the state they were received. Derek Winkler wrote: >I'm having a problem with stored spam, when users try to retrieve by having >them resent they are rescanned by MailScanner again which then detects a >virus and doesn't send. Works fine when the email doesn't contain a virus. > >The log entries show that on Jan 4, this email was determined to be spam and >stored. > >The user then tried to retrieve it on the 11th and a virus was detected. > >Why wasn't the virus detected on the 4th? > >What am I missing? > >Is virus scanning not done if action is store? or if the message is spam? > >Stored mail is stored as queue files, resends drop the file back in the >mqueue.in directory with some changes to ensure they aren't detected as spam >again. > >Please let me know if you need addtional information. > >Running MailScanner 4.32.5 with Sendmail/Sophos/ClamAV > >Thanks in advance, > >Derek > >Jan 4 12:57:50 lime sendmail[18121]: [ID 801593 mail.info] j04HvkO18121: >from=, size=28581, class=0, nrcpts=1, >msgid=, proto=SMTP, daemon=Daemon0, >relay=ASte-Genev-Bois-152-1-51-102.w82-121.abo.wanadoo.fr [82.121.149.102] >Jan 4 12:57:50 lime sendmail[18121]: [ID 801593 mail.info] j04HvkO18121: >to=, delay=00:00:03, mailer=esmtp, pri=58581, >stat=queued >Jan 4 13:21:52 lime MailScanner[14001]: Message j04HvkO18121 from >82.121.149.102 (pete-ohkipleung@toto.csustan.edu) to algorithmics.com is >spam, SpamAssassin (score=7.004, required 4.5, autolearn=disabled, >HTML_90_100 0.19, HTML_MESSAGE 0.00, HTML_SHORT_LENGTH 0.71, MIME_HTML_ONLY >1.16, MSGID_SPAM_LETTERS 3.15, RCVD_IN_NJABL_DUL 1.66, RCVD_IN_SORBS_DUL >0.14) >Jan 4 13:26:24 lime MailScanner[14001]: Spam Actions: message j04HvkO18121 >actions are store > > >Jan 11 08:51:32 lime MailScanner[5464]: SophosSAVI::INFECTED:: >W32/Bagle-AA:: ./j04HvkO18121/MoreInfo.exe >Jan 11 08:51:39 lime MailScanner[5464]: >/var/spool/MailScanner/incoming/5464/./j04HvkO18121/MoreInfo.exe: >Worm.Bagle.Z FOUND >Jan 11 08:51:40 lime MailScanner[5464]: Infected message j04HvkO18121 came >from 82.121.149.102 >Jan 11 08:51:40 lime MailScanner[5464]: Filename Checks: Possible Windows >executable attack (j04HvkO18121 MoreInfo.exe) > >------------------------------------------------------------------- > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jan 12 22:00:09 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:10 2006 Subject: Stored Spam vs Virus Infected Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Derek Winkler wrote: > I'm having a problem with stored spam, when users try to retrieve by having > them resent they are rescanned by MailScanner again which then detects a > virus and doesn't send. Works fine when the email doesn't contain a virus. > > The log entries show that on Jan 4, this email was determined to be spam and > stored. > > The user then tried to retrieve it on the 11th and a virus was detected. > > Why wasn't the virus detected on the 4th? > > What am I missing? > > Is virus scanning not done if action is store? or if the message is spam? > > Stored mail is stored as queue files, resends drop the file back in the > mqueue.in directory with some changes to ensure they aren't detected as spam > again. > > Please let me know if you need addtional information. > The answer is here: http://www.mailscanner.biz/maq/#highsconotscanned ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian at klondyke.net Wed Jan 12 22:02:39 2005 From: brian at klondyke.net (Brian Wells) Date: Thu Jan 12 21:28:10 2006 Subject: URIBL does not work from MailScanner but works from Spamassassin -t or -D Message-ID: Hello All, I am having a very odd problem getting the URIBLs to work. When I send a test message to Spamassassin using spamassassin -t or -D, the message goes through all the URIBL tests and gets scored appropriately. But when I send the same message through the mail system using MailScanner, the URIBL tests do not get ran. I have several systems running MailScanner and Spamassassin and compared the configs and can not find the differences. I did find on the spamassassin mailing list something regarding using body versus header in the 25_uribl.cf file for version 3.0.2. But have tried it both ways with the same result. Running Spamassassin from the command line blocks the email but it gets through using MailScanner. I am using MailScanner version 4.36.4 and Spamassassin version 3.0.2. Any ideas would be most appreciated Thanks, Brian Wells Klondyke's Online Services, LLC PO Box 87405, Canton, MI 48187-0405 http://www.klondyke.net Administration/Billing: 1-866-727-5694, billing@klondyke.net Support: 1-877-296-9160 support@klondyke.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mallen at FAMILYRADIO.ORG Wed Jan 12 23:22:51 2005 From: mallen at FAMILYRADIO.ORG (Mike Allen) Date: Thu Jan 12 21:28:10 2006 Subject: NOD32 paths needed...(FOLOWUP) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks to Steve Swaney and others: My virus.scanners.conf file looks like this: nod32-1.99 /usr/local/libexec/MailScanner/nod32-wrapper /usr/sbin nod32 /usr/local/libexec/MailScanner/nod32-wrapper /usr/local/nod32 Since we are at Version 2 of nod32, do we even need the 'nod32-1.99' entry above? There are three nod32 daemon processes but there has never been any entries logged in /var/log/nod32.log. Why? TIA for any further help you can give me in sorting this out. Mike Allen Notes: 1. All nod32 executables except the 'nod32-wrapper' reside in both folders above. 2. The nod32 executables have owner and group of NOD32 in one folder and owner and group of root and wheel in the other folder. Otherwise the executables are identical. 2. The version of MailScanner we are ujsing is 4.30.3 which is a FreeBSD 'port'. FreeBSD 'ports' tend to relocate software from its default location. An example of file relocation is the path to '/usr/local/libexec/MailScanner/nod32-wrapper' above. 3. The OS version is FreeBSD 5.1-RELEASE-p18. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dde at TWN.TUV.COM Thu Jan 13 03:00:50 2005 From: dde at TWN.TUV.COM (D. Dowling) Date: Thu Jan 12 21:28:10 2006 Subject: Mail header From: rule Message-ID: Hi I have written a rule to search the From: field of a mail header. However, SpamAssassin does not identify and mark mail from the search string in the rule. For example, I want SpamAssassin to search for mail from any address with the suffix, tom.com, header TOM_AD_FROM From =~ /tom\.com/im describe TOM_AD_FROM From tom.com address score TOM_AD_FROM 1.5 URL testing and embedded mailto strings in the mail body are working fine. I'm using v2.64. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 13 08:50:25 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: Julian You had already given me a new SMDiskStore.pm module, dated 16 December to try. The locking code in this differs from the new code you want me to try as follows: < #JKF MailScanner::Lock::unlockclose($this->{indhandle}); < close($this->{indhandle}); --- > # Now we lock the df file as well, we must unlock it too. > MailScanner::Lock::unlockclose($this->{indhandle}); > #close($this->{indhandle}); I have made the change as above and will let you know what happens. I also note that the new code is in the MailScanner-4.37.7-1 SMDiskStore.pm which I was planning to move to anyway. I have not touched the "Allow WebBugs = disarm" setting which I assume is an essential part of the test of the changes to SMDiskStore.pm. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 12 January 2005 16:02 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - possibly a Web Bug >code problem > >In which case try editing SMDiskStore.pm and replace the sub Lock and >sub Unlock with this code: > ># Open and lock the message >sub Lock { > my $this = shift; > > #print STDERR "About to lock " . $this->{hpath} . " and " . > # $this->{dpath} . "\n"; > MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >$this->{hpath}, >'w', 'quiet') > or return undef; > #print STDERR "Got hlock\n"; > > # If locking the dfile fails, then must close and unlock the >qffile too > # 14/12/2004 Try putting this back in for now. > unless (MailScanner::Lock::openlock($this->{indhandle}, > '+<' . $this->{dpath}, 'w', 'quiet')) { > #JKF 14/12/2004 open($this->{indhandle}, '+<' . >$this->{dpath})) { > MailScanner::Lock::unlockclose($this->{inhhandle}); > return undef; > } > #print STDERR "Got dlock\n"; > return undef unless $this->{inhhandle} && $this->{indhandle}; > return 1; >} > > ># Close and unlock the message >sub Unlock { > my $this = shift; > > # Now we lock the df file as well, we must unlock it too. > MailScanner::Lock::unlockclose($this->{indhandle}); > #close($this->{indhandle}); > MailScanner::Lock::unlockclose($this->{inhhandle}); >} > > > >Quentin Campbell wrote: > >>Julian >> >>The version of MailScanner on which I have seen the problem >is 4.35.10. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>-------------------------------------------------------------- >---------- >>"Any opinion expressed above is mine. The University can get its own." >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 12 January 2005 15:30 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>code problem >>> >>>What version of MailScanner are you using? I slightly improved the >>>locking code (took out an "improvement" I made a long time >ago which I >>>only made after lots of people requested it) in 4.37. It now >locks the >>>df as well as the qf, which slows down delivery slightly in some >>>situations, but appears to be more reliable than just locking the qf. >>> >>>Quentin Campbell wrote: >>> >>> >>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list >>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>Sent: 12 January 2005 11:53 >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: "Banned Content" question - a related problem >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>From: MailScanner mailing list >>>>>> >>>>>> >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> >>> >>>>>>Behalf Of Quentin Campbell >>>>>> >>>>>>All the systems are now up2date as far as RH AS 3 patches are >>>>>> >>>>>> >>>>>> >>>>>> >>>>>concerned. >>>>> >>>>> >>>>> >>>>> >>>>>>All the systems use the Sendmail that comes with these >>>>>> >>>>>> >>>>>> >>>>>> >>>>>system; the last >>>>> >>>>> >>>>> >>>>> >>>>>>time they were updated this was Sendmail 8.12.11. I use >the default >>>>>>locking in MailScanner. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>I also had this problem on sendmail 8.12.10. After changing >>>>>the locking to posix, the problem was gone. So, although the >>>>>docs state that the locking problem occurs only from 8.13 on, >>>>>it seems that also some 8.12 versions are affected. Please set >>>>>the locking mechanism to "posix" and see if it solves your problem. >>>>> >>>>> >>>>> >>>>> >>>>I will do this as a last resort. There are four reasons why >I want to >>>>investigate other things first. In particular I want to capture a >>>>message before then after it has gone through MailSanner and got >>>>corrupted: >>>> >>>>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>>>2. The symptoms we are seeing do not appear to be repeatable so far >>>>which makes conclusive testing difficult. >>>>3. I have looked for other evidence of locking problems but >>>> >>>> >>>cannot find >>> >>> >>>>any. For example I can show that all messages tagged as spam by >>>>MailScanner have been tagged once only. If there is a >locking problem >>>>you will see the same message (ie. same Sendmail QID) being >tagged as >>>>spam more than once by two or more MS processes. >>>>4. The problem appears related to the Web Bug check. I will >>>> >>>> >>>switch that >>> >>> >>>>off first. See below for more details of this. >>>> >>>>Having looked further at the problem it appears to be >related to MIME >>>>multipart/alternative messages having all or part of the HTML part >>>>corrupted. The text part is not being affected. >>>> >>>>In all of the cases the logs show that MailScanner has >"disarmed" the >>>>HTML content. Since I only "disarm" Web Bugs it appears >that there may >>>>be a bug in the Web Bugs code that causes an intermittent >>>> >>>> >>>problem. This >>> >>> >>>>suspicion is reinforced by the observation that the problem >appears to >>>>have started when I enabled the Web Bug check late last year. I will >>>>first of all try "Allow WebBugs = yes" and see what happens. >>>> >>>>Quentin >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 13 08:56:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: NOD32 paths needed...(FOLOWUP) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I remember rightly, it actually means 1.99 and above. Mike Allen wrote: > Thanks to Steve Swaney and others: > > My virus.scanners.conf file looks like this: > > nod32-1.99 /usr/local/libexec/MailScanner/nod32-wrapper > /usr/sbin > nod32 > /usr/local/libexec/MailScanner/nod32-wrapper /usr/local/nod32 > > Since we are at Version 2 of nod32, do we even need the 'nod32-1.99' > entry above? > > There are three nod32 daemon processes but there has never been any > entries logged in > /var/log/nod32.log. Why? > > TIA for any further help you can give me in sorting this out. > > Mike Allen > > Notes: > 1. All nod32 executables except the 'nod32-wrapper' reside in both > folders above. > 2. The nod32 executables have owner and group of NOD32 in one folder > and > owner and group of root and wheel in the other folder. Otherwise > the executables > are identical. > 2. The version of MailScanner we are ujsing is 4.30.3 which is a > FreeBSD 'port'. FreeBSD > 'ports' tend to relocate software from its default location. An > example of file > relocation is the path to > '/usr/local/libexec/MailScanner/nod32-wrapper' above. > 3. The OS version is FreeBSD 5.1-RELEASE-p18. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 13 08:59:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Archiving Mail Message-ID: > Regarding the better controls comment, I have fought and fought to get > them to print out these emails and attach them to our job tickets, etc. > but I keep getting the answer that our files do not have the room for > all the extra paper this would generate, or similar. So this is my > solution in the mean time. > > -- > > Craig Daters (craig@westpress.com) > Systems Administrator > West Press Print Communications Well that's one idea, attaching the email to the job sheets. The Business driver here should be "how much is it costing in lost revenue vs costs for additional filing space". If the information isn't in the right place how do the PHB's track accuracy/quality of work(or don't they)? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rs at FORTCONSULT.NET Thu Jan 13 09:05:35 2005 From: rs at FORTCONSULT.NET (Roel Schouten) Date: Thu Jan 12 21:28:11 2006 Subject: MailScanner does not notify virus senders Message-ID: jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 13 09:07:33 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:11 2006 Subject: URIBL does not work from MailScanner but works from Spamassassin -t or -D Message-ID: Brian I assume that MailScanner is running as 'root' and/or has access the read the rules? You can check what MS is doing with the message by stopping MaiScanner, putting the offending email in the 'in' queue, editting MailScanner.conf - set both Debug options to yes, and then running checkmailscanner. This will give you debug info for both MS and SA so you might see why the URI RBL tests are firing. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Brian Wells wrote: > Hello All, > > I am having a very odd problem getting the URIBLs to work. When I send a > test message to Spamassassin using spamassassin -t or -D, the message goes > through all the URIBL tests and gets scored appropriately. But when I send > the same message through the mail system using MailScanner, the URIBL tests > do not get ran. > > I have several systems running MailScanner and Spamassassin and compared the > configs and can not find the differences. I did find on the spamassassin > mailing list something regarding using body versus header in the 25_uribl.cf > file for version 3.0.2. But have tried it both ways with the same result. > Running Spamassassin from the command line blocks the email but it gets > through using MailScanner. > > I am using MailScanner version 4.36.4 and Spamassassin version 3.0.2. > > Any ideas would be most appreciated > > Thanks, > > Brian Wells > > Klondyke's Online Services, LLC > PO Box 87405, Canton, MI 48187-0405 > http://www.klondyke.net > Administration/Billing: 1-866-727-5694, billing@klondyke.net > Support: 1-877-296-9160 support@klondyke.net > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jan 13 09:13:14 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:11 2006 Subject: URIBL does not work from MailScanner but works from Spamassassin -t or -D Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Wells wrote: > Hello All, > > I am having a very odd problem getting the URIBLs to work. When I send a > test message to Spamassassin using spamassassin -t or -D, the message goes > through all the URIBL tests and gets scored appropriately. But when I send > the same message through the mail system using MailScanner, the URIBL tests > do not get ran. > > I have several systems running MailScanner and Spamassassin and compared the > configs and can not find the differences. I did find on the spamassassin > mailing list something regarding using body versus header in the 25_uribl.cf > file for version 3.0.2. But have tried it both ways with the same result. > Running Spamassassin from the command line blocks the email but it gets > through using MailScanner. > > I am using MailScanner version 4.36.4 and Spamassassin version 3.0.2. > > Any ideas would be most appreciated > > Thanks, > > Brian Wells > Try soft linking init.pre (default /etc/mail/spamassassin/init.pre) to the path specified by "SpamAssassin Local Rules Dir" in MailScanner.conf In my case this worked. ln -s /etc/mail/spamassassin/init.pre /usr/share/spamassassin/ init.pre is responsible for loading the SURBL, SPF and hashcash plugin. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 13 10:10:10 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:11 2006 Subject: clamav error.. Message-ID: Hi there, > In the cleaned message, or in the postmaster notification generated by > MailScanner, does it say that MailScanner detected the virus with ClamAV? > i.e. is the problem "real" or is it just in the logs? > as posted in the original mail, here is the report within the cleaned mail: > > > >At Sun Jan 9 22:10:41 2005 the virus scanner said: > > ClamAV: eigar.tgz contains a virus > > AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar > >--> eicar.com <<< Contains code of the Eicar-Test-Signature virus > > F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File > > Bitdefender: Found virus EICAR-Test-File (not a virus) in file > >eigar.tgz > > but as stated before i am not using clamav (as this perl module is not installed) i am using clamscan. Never noticed this problem before.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 13 10:30:09 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:11 2006 Subject: Updated spamassassin to version 3 Message-ID: Hi there, i am using the Rules_du_Jour-Script from Steves Website, and everything worked fine..till now.. this is the error mail i am still receiving everday now: The following rules had errors: EvilNumber had an unknown error: --01:15:54-- http://www.rulesemporium.com/rules/evilnumbers.cf => `evilnumbers.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `evilnumbers.cf' -- not retrieving. SARE html0 Ruleset for SpamAssassin had an unknown error: --01:19:04-- http://www.rulesemporium.com/rules/70_sare_html0.cf => `70_sare_html0.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_html0.cf' -- not retrieving. SARE html1 Ruleset for SpamAssassin had an unknown error: --01:22:14-- http://www.rulesemporium.com/rules/70_sare_html1.cf => `70_sare_html1.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_html1.cf' -- not retrieving. SARE HEADER Ruleset 1 for SpamAssassin had an unknown error: --01:25:24-- http://www.rulesemporium.com/rules/70_sare_header1.cf => `70_sare_header1.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_header1.cf' -- not retrieving. SARE Adult Content Ruleset had an unknown error: --01:28:33-- http://www.rulesemporium.com/rules/70_sare_adult.cf => `70_sare_adult.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_adult.cf' -- not retrieving. SARE Fraud Detection Ruleset (for SA ver. 2.5x and greater) had an unknown error: --01:31:43-- http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf => `99_sare_fraud_post25x.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `99_sare_fraud_post25x.cf' -- not retrieving. SARE Spoof Ruleset for SpamAssassin had an unknown error: --01:34:53-- http://www.rulesemporium.com/rules/70_sare_spoof.cf => `70_sare_spoof.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_spoof.cf' -- not retrieving. SARE Random Ruleset for SpamAssassin 2.5x and higher had an unknown error: --01:38:02-- http://www.rulesemporium.com/rules/70_sare_random.cf => `70_sare_random.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_random.cf' -- not retrieving. SARE OEM Ruleset for SpamAssassin had an unknown error: --01:41:11-- http://www.rulesemporium.com/rules/70_sare_oem.cf => `70_sare_oem.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_oem.cf' -- not retrieving. SARE General Subject Ruleset 0 for SpamAssassin had an unknown error: --01:44:21-- http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf => `70_sare_genlsubj0.cf' Resolving www.rulesemporium.com... done. Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection timed out. Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Server file no newer than local file `70_sare_genlsubj0.cf' -- not retrieving. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 13 10:37:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:11 2006 Subject: Updated spamassassin to version 3 Message-ID: Marcel does it workright now? I assume the machine in question does get firewalled for port 80 or anything like that? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Marcel Blenkers wrote: > Hi there, > > i am using the Rules_du_Jour-Script from Steves Website, and everything > worked fine..till now.. > > this is the error mail i am still receiving everday now: > > The following rules had errors: > EvilNumber had an unknown error: > --01:15:54-- http://www.rulesemporium.com/rules/evilnumbers.cf > => `evilnumbers.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `evilnumbers.cf' -- not retrieving. > SARE html0 Ruleset for SpamAssassin had an unknown error: > --01:19:04-- http://www.rulesemporium.com/rules/70_sare_html0.cf > => `70_sare_html0.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_html0.cf' -- not retrieving. > SARE html1 Ruleset for SpamAssassin had an unknown error: > --01:22:14-- http://www.rulesemporium.com/rules/70_sare_html1.cf > => `70_sare_html1.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_html1.cf' -- not retrieving. > SARE HEADER Ruleset 1 for SpamAssassin had an unknown error: > --01:25:24-- http://www.rulesemporium.com/rules/70_sare_header1.cf > => `70_sare_header1.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_header1.cf' -- not > retrieving. > SARE Adult Content Ruleset had an unknown error: > --01:28:33-- http://www.rulesemporium.com/rules/70_sare_adult.cf > => `70_sare_adult.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_adult.cf' -- not retrieving. > SARE Fraud Detection Ruleset (for SA ver. 2.5x and greater) had an unknown > error: > --01:31:43-- http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf > => `99_sare_fraud_post25x.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `99_sare_fraud_post25x.cf' -- not > retrieving. > SARE Spoof Ruleset for SpamAssassin had an unknown error: > --01:34:53-- http://www.rulesemporium.com/rules/70_sare_spoof.cf > => `70_sare_spoof.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_spoof.cf' -- not retrieving. > SARE Random Ruleset for SpamAssassin 2.5x and higher had an unknown error: > --01:38:02-- http://www.rulesemporium.com/rules/70_sare_random.cf > => `70_sare_random.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_random.cf' -- not > retrieving. > SARE OEM Ruleset for SpamAssassin had an unknown error: > --01:41:11-- http://www.rulesemporium.com/rules/70_sare_oem.cf > => `70_sare_oem.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_oem.cf' -- not retrieving. > SARE General Subject Ruleset 0 for SpamAssassin had an unknown error: > --01:44:21-- http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf > => `70_sare_genlsubj0.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `70_sare_genlsubj0.cf' -- not > retrieving. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 13 11:32:59 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:11 2006 Subject: "Banned Content" question - Lock/Unlock does not fix problem Message-ID: Julian The mods to subs "Lock" and "Unlock" have not fixed the problem. It appears to be also present on a 4.37.7-1 system. As this has the same Lock/Unlock code that should not be a surprise. I will now allow web bugs to see if the corruption stops. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 13 January 2005 08:50 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - possibly a Web Bug >code problem > >Julian > >You had already given me a new SMDiskStore.pm module, dated 16 December >to try. The locking code in this differs from the new code you want me >to try as follows: > >< #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >< close($this->{indhandle}); >--- >> # Now we lock the df file as well, we must unlock it too. >> MailScanner::Lock::unlockclose($this->{indhandle}); >> #close($this->{indhandle}); > >I have made the change as above and will let you know what happens. I >also note that the new code is in the MailScanner-4.37.7-1 >SMDiskStore.pm which I was planning to move to anyway. > >I have not touched the "Allow WebBugs = disarm" setting which I assume >is an essential part of the test of the changes to SMDiskStore.pm. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get >its own." > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 12 January 2005 16:02 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - possibly a Web Bug >>code problem >> >>In which case try editing SMDiskStore.pm and replace the sub Lock and >>sub Unlock with this code: >> >># Open and lock the message >>sub Lock { >> my $this = shift; >> >> #print STDERR "About to lock " . $this->{hpath} . " and " . >> # $this->{dpath} . "\n"; >> MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>$this->{hpath}, >>'w', 'quiet') >> or return undef; >> #print STDERR "Got hlock\n"; >> >> # If locking the dfile fails, then must close and unlock the >>qffile too >> # 14/12/2004 Try putting this back in for now. >> unless (MailScanner::Lock::openlock($this->{indhandle}, >> '+<' . $this->{dpath}, 'w', 'quiet')) { >> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>$this->{dpath})) { >> MailScanner::Lock::unlockclose($this->{inhhandle}); >> return undef; >> } >> #print STDERR "Got dlock\n"; >> return undef unless $this->{inhhandle} && $this->{indhandle}; >> return 1; >>} >> >> >># Close and unlock the message >>sub Unlock { >> my $this = shift; >> >> # Now we lock the df file as well, we must unlock it too. >> MailScanner::Lock::unlockclose($this->{indhandle}); >> #close($this->{indhandle}); >> MailScanner::Lock::unlockclose($this->{inhhandle}); >>} >> >> >> >>Quentin Campbell wrote: >> >>>Julian >>> >>>The version of MailScanner on which I have seen the problem >>is 4.35.10. >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>-------------------------------------------------------------- >>---------- >>>"Any opinion expressed above is mine. The University can get >its own." >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>Sent: 12 January 2005 15:30 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>>code problem >>>> >>>>What version of MailScanner are you using? I slightly improved the >>>>locking code (took out an "improvement" I made a long time >>ago which I >>>>only made after lots of people requested it) in 4.37. It now >>locks the >>>>df as well as the qf, which slows down delivery slightly in some >>>>situations, but appears to be more reliable than just >locking the qf. >>>> >>>>Quentin Campbell wrote: >>>> >>>> >>>> >>>>>>-----Original Message----- >>>>>>From: MailScanner mailing list >>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>Sent: 12 January 2005 11:53 >>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>Subject: Re: "Banned Content" question - a related problem >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>From: MailScanner mailing list >>>>>>> >>>>>>> >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> >>>> >>>>>>>Behalf Of Quentin Campbell >>>>>>> >>>>>>>All the systems are now up2date as far as RH AS 3 patches are >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>concerned. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>All the systems use the Sendmail that comes with these >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>system; the last >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>time they were updated this was Sendmail 8.12.11. I use >>the default >>>>>>>locking in MailScanner. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>I also had this problem on sendmail 8.12.10. After changing >>>>>>the locking to posix, the problem was gone. So, although the >>>>>>docs state that the locking problem occurs only from 8.13 on, >>>>>>it seems that also some 8.12 versions are affected. Please set >>>>>>the locking mechanism to "posix" and see if it solves >your problem. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>I will do this as a last resort. There are four reasons why >>I want to >>>>>investigate other things first. In particular I want to capture a >>>>>message before then after it has gone through MailSanner and got >>>>>corrupted: >>>>> >>>>>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>>>>2. The symptoms we are seeing do not appear to be repeatable so far >>>>>which makes conclusive testing difficult. >>>>>3. I have looked for other evidence of locking problems but >>>>> >>>>> >>>>cannot find >>>> >>>> >>>>>any. For example I can show that all messages tagged as spam by >>>>>MailScanner have been tagged once only. If there is a >>locking problem >>>>>you will see the same message (ie. same Sendmail QID) being >>tagged as >>>>>spam more than once by two or more MS processes. >>>>>4. The problem appears related to the Web Bug check. I will >>>>> >>>>> >>>>switch that >>>> >>>> >>>>>off first. See below for more details of this. >>>>> >>>>>Having looked further at the problem it appears to be >>related to MIME >>>>>multipart/alternative messages having all or part of the HTML part >>>>>corrupted. The text part is not being affected. >>>>> >>>>>In all of the cases the logs show that MailScanner has >>"disarmed" the >>>>>HTML content. Since I only "disarm" Web Bugs it appears >>that there may >>>>>be a bug in the Web Bugs code that causes an intermittent >>>>> >>>>> >>>>problem. This >>>> >>>> >>>>>suspicion is reinforced by the observation that the problem >>appears to >>>>>have started when I enabled the Web Bug check late last >year. I will >>>>>first of all try "Allow WebBugs = yes" and see what happens. >>>>> >>>>>Quentin >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ricardo.canavate at nozar.es Thu Jan 13 11:23:46 2005 From: ricardo.canavate at nozar.es ([iso-8859-1] Ricardo Luis Cañavate) Date: Thu Jan 12 21:28:11 2006 Subject: Problem with BayesDB? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BODY { BACKGROUND-POSITION: left top; MARGIN-TOP: 7em; FONT-WEIGHT: normal; FONT-SIZE: 10pt; MARGIN-BOTTOM: 0em; MARGIN-LEFT: 1em; COLOR: #000000; BACKGROUND-REPEAT: no-repeat; FONT-FAMILY: "Verdana"; BACKGROUND-COLOR: #ffffff } My folder /etc/MailScanner/bayes is increasing a lot every day, What could I do stop this growth? Thanks in advanced. I wish the best for the new year. Ricardo Luís Cañavate García Dpto. Informática NOZAR Grupo Inmobiliario Tel: 91 758 96 30 | Fax: 91 559 85 82 www.nozar.es ========================================================= Usted recibe este mensaje porque su dirección e-mail se encuentra en nuestra base de datos al haber tenido contactos anteriores con nosotros, por lo que entendemos que contamos con su autorización para enviarle información profesional. No obstante, si no desea seguir recibiéndola basta con hacérnoslo saber. Este mensaje se dirige exclusivamente a su destinatario y puede contener información privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. You are receiving this message because your e-mail address is listed in our database due to previous communications with us, so we have assumed that we have your permission to send you professional information. However, if you do not wish to continue to receive such information then please let us know. This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. ========================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/GIF 2.2KB. ] [ Unable to print this part. ] From myeasytech at YAHOO.COM.HK Thu Jan 13 11:48:55 2005 From: myeasytech at YAHOO.COM.HK (hkbyte) Date: Thu Jan 12 21:28:11 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hkbyte wrote: > Julian Field wrote: > >> Scott Silva wrote: >> >>> hkbyte wrote: >>> >>>> I am learning how to write custom function. I attached my function to >>>> Non Spam actions. If my return value are 'deliver' and 'store' , both >>>> work properly as I want. But when I change 'store' return value to >>>> 'bounce' , it failed and the maillog said "Does not make sense to >>>> bounce non-spam". How can I send a custom bounce back message to >>>> sender. >>>> Thanks. >>> >>> >>> >>> >>> Bounce back message to a spammer is useless, as they are usually; >> >> >> >> He wants to bounce back to a NON-spammer. Bouncing a message which is >> not spam doesn't make much sense to me (hence the error message). Why >> would you want to reject mail you have decided you want to deliver? >> > Julian, > I want to restrict user to send outgoing email based on some > restrictions. I want to tell the sender why his mail is rejected. > BTW, I have another question about the "@headers" attributes. It > seems that the format are different with different MTAs. Is there any > simple way I can retreive some header fields? e.g. The return-path and > date fields. > > > Julian, Is there any hints you can give me to proceed. I tried to analyse the structure of @headers content but still don't clearly understand. --hkbyte ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 13 11:57:33 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:11 2006 Subject: Updated spamassassin to version 3 Message-ID: Hi Martin, > Marcel > > does it workright now? > > I assume the machine in question does get firewalled for port 80 or > anything like that? > just started the rues-du-jour-wrapper by hand..it seems to check the files, and find that those files are the same as on my maschine. :) And no..there is no firewall blocking port 80 :) as the maschine also works as webserver.and wget on http-requests work fine.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 13 12:05:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:11 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hkbyte wrote: > hkbyte wrote: > >> Julian Field wrote: >> >>> Scott Silva wrote: >>> >>>> hkbyte wrote: >>>> >>>>> I am learning how to write custom function. I attached my function to >>>>> Non Spam actions. If my return value are 'deliver' and 'store' , both >>>>> work properly as I want. But when I change 'store' return value to >>>>> 'bounce' , it failed and the maillog said "Does not make sense to >>>>> bounce non-spam". How can I send a custom bounce back message to >>>>> sender. >>>>> Thanks. >>>> >>>> >>>> >>>> >>>> >>>> Bounce back message to a spammer is useless, as they are usually; >>> >>> >>> >>> >>> He wants to bounce back to a NON-spammer. Bouncing a message which is >>> not spam doesn't make much sense to me (hence the error message). Why >>> would you want to reject mail you have decided you want to deliver? >>> >> Julian, >> I want to restrict user to send outgoing email based on some >> restrictions. I want to tell the sender why his mail is rejected. >> BTW, I have another question about the "@headers" attributes. It >> seems that the format are different with different MTAs. Is there any >> simple way I can retreive some header fields? e.g. The return-path and >> date fields. >> >> >> > Julian, Is there any hints you can give me to proceed. I tried to > analyse the structure of @headers content but still don't clearly > understand. I don't think there is any code to extract an arbitrary header, as I have never needed to. The format of @headers does indeed depend on the MTA. There are methods in Sendmail.pm, Exim.pm etc to provide an API for changing @headers. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jan 13 13:15:47 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:11 2006 Subject: clamav error.. Message-ID: Hm, this seems to stem from use of either of the --deb or --tar flags to clamscan # /usr/local/bin/clamscan --unzip --jar --tar --tempdir=/tmp/ -r --disable-summary --stdout /root/test /root/test/eigar.tgz: Eicar-Test-Signature FOUND # /usr/local/bin/clamscan --unzip --jar --tar --tgz --tempdir=/tmp/ -r --disable-summary --stdout /root/test eicar.com /tmp//clamav-4a46f84297cce730/eicar.com: Eicar-Test-Signature FOUND /tmp//clamav-f89abe0f126b79e1/eigar.tgz: Infected Archive FOUND (Real infected archive: /root/test/eigar.tgz) # /usr/local/bin/clamscan --unzip --jar --tar --deb --tempdir=/tmp/ -r --disable-summary --stdout /root/test eicar.com /tmp//clamav-ca45de3e1474260c/eicar.com: Eicar-Test-Signature FOUND /tmp//clamav-46124680eea8a914/eigar.tgz: Infected Archive FOUND (Real infected archive: /root/test/eigar.tgz) # One could of course see it as ... cosmetic... since you will actually detect and block the "virus". Still a bit irritating:). In my case (still 4.35.11 unfortunately) it seems to "lose track" of the last line ... Subject: Test av AV med tgz arkiv MessageID: E619E23E06.25764 Report: ClamAV: eigar.tgz contains Infected Archive McAfee: /E619E23E06.25764/eigar.tgz/eigar/eicar.com Found: EICAR test file NOT a virus. Bitdefender: Found virus EICAR-Test-File (not a virus) in file eigar.tgz Jan 13 13:12:01 mail MailScanner[17296]: New Batch: Scanning 1 messages, 1685 bytes Jan 13 13:12:07 mail MailScanner[17296]: Virus and Content Scanning: Starting Jan 13 13:12:08 mail MailScanner[17296]: eicar.com Jan 13 13:12:08 mail MailScanner[17296]: /tmp/clamav.23964/clamav-5482f5d1da71d494/eicar.com: Eicar-Test-Signature FOUND Jan 13 13:12:08 mail MailScanner[17296]: /var/spool/MailScanner/incoming/17296/./E619E23E06.25764/eigar.tgz: Infected Archive FOUND Jan 13 13:12:08 mail MailScanner[17296]: Virus Scanning: ClamAV found 2 infections Jan 13 13:12:10 mail MailScanner[17296]: /E619E23E06.25764/eigar.tgz/eigar/eicar.com Found: EICAR test file NOT a virus. Jan 13 13:12:10 mail MailScanner[17296]: Virus Scanning: McAfee found 1 infections Jan 13 13:12:11 mail MailScanner[17296]: /var/spool/MailScanner/incoming/17296/./E619E23E06.25764/eigar.tgz=>eiga r.tar=>eicar.com^Iinfected: EICAR-Test-File (not a virus) Jan 13 13:12:11 mail MailScanner[17296]: Virus Scanning: Bitdefender found 1 infections (The process error for the semi-spurious "eicar.com" line is in separate error log) Looks a bit .. quirky in MW:-). But apart from that, does it really do any harm? -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Marcel Blenkers > Sent: den 9 januari 2005 22:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: clamav error.. > > > Hi there, > > hope everyone slipped through into the new year.. > > my question.. > > just tested to send me the eicar-testfile as tar.gz in two different > files. > one names *.tar.gz and one *.tgz > > all worked fine..but still some error in the logfile, which made me > think.. > > here are the errors: > > Jan 9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning: > Starting > Jan 9 22:10:38 marcel MailScanner[30889]: eicar.com > Jan 9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput: > unrecognised line "eicar.com". Please contact the authors! > Jan 9 22:10:38 marcel MailScanner[30889]: > /tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: > Eicar-Test-Signature > FOUND > Jan 9 22:10:38 marcel MailScanner[30889]: > /tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected > Archive FOUND > Jan 9 22:10:38 marcel MailScanner[30889]: (Real infected archive: > /var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz) > > > and within the warning all virus-scanners reported eicar..except > Clamscan.. > > At Sun Jan 9 22:10:41 2005 the virus scanner said: > ClamAV: eigar.tgz contains a virus > AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> > eigar.tar > --> eicar.com <<< Contains code of the Eicar-Test-Signature virus > F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File > Bitdefender: Found virus EICAR-Test-File (not a virus) in file > eigar.tgz > > > i do not use the perl-module for clamscan..but the original programm.. > > maybe i should switch?? > > > greetings > > Marcel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Jan 13 14:06:44 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:11 2006 Subject: Mail header From: rule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] D. Dowling wrote: >Hi > >I have written a rule to search the From: field of a mail header. However, >SpamAssassin does not identify and mark mail from the search string in the >rule. > >For example, I want SpamAssassin to search for mail from any address with >the suffix, tom.com, > >header TOM_AD_FROM From =~ /tom\.com/im >describe TOM_AD_FROM From tom.com address >score TOM_AD_FROM 1.5 > > > > I'm not sure this is the reason but I would drop the "m" at the end of your regular expression search and I would also add some anchoring: header TOM_AD_FROM From =~ /\@tom\.com$/i Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 13 14:26:38 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:11 2006 Subject: "Banned Content" question - still getting "Content Check" messages Message-ID: Julian I have applied your SMDiskStore.pm changes as well as set "Allow WebBugs = yes". However we are still getting corrupted HTML in multipart/alternative message. These are all accompanied with "Content Checks: Detected and will disarm HTML message in ..." messages in the Sendmail log. This is happening on both 4.35.10 and 4.37.7 systems. Unfortunately the problem is INTERMITTENT and it cannot be repeated by sending the same message again to the same recipient. :-( The "Content Checks:" message is misleading since I am no longer using the "disarm" content action anywhere, either in MailScanner.conf or in the MailScanner rules files. Where I specify an action to deal with HTML content it only uses "striphtml". Why then is MailScanner telling me it is "disarming" HTML when I have not asked it to? This is really getting frustrating and more users are complaining. :-( PS I note that I applied two patches from you late last year to the 4.35.10 system; these were to SMDiskStore.pm and SweepContent.pm. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 13 January 2005 11:33 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - Lock/Unlock does not >fix problem > >Julian > >The mods to subs "Lock" and "Unlock" have not fixed the problem. > >It appears to be also present on a 4.37.7-1 system. As this >has the same >Lock/Unlock code that should not be a surprise. > >I will now allow web bugs to see if the corruption stops. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get >its own." > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>Sent: 13 January 2005 08:50 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - possibly a Web Bug >>code problem >> >>Julian >> >>You had already given me a new SMDiskStore.pm module, dated >16 December >>to try. The locking code in this differs from the new code you want me >>to try as follows: >> >>< #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >>< close($this->{indhandle}); >>--- >>> # Now we lock the df file as well, we must unlock it too. >>> MailScanner::Lock::unlockclose($this->{indhandle}); >>> #close($this->{indhandle}); >> >>I have made the change as above and will let you know what happens. I >>also note that the new code is in the MailScanner-4.37.7-1 >>SMDiskStore.pm which I was planning to move to anyway. >> >>I have not touched the "Allow WebBugs = disarm" setting which I assume >>is an essential part of the test of the changes to SMDiskStore.pm. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>"Any opinion expressed above is mine. The University can get >>its own." >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 12 January 2005 16:02 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>code problem >>> >>>In which case try editing SMDiskStore.pm and replace the sub Lock and >>>sub Unlock with this code: >>> >>># Open and lock the message >>>sub Lock { >>> my $this = shift; >>> >>> #print STDERR "About to lock " . $this->{hpath} . " and " . >>> # $this->{dpath} . "\n"; >>> MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>>$this->{hpath}, >>>'w', 'quiet') >>> or return undef; >>> #print STDERR "Got hlock\n"; >>> >>> # If locking the dfile fails, then must close and unlock the >>>qffile too >>> # 14/12/2004 Try putting this back in for now. >>> unless (MailScanner::Lock::openlock($this->{indhandle}, >>> '+<' . $this->{dpath}, 'w', 'quiet')) { >>> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>>$this->{dpath})) { >>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>> return undef; >>> } >>> #print STDERR "Got dlock\n"; >>> return undef unless $this->{inhhandle} && $this->{indhandle}; >>> return 1; >>>} >>> >>> >>># Close and unlock the message >>>sub Unlock { >>> my $this = shift; >>> >>> # Now we lock the df file as well, we must unlock it too. >>> MailScanner::Lock::unlockclose($this->{indhandle}); >>> #close($this->{indhandle}); >>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>} >>> >>> >>> >>>Quentin Campbell wrote: >>> >>>>Julian >>>> >>>>The version of MailScanner on which I have seen the problem >>>is 4.35.10. >>>> >>>>Quentin >>>>--- >>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>-------------------------------------------------------------- >>>---------- >>>>"Any opinion expressed above is mine. The University can get >>its own." >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list >>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>Sent: 12 January 2005 15:30 >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>code problem >>>>> >>>>>What version of MailScanner are you using? I slightly improved the >>>>>locking code (took out an "improvement" I made a long time >>>ago which I >>>>>only made after lots of people requested it) in 4.37. It now >>>locks the >>>>>df as well as the qf, which slows down delivery slightly in some >>>>>situations, but appears to be more reliable than just >>locking the qf. >>>>> >>>>>Quentin Campbell wrote: >>>>> >>>>> >>>>> >>>>>>>-----Original Message----- >>>>>>>From: MailScanner mailing list >>>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>>Sent: 12 January 2005 11:53 >>>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>Subject: Re: "Banned Content" question - a related problem >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>From: MailScanner mailing list >>>>>>>> >>>>>>>> >>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>> >>>>> >>>>>>>>Behalf Of Quentin Campbell >>>>>>>> >>>>>>>>All the systems are now up2date as far as RH AS 3 patches are >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>concerned. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>All the systems use the Sendmail that comes with these >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>system; the last >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>time they were updated this was Sendmail 8.12.11. I use >>>the default >>>>>>>>locking in MailScanner. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>I also had this problem on sendmail 8.12.10. After changing >>>>>>>the locking to posix, the problem was gone. So, although the >>>>>>>docs state that the locking problem occurs only from 8.13 on, >>>>>>>it seems that also some 8.12 versions are affected. Please set >>>>>>>the locking mechanism to "posix" and see if it solves >>your problem. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>I will do this as a last resort. There are four reasons why >>>I want to >>>>>>investigate other things first. In particular I want to capture a >>>>>>message before then after it has gone through MailSanner and got >>>>>>corrupted: >>>>>> >>>>>>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>>>>>2. The symptoms we are seeing do not appear to be >repeatable so far >>>>>>which makes conclusive testing difficult. >>>>>>3. I have looked for other evidence of locking problems but >>>>>> >>>>>> >>>>>cannot find >>>>> >>>>> >>>>>>any. For example I can show that all messages tagged as spam by >>>>>>MailScanner have been tagged once only. If there is a >>>locking problem >>>>>>you will see the same message (ie. same Sendmail QID) being >>>tagged as >>>>>>spam more than once by two or more MS processes. >>>>>>4. The problem appears related to the Web Bug check. I will >>>>>> >>>>>> >>>>>switch that >>>>> >>>>> >>>>>>off first. See below for more details of this. >>>>>> >>>>>>Having looked further at the problem it appears to be >>>related to MIME >>>>>>multipart/alternative messages having all or part of the HTML part >>>>>>corrupted. The text part is not being affected. >>>>>> >>>>>>In all of the cases the logs show that MailScanner has >>>"disarmed" the >>>>>>HTML content. Since I only "disarm" Web Bugs it appears >>>that there may >>>>>>be a bug in the Web Bugs code that causes an intermittent >>>>>> >>>>>> >>>>>problem. This >>>>> >>>>> >>>>>>suspicion is reinforced by the observation that the problem >>>appears to >>>>>>have started when I enabled the Web Bug check late last >>year. I will >>>>>>first of all try "Allow WebBugs = yes" and see what happens. >>>>>> >>>>>>Quentin >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>-- >>>>>Julian Field >>>>>www.MailScanner.info >>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 13 14:45:41 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:11 2006 Subject: ViSpan V2.0.2 Message-ID: Hi there, just updated again to the latest ViSpan-Version. But if i do click on the config-link, some things do not really seem to work: 1. Wrong MailScanner-Version: as stated with the command MailScanner -v i am using this Version: This is MailScanner version 4.37.7 and not the Version stated on the Website. 2. Wrong antivir-Version .. or better...still no antivir-version available.. 3. Viruses: Somehow the amount of some viruses got split, even if they are stated the same on the website? Take a look for instance on: Worm/Sober.I 44 Worm/Sober.I 43 or Worm/Bagle.AP 4 ...Worm/NetSky.P 3 ...Worm/Bagle.AP 2 all this is available online at: http://www.irc-addicts.de/vispan/ Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 13 14:47:51 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:11 2006 Subject: vispan - again Message-ID: Hi, i have forgotten to mention, that, if clicking on the monthly-report, the month december 2004 seems to be missing? :) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 13 14:54:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:11 2006 Subject: "Banned Content" question - still getting "Content Check" messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A minor bugfix to Message.pm which probably won't make any difference, but is still worth a try. @@ -3687,6 +3687,13 @@ #print STDERR "Tags to convert are " . $this->{tagstoconvert} . "\n"; # Set the disarm booleans for this message + $DisarmFormTag = 0; + $DisarmScriptTag = 0; + $DisarmCodebaseTag = 0; + $DisarmCodebaseTag = 0; + $DisarmIframeTag = 0; + $DisarmWebBug = 0; + $DisarmPhishing = 0; $DisarmFormTag = 1 if $this->{tagstoconvert} =~ /form/i; $DisarmScriptTag = 1 if $this->{tagstoconvert} =~ /script/i; $DisarmCodebaseTag = 1 if $this->{tagstoconvert} =~ /codebase/i; I'm afraid I can't think of much else. All the other variables are initialised, and these few just maintain state for the particular message, they don't hold any message content. Quentin Campbell wrote: >Julian > >I have applied your SMDiskStore.pm changes as well as set "Allow WebBugs >= yes". > >However we are still getting corrupted HTML in multipart/alternative >message. These are all accompanied with "Content Checks: Detected and >will disarm HTML message in ..." messages in the Sendmail log. This is >happening on both 4.35.10 and 4.37.7 systems. > >Unfortunately the problem is INTERMITTENT and it cannot be repeated by >sending the same message again to the same recipient. :-( > >The "Content Checks:" message is misleading since I am no longer using >the "disarm" content action anywhere, either in MailScanner.conf or in >the MailScanner rules files. Where I specify an action to deal with HTML >content it only uses "striphtml". > >Why then is MailScanner telling me it is "disarming" HTML when I have >not asked it to? > >This is really getting frustrating and more users are complaining. :-( > >PS I note that I applied two patches from you late last year to the >4.35.10 system; > these were to SMDiskStore.pm and SweepContent.pm. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>Sent: 13 January 2005 11:33 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - Lock/Unlock does not >>fix problem >> >>Julian >> >>The mods to subs "Lock" and "Unlock" have not fixed the problem. >> >>It appears to be also present on a 4.37.7-1 system. As this >>has the same >>Lock/Unlock code that should not be a surprise. >> >>I will now allow web bugs to see if the corruption stops. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>"Any opinion expressed above is mine. The University can get >>its own." >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>Sent: 13 January 2005 08:50 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>code problem >>> >>>Julian >>> >>>You had already given me a new SMDiskStore.pm module, dated >>> >>> >>16 December >> >> >>>to try. The locking code in this differs from the new code you want me >>>to try as follows: >>> >>>< #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >>>< close($this->{indhandle}); >>>--- >>> >>> >>>> # Now we lock the df file as well, we must unlock it too. >>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>> #close($this->{indhandle}); >>>> >>>> >>>I have made the change as above and will let you know what happens. I >>>also note that the new code is in the MailScanner-4.37.7-1 >>>SMDiskStore.pm which I was planning to move to anyway. >>> >>>I have not touched the "Allow WebBugs = disarm" setting which I assume >>>is an essential part of the test of the changes to SMDiskStore.pm. >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>--------------------------------------------------------------- >>>--------- >>>"Any opinion expressed above is mine. The University can get >>>its own." >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>Sent: 12 January 2005 16:02 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>>code problem >>>> >>>>In which case try editing SMDiskStore.pm and replace the sub Lock and >>>>sub Unlock with this code: >>>> >>>># Open and lock the message >>>>sub Lock { >>>> my $this = shift; >>>> >>>> #print STDERR "About to lock " . $this->{hpath} . " and " . >>>> # $this->{dpath} . "\n"; >>>> MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>>>$this->{hpath}, >>>>'w', 'quiet') >>>> or return undef; >>>> #print STDERR "Got hlock\n"; >>>> >>>> # If locking the dfile fails, then must close and unlock the >>>>qffile too >>>> # 14/12/2004 Try putting this back in for now. >>>> unless (MailScanner::Lock::openlock($this->{indhandle}, >>>> '+<' . $this->{dpath}, 'w', 'quiet')) { >>>> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>>>$this->{dpath})) { >>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>> return undef; >>>> } >>>> #print STDERR "Got dlock\n"; >>>> return undef unless $this->{inhhandle} && $this->{indhandle}; >>>> return 1; >>>>} >>>> >>>> >>>># Close and unlock the message >>>>sub Unlock { >>>> my $this = shift; >>>> >>>> # Now we lock the df file as well, we must unlock it too. >>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>> #close($this->{indhandle}); >>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>} >>>> >>>> >>>> >>>>Quentin Campbell wrote: >>>> >>>> >>>> >>>>>Julian >>>>> >>>>>The version of MailScanner on which I have seen the problem >>>>> >>>>> >>>>is 4.35.10. >>>> >>>> >>>>>Quentin >>>>>--- >>>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>> University of Newcastle, >>>>> Newcastle upon Tyne, >>>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>-------------------------------------------------------------- >>>>> >>>>> >>>>---------- >>>> >>>> >>>>>"Any opinion expressed above is mine. The University can get >>>>> >>>>> >>>its own." >>> >>> >>>>> >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: MailScanner mailing list >>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>Sent: 12 January 2005 15:30 >>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>code problem >>>>>> >>>>>>What version of MailScanner are you using? I slightly improved the >>>>>>locking code (took out an "improvement" I made a long time >>>>>> >>>>>> >>>>ago which I >>>> >>>> >>>>>>only made after lots of people requested it) in 4.37. It now >>>>>> >>>>>> >>>>locks the >>>> >>>> >>>>>>df as well as the qf, which slows down delivery slightly in some >>>>>>situations, but appears to be more reliable than just >>>>>> >>>>>> >>>locking the qf. >>> >>> >>>>>>Quentin Campbell wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>>-----Original Message----- >>>>>>>>From: MailScanner mailing list >>>>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>>>Sent: 12 January 2005 11:53 >>>>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>Subject: Re: "Banned Content" question - a related problem >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>From: MailScanner mailing list >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>>>Behalf Of Quentin Campbell >>>>>>>>> >>>>>>>>>All the systems are now up2date as far as RH AS 3 patches are >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>concerned. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>All the systems use the Sendmail that comes with these >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>system; the last >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>time they were updated this was Sendmail 8.12.11. I use >>>>>>>>> >>>>>>>>> >>>>the default >>>> >>>> >>>>>>>>>locking in MailScanner. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>I also had this problem on sendmail 8.12.10. After changing >>>>>>>>the locking to posix, the problem was gone. So, although the >>>>>>>>docs state that the locking problem occurs only from 8.13 on, >>>>>>>>it seems that also some 8.12 versions are affected. Please set >>>>>>>>the locking mechanism to "posix" and see if it solves >>>>>>>> >>>>>>>> >>>your problem. >>> >>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>I will do this as a last resort. There are four reasons why >>>>>>> >>>>>>> >>>>I want to >>>> >>>> >>>>>>>investigate other things first. In particular I want to capture a >>>>>>>message before then after it has gone through MailSanner and got >>>>>>>corrupted: >>>>>>> >>>>>>>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>>>>>>2. The symptoms we are seeing do not appear to be >>>>>>> >>>>>>> >>repeatable so far >> >> >>>>>>>which makes conclusive testing difficult. >>>>>>>3. I have looked for other evidence of locking problems but >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>cannot find >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>any. For example I can show that all messages tagged as spam by >>>>>>>MailScanner have been tagged once only. If there is a >>>>>>> >>>>>>> >>>>locking problem >>>> >>>> >>>>>>>you will see the same message (ie. same Sendmail QID) being >>>>>>> >>>>>>> >>>>tagged as >>>> >>>> >>>>>>>spam more than once by two or more MS processes. >>>>>>>4. The problem appears related to the Web Bug check. I will >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>switch that >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>off first. See below for more details of this. >>>>>>> >>>>>>>Having looked further at the problem it appears to be >>>>>>> >>>>>>> >>>>related to MIME >>>> >>>> >>>>>>>multipart/alternative messages having all or part of the HTML part >>>>>>>corrupted. The text part is not being affected. >>>>>>> >>>>>>>In all of the cases the logs show that MailScanner has >>>>>>> >>>>>>> >>>>"disarmed" the >>>> >>>> >>>>>>>HTML content. Since I only "disarm" Web Bugs it appears >>>>>>> >>>>>>> >>>>that there may >>>> >>>> >>>>>>>be a bug in the Web Bugs code that causes an intermittent >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>problem. This >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>suspicion is reinforced by the observation that the problem >>>>>>> >>>>>>> >>>>appears to >>>> >>>> >>>>>>>have started when I enabled the Web Bug check late last >>>>>>> >>>>>>> >>>year. I will >>> >>> >>>>>>>first of all try "Allow WebBugs = yes" and see what happens. >>>>>>> >>>>>>>Quentin >>>>>>> >>>>>>>------------------------ MailScanner list ------------------------ >>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>'leave mailscanner' in the body of the email. >>>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>>Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>-- >>>>>>Julian Field >>>>>>www.MailScanner.info >>>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>>> >>>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 13 14:56:39 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:11 2006 Subject: Dovecot - pop-before-smtp Message-ID: Hi there, maybe someone on this list could help me, as the ml of pop-before-smtp seems not work at all ;) Heard of dovecot on this ml and saw that this would be a pop3/imap-daemon, which could help me a lot.. so i tried the pop-before-smtp-programm, as stated on the website..and managed to get it working.. now my problem is the following.. it seems that my berkley db and the Module DB_File are way uptodate (yes, that could happen ;) as they produce a db-file with version 8..but i do need version 7. access.db: Berkeley DB (Hash, version 7, native byte-order) popauth.db: Berkeley DB (Hash, version 8, native byte-order) due to the fact that the file popauth.db is not really version 7, sendmail is not able to read and use it.. So..maybe some of the geeks in here could help? :) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Thu Jan 13 15:04:10 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:11 2006 Subject: vispan - again Message-ID: > Hi, > > i have forgotten to mention, that, if clicking on the > monthly-report, the month december 2004 seems to be missing? :) > > Greetings > > Marcel Marcel You should post to the Vispan forums. Although the developer of Vispan reads this list you will probably get a faster reply over there Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Thu Jan 13 15:04:33 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:11 2006 Subject: Updated spamassassin to version 3 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Marcel Blenkers > Sent: Thursday, January 13, 2005 5:30 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Updated spamassassin to version 3 > > Hi there, > > i am using the Rules_du_Jour-Script from Steves Website, and everything > worked fine..till now.. > > this is the error mail i am still receiving everday now: > > The following rules had errors: > EvilNumber had an unknown error: > --01:15:54-- http://www.rulesemporium.com/rules/evilnumbers.cf > => `evilnumbers.cf' > Resolving www.rulesemporium.com... done. > Connecting to www.rulesemporium.com[67.67.32.202]:80... failed: Connection > timed > out. > Connecting to www.rulesemporium.com[209.218.125.112]:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: unspecified [text/plain] > Server file no newer than local file `evilnumbers.cf' -- not retrieving. > SARE html0 Ruleset for SpamAssassin had an unknown error: > --01:19:04-- http://www.rulesemporium.com/rules/70_sare_html0.cf > => `70_sare_html0.cf' <....snip....> If port 80 is not firewalled, this might not be bad. I sometimes see timeouts to the Rules Emporium site and individual rules sites. Try running the cron job by hand or just wait until tomorrow. Nothing bad will happen, you'll just use yesterdays rules :) Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 13 15:04:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:11 2006 Subject: "Banned Content" question - still getting "Content Check" messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 1 more: There is a line in Message.pm that says $DisarmInsideLink = ""; Change it to say $DisarmInsideLink = 0; You might be hitting a Perl bug, which would explain the fact you can't reproduce the problem reliably. Julian Field wrote: > A minor bugfix to Message.pm which probably won't make any difference, > but is still worth a try. > > @@ -3687,6 +3687,13 @@ > #print STDERR "Tags to convert are " . $this->{tagstoconvert} . "\n"; > > # Set the disarm booleans for this message > + $DisarmFormTag = 0; > + $DisarmScriptTag = 0; > + $DisarmCodebaseTag = 0; > + $DisarmCodebaseTag = 0; > + $DisarmIframeTag = 0; > + $DisarmWebBug = 0; > + $DisarmPhishing = 0; > $DisarmFormTag = 1 if $this->{tagstoconvert} =~ /form/i; > $DisarmScriptTag = 1 if $this->{tagstoconvert} =~ /script/i; > $DisarmCodebaseTag = 1 if $this->{tagstoconvert} =~ /codebase/i; > > I'm afraid I can't think of much else. All the other variables are > initialised, and these few just maintain state for the particular > message, they don't hold any message content. > > Quentin Campbell wrote: > >> Julian >> >> I have applied your SMDiskStore.pm changes as well as set "Allow WebBugs >> = yes". >> >> However we are still getting corrupted HTML in multipart/alternative >> message. These are all accompanied with "Content Checks: Detected and >> will disarm HTML message in ..." messages in the Sendmail log. This is >> happening on both 4.35.10 and 4.37.7 systems. >> >> Unfortunately the problem is INTERMITTENT and it cannot be repeated by >> sending the same message again to the same recipient. :-( >> >> The "Content Checks:" message is misleading since I am no longer using >> the "disarm" content action anywhere, either in MailScanner.conf or in >> the MailScanner rules files. Where I specify an action to deal with HTML >> content it only uses "striphtml". >> >> Why then is MailScanner telling me it is "disarming" HTML when I have >> not asked it to? >> >> This is really getting frustrating and more users are complaining. :-( >> >> PS I note that I applied two patches from you late last year to the >> 4.35.10 system; >> these were to SMDiskStore.pm and SweepContent.pm. >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> ------------------------------------------------------------------------ >> "Any opinion expressed above is mine. The University can get its own." >> >> >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>> Sent: 13 January 2005 11:33 >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: "Banned Content" question - Lock/Unlock does not >>> fix problem >>> >>> Julian >>> >>> The mods to subs "Lock" and "Unlock" have not fixed the problem. >>> >>> It appears to be also present on a 4.37.7-1 system. As this >>> has the same >>> Lock/Unlock code that should not be a surprise. >>> >>> I will now allow web bugs to see if the corruption stops. >>> >>> Quentin >>> --- >>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> --------------------------------------------------------------- >>> --------- >>> "Any opinion expressed above is mine. The University can get >>> its own." >>> >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>> Sent: 13 January 2005 08:50 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>> code problem >>>> >>>> Julian >>>> >>>> You had already given me a new SMDiskStore.pm module, dated >>>> >>>> >>> 16 December >>> >>> >>>> to try. The locking code in this differs from the new code you want me >>>> to try as follows: >>>> >>>> < #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >>>> < close($this->{indhandle}); >>>> --- >>>> >>>> >>>>> # Now we lock the df file as well, we must unlock it too. >>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>> #close($this->{indhandle}); >>>>> >>>>> >>>> I have made the change as above and will let you know what happens. I >>>> also note that the new code is in the MailScanner-4.37.7-1 >>>> SMDiskStore.pm which I was planning to move to anyway. >>>> >>>> I have not touched the "Allow WebBugs = disarm" setting which I assume >>>> is an essential part of the test of the changes to SMDiskStore.pm. >>>> >>>> Quentin >>>> --- >>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>> --------------------------------------------------------------- >>>> --------- >>>> "Any opinion expressed above is mine. The University can get >>>> its own." >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list >>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>> Sent: 12 January 2005 16:02 >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>> code problem >>>>> >>>>> In which case try editing SMDiskStore.pm and replace the sub Lock and >>>>> sub Unlock with this code: >>>>> >>>>> # Open and lock the message >>>>> sub Lock { >>>>> my $this = shift; >>>>> >>>>> #print STDERR "About to lock " . $this->{hpath} . " and " . >>>>> # $this->{dpath} . "\n"; >>>>> MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>>>> $this->{hpath}, >>>>> 'w', 'quiet') >>>>> or return undef; >>>>> #print STDERR "Got hlock\n"; >>>>> >>>>> # If locking the dfile fails, then must close and unlock the >>>>> qffile too >>>>> # 14/12/2004 Try putting this back in for now. >>>>> unless (MailScanner::Lock::openlock($this->{indhandle}, >>>>> '+<' . $this->{dpath}, 'w', 'quiet')) { >>>>> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>>>> $this->{dpath})) { >>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>> return undef; >>>>> } >>>>> #print STDERR "Got dlock\n"; >>>>> return undef unless $this->{inhhandle} && $this->{indhandle}; >>>>> return 1; >>>>> } >>>>> >>>>> >>>>> # Close and unlock the message >>>>> sub Unlock { >>>>> my $this = shift; >>>>> >>>>> # Now we lock the df file as well, we must unlock it too. >>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>> #close($this->{indhandle}); >>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>> } >>>>> >>>>> >>>>> >>>>> Quentin Campbell wrote: >>>>> >>>>> >>>>> >>>>>> Julian >>>>>> >>>>>> The version of MailScanner on which I have seen the problem >>>>>> >>>>>> >>>>> is 4.35.10. >>>>> >>>>> >>>>>> Quentin >>>>>> --- >>>>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>>> University of Newcastle, >>>>>> Newcastle upon Tyne, >>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>> -------------------------------------------------------------- >>>>>> >>>>>> >>>>> ---------- >>>>> >>>>> >>>>>> "Any opinion expressed above is mine. The University can get >>>>>> >>>>>> >>>> its own." >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: MailScanner mailing list >>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>> Sent: 12 January 2005 15:30 >>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>> code problem >>>>>>> >>>>>>> What version of MailScanner are you using? I slightly improved the >>>>>>> locking code (took out an "improvement" I made a long time >>>>>>> >>>>>>> >>>>> ago which I >>>>> >>>>> >>>>>>> only made after lots of people requested it) in 4.37. It now >>>>>>> >>>>>>> >>>>> locks the >>>>> >>>>> >>>>>>> df as well as the qf, which slows down delivery slightly in some >>>>>>> situations, but appears to be more reliable than just >>>>>>> >>>>>>> >>>> locking the qf. >>>> >>>> >>>>>>> Quentin Campbell wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: MailScanner mailing list >>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>>>> Sent: 12 January 2005 11:53 >>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>> Subject: Re: "Banned Content" question - a related problem >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> From: MailScanner mailing list >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> Behalf Of Quentin Campbell >>>>>>>>>> >>>>>>>>>> All the systems are now up2date as far as RH AS 3 patches are >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> concerned. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> All the systems use the Sendmail that comes with these >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> system; the last >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> time they were updated this was Sendmail 8.12.11. I use >>>>>>>>>> >>>>>>>>>> >>>>> the default >>>>> >>>>> >>>>>>>>>> locking in MailScanner. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> I also had this problem on sendmail 8.12.10. After changing >>>>>>>>> the locking to posix, the problem was gone. So, although the >>>>>>>>> docs state that the locking problem occurs only from 8.13 on, >>>>>>>>> it seems that also some 8.12 versions are affected. Please set >>>>>>>>> the locking mechanism to "posix" and see if it solves >>>>>>>>> >>>>>>>>> >>>> your problem. >>>> >>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> I will do this as a last resort. There are four reasons why >>>>>>>> >>>>>>>> >>>>> I want to >>>>> >>>>> >>>>>>>> investigate other things first. In particular I want to capture a >>>>>>>> message before then after it has gone through MailSanner and got >>>>>>>> corrupted: >>>>>>>> >>>>>>>> 1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>>>>>>> 2. The symptoms we are seeing do not appear to be >>>>>>>> >>>>>>>> >>> repeatable so far >>> >>> >>>>>>>> which makes conclusive testing difficult. >>>>>>>> 3. I have looked for other evidence of locking problems but >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> cannot find >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> any. For example I can show that all messages tagged as spam by >>>>>>>> MailScanner have been tagged once only. If there is a >>>>>>>> >>>>>>>> >>>>> locking problem >>>>> >>>>> >>>>>>>> you will see the same message (ie. same Sendmail QID) being >>>>>>>> >>>>>>>> >>>>> tagged as >>>>> >>>>> >>>>>>>> spam more than once by two or more MS processes. >>>>>>>> 4. The problem appears related to the Web Bug check. I will >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> switch that >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> off first. See below for more details of this. >>>>>>>> >>>>>>>> Having looked further at the problem it appears to be >>>>>>>> >>>>>>>> >>>>> related to MIME >>>>> >>>>> >>>>>>>> multipart/alternative messages having all or part of the HTML part >>>>>>>> corrupted. The text part is not being affected. >>>>>>>> >>>>>>>> In all of the cases the logs show that MailScanner has >>>>>>>> >>>>>>>> >>>>> "disarmed" the >>>>> >>>>> >>>>>>>> HTML content. Since I only "disarm" Web Bugs it appears >>>>>>>> >>>>>>>> >>>>> that there may >>>>> >>>>> >>>>>>>> be a bug in the Web Bugs code that causes an intermittent >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> problem. This >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> suspicion is reinforced by the observation that the problem >>>>>>>> >>>>>>>> >>>>> appears to >>>>> >>>>> >>>>>>>> have started when I enabled the Web Bug check late last >>>>>>>> >>>>>>>> >>>> year. I will >>>> >>>> >>>>>>>> first of all try "Allow WebBugs = yes" and see what happens. >>>>>>>> >>>>>>>> Quentin >>>>>>>> >>>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Julian Field >>>>>>> www.MailScanner.info >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> >>>>>>> ------------------------ MailScanner list ------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> ------------------------ MailScanner list ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Thu Jan 13 15:06:36 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:11 2006 Subject: Dovecot - pop-before-smtp Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel, This may not be the answer you are looking for, but consider using smtp authentication with cyrus-sasl or similar software. I have been using pop-before-smtp with MS and postfix for over 6 months now. Pop-before-smtp has given me so many problems that I have been forced to dump it. The perl and C versions randomly crash for me after a few hours. Cyrus-SASL is a great solution, and is much more secure, especially if you have remote users. On Thu, 2005-01-13 at 09:56, Marcel Blenkers wrote: Hi there, maybe someone on this list could help me, as the ml of pop-before-smtp seems not work at all ;) Heard of dovecot on this ml and saw that this would be a pop3/imap-daemon, which could help me a lot.. so i tried the pop-before-smtp-programm, as stated on the website..and managed to get it working.. now my problem is the following.. it seems that my berkley db and the Module DB_File are way uptodate (yes, that could happen ;) as they produce a db-file with version 8..but i do need version 7. access.db: Berkeley DB (Hash, version 7, native byte-order) popauth.db: Berkeley DB (Hash, version 8, native byte-order) due to the fact that the file popauth.db is not really version 7, sendmail is not able to read and use it.. So..maybe some of the geeks in here could help? :) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Thu Jan 13 17:14:42 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:11 2006 Subject: Contrib - CustomFunction MultiSpamActions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A request for this seems to come up once in awhile. I've used this in production for awhile. My setup only scans incoming mail. Provided asis. As many spam actions as you want, configurable per user or domain. ------------------------------------------------ This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "MultiSpamActions.pm.gz") ] [ 2.2KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Jan 13 17:51:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:11 2006 Subject: Contrib - CustomFunction MultiSpamActions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Cool! My only comment would be that you should be able to pass the location of the configuration file in as a parameter to one of the Custom Functions. But that's very minor. Thankyou very much for contributing this. It also serves as a good demonstration of how much functionality can be achieved in Custom Functions with very little code! Derek Winkler wrote: >A request for this seems to come up once in awhile. > >I've used this in production for awhile. > >My setup only scans incoming mail. > >Provided asis. > >As many spam actions as you want, configurable per user or domain. > >------------------------------------------------ > > > > >This email and any files transmitted with it are confidential and >proprietary to Algorithmics Incorporated and its affiliates >("Algorithmics"). If received in error, use is prohibited. Please destroy, >and notify sender. Sender does not waive confidentiality or privilege. >Internet communications cannot be guaranteed to be timely, secure, error or >virus-free. Algorithmics does not accept liability for any errors or >omissions. Any commitment intended to bind Algorithmics must be reduced to >writing and signed by an authorized signatory. > > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 13 18:03:10 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:11 2006 Subject: "Banned Content" question - still getting "Content Check" messages Message-ID: Julian You gave me a version of Message.pm in late December to test out a phishing net improvement. This already had "$DisarmInsideLink = 0;". However I have initialised the other variables you suggested. Will let you know what happens. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 13 January 2005 15:05 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - still getting >"Content Check" messages > >1 more: >There is a line in Message.pm that says > >$DisarmInsideLink = ""; > >Change it to say > >$DisarmInsideLink = 0; > >You might be hitting a Perl bug, which would explain the fact you can't >reproduce the problem reliably. > >Julian Field wrote: > >> A minor bugfix to Message.pm which probably won't make any >difference, >> but is still worth a try. >> >> @@ -3687,6 +3687,13 @@ >> #print STDERR "Tags to convert are " . >$this->{tagstoconvert} . "\n"; >> >> # Set the disarm booleans for this message >> + $DisarmFormTag = 0; >> + $DisarmScriptTag = 0; >> + $DisarmCodebaseTag = 0; >> + $DisarmCodebaseTag = 0; >> + $DisarmIframeTag = 0; >> + $DisarmWebBug = 0; >> + $DisarmPhishing = 0; >> $DisarmFormTag = 1 if $this->{tagstoconvert} =~ /form/i; >> $DisarmScriptTag = 1 if $this->{tagstoconvert} =~ /script/i; >> $DisarmCodebaseTag = 1 if $this->{tagstoconvert} =~ /codebase/i; >> >> I'm afraid I can't think of much else. All the other variables are >> initialised, and these few just maintain state for the particular >> message, they don't hold any message content. >> >> Quentin Campbell wrote: >> >>> Julian >>> >>> I have applied your SMDiskStore.pm changes as well as set >"Allow WebBugs >>> = yes". >>> >>> However we are still getting corrupted HTML in multipart/alternative >>> message. These are all accompanied with "Content Checks: >Detected and >>> will disarm HTML message in ..." messages in the Sendmail >log. This is >>> happening on both 4.35.10 and 4.37.7 systems. >>> >>> Unfortunately the problem is INTERMITTENT and it cannot be >repeated by >>> sending the same message again to the same recipient. :-( >>> >>> The "Content Checks:" message is misleading since I am no >longer using >>> the "disarm" content action anywhere, either in >MailScanner.conf or in >>> the MailScanner rules files. Where I specify an action to >deal with HTML >>> content it only uses "striphtml". >>> >>> Why then is MailScanner telling me it is "disarming" HTML >when I have >>> not asked it to? >>> >>> This is really getting frustrating and more users are >complaining. :-( >>> >>> PS I note that I applied two patches from you late last year to the >>> 4.35.10 system; >>> these were to SMDiskStore.pm and SweepContent.pm. >>> >>> Quentin >>> --- >>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> >--------------------------------------------------------------- >--------- >>> "Any opinion expressed above is mine. The University can >get its own." >>> >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>> Sent: 13 January 2005 11:33 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: "Banned Content" question - Lock/Unlock does not >>>> fix problem >>>> >>>> Julian >>>> >>>> The mods to subs "Lock" and "Unlock" have not fixed the problem. >>>> >>>> It appears to be also present on a 4.37.7-1 system. As this >>>> has the same >>>> Lock/Unlock code that should not be a surprise. >>>> >>>> I will now allow web bugs to see if the corruption stops. >>>> >>>> Quentin >>>> --- >>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>> --------------------------------------------------------------- >>>> --------- >>>> "Any opinion expressed above is mine. The University can get >>>> its own." >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list >>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>>> Sent: 13 January 2005 08:50 >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>> code problem >>>>> >>>>> Julian >>>>> >>>>> You had already given me a new SMDiskStore.pm module, dated >>>>> >>>>> >>>> 16 December >>>> >>>> >>>>> to try. The locking code in this differs from the new >code you want me >>>>> to try as follows: >>>>> >>>>> < #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >>>>> < close($this->{indhandle}); >>>>> --- >>>>> >>>>> >>>>>> # Now we lock the df file as well, we must unlock it too. >>>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>> #close($this->{indhandle}); >>>>>> >>>>>> >>>>> I have made the change as above and will let you know >what happens. I >>>>> also note that the new code is in the MailScanner-4.37.7-1 >>>>> SMDiskStore.pm which I was planning to move to anyway. >>>>> >>>>> I have not touched the "Allow WebBugs = disarm" setting >which I assume >>>>> is an essential part of the test of the changes to SMDiskStore.pm. >>>>> >>>>> Quentin >>>>> --- >>>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>> University of Newcastle, >>>>> Newcastle upon Tyne, >>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>> --------------------------------------------------------------- >>>>> --------- >>>>> "Any opinion expressed above is mine. The University can get >>>>> its own." >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: MailScanner mailing list >>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>> Sent: 12 January 2005 16:02 >>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>> code problem >>>>>> >>>>>> In which case try editing SMDiskStore.pm and replace the >sub Lock and >>>>>> sub Unlock with this code: >>>>>> >>>>>> # Open and lock the message >>>>>> sub Lock { >>>>>> my $this = shift; >>>>>> >>>>>> #print STDERR "About to lock " . $this->{hpath} . " and " . >>>>>> # $this->{dpath} . "\n"; >>>>>> MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>>>>> $this->{hpath}, >>>>>> 'w', 'quiet') >>>>>> or return undef; >>>>>> #print STDERR "Got hlock\n"; >>>>>> >>>>>> # If locking the dfile fails, then must close and unlock the >>>>>> qffile too >>>>>> # 14/12/2004 Try putting this back in for now. >>>>>> unless (MailScanner::Lock::openlock($this->{indhandle}, >>>>>> '+<' . $this->{dpath}, 'w', 'quiet')) { >>>>>> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>>>>> $this->{dpath})) { >>>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>> return undef; >>>>>> } >>>>>> #print STDERR "Got dlock\n"; >>>>>> return undef unless $this->{inhhandle} && $this->{indhandle}; >>>>>> return 1; >>>>>> } >>>>>> >>>>>> >>>>>> # Close and unlock the message >>>>>> sub Unlock { >>>>>> my $this = shift; >>>>>> >>>>>> # Now we lock the df file as well, we must unlock it too. >>>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>> #close($this->{indhandle}); >>>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>> } >>>>>> >>>>>> >>>>>> >>>>>> Quentin Campbell wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Julian >>>>>>> >>>>>>> The version of MailScanner on which I have seen the problem >>>>>>> >>>>>>> >>>>>> is 4.35.10. >>>>>> >>>>>> >>>>>>> Quentin >>>>>>> --- >>>>>>> PHONE: +44 191 222 8209 Information Systems and >Services (ISS), >>>>>>> University of Newcastle, >>>>>>> Newcastle upon Tyne, >>>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>> -------------------------------------------------------------- >>>>>>> >>>>>>> >>>>>> ---------- >>>>>> >>>>>> >>>>>>> "Any opinion expressed above is mine. The University can get >>>>>>> >>>>>>> >>>>> its own." >>>>> >>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: MailScanner mailing list >>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>>> Sent: 12 January 2005 15:30 >>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>>> code problem >>>>>>>> >>>>>>>> What version of MailScanner are you using? I slightly >improved the >>>>>>>> locking code (took out an "improvement" I made a long time >>>>>>>> >>>>>>>> >>>>>> ago which I >>>>>> >>>>>> >>>>>>>> only made after lots of people requested it) in 4.37. It now >>>>>>>> >>>>>>>> >>>>>> locks the >>>>>> >>>>>> >>>>>>>> df as well as the qf, which slows down delivery >slightly in some >>>>>>>> situations, but appears to be more reliable than just >>>>>>>> >>>>>>>> >>>>> locking the qf. >>>>> >>>>> >>>>>>>> Quentin Campbell wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> -----Original Message----- >>>>>>>>>> From: MailScanner mailing list >>>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>>>>> Sent: 12 January 2005 11:53 >>>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>>> Subject: Re: "Banned Content" question - a related problem >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> From: MailScanner mailing list >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> Behalf Of Quentin Campbell >>>>>>>>>>> >>>>>>>>>>> All the systems are now up2date as far as RH AS 3 >patches are >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> concerned. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> All the systems use the Sendmail that comes with these >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> system; the last >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> time they were updated this was Sendmail 8.12.11. I use >>>>>>>>>>> >>>>>>>>>>> >>>>>> the default >>>>>> >>>>>> >>>>>>>>>>> locking in MailScanner. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> I also had this problem on sendmail 8.12.10. After changing >>>>>>>>>> the locking to posix, the problem was gone. So, although the >>>>>>>>>> docs state that the locking problem occurs only from 8.13 on, >>>>>>>>>> it seems that also some 8.12 versions are affected. >Please set >>>>>>>>>> the locking mechanism to "posix" and see if it solves >>>>>>>>>> >>>>>>>>>> >>>>> your problem. >>>>> >>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> I will do this as a last resort. There are four reasons why >>>>>>>>> >>>>>>>>> >>>>>> I want to >>>>>> >>>>>> >>>>>>>>> investigate other things first. In particular I want >to capture a >>>>>>>>> message before then after it has gone through >MailSanner and got >>>>>>>>> corrupted: >>>>>>>>> >>>>>>>>> 1. Locking works OK on RH AS 3 systems with an >up-to-date kernel. >>>>>>>>> 2. The symptoms we are seeing do not appear to be >>>>>>>>> >>>>>>>>> >>>> repeatable so far >>>> >>>> >>>>>>>>> which makes conclusive testing difficult. >>>>>>>>> 3. I have looked for other evidence of locking problems but >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> cannot find >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> any. For example I can show that all messages tagged >as spam by >>>>>>>>> MailScanner have been tagged once only. If there is a >>>>>>>>> >>>>>>>>> >>>>>> locking problem >>>>>> >>>>>> >>>>>>>>> you will see the same message (ie. same Sendmail QID) being >>>>>>>>> >>>>>>>>> >>>>>> tagged as >>>>>> >>>>>> >>>>>>>>> spam more than once by two or more MS processes. >>>>>>>>> 4. The problem appears related to the Web Bug check. I will >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> switch that >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> off first. See below for more details of this. >>>>>>>>> >>>>>>>>> Having looked further at the problem it appears to be >>>>>>>>> >>>>>>>>> >>>>>> related to MIME >>>>>> >>>>>> >>>>>>>>> multipart/alternative messages having all or part of >the HTML part >>>>>>>>> corrupted. The text part is not being affected. >>>>>>>>> >>>>>>>>> In all of the cases the logs show that MailScanner has >>>>>>>>> >>>>>>>>> >>>>>> "disarmed" the >>>>>> >>>>>> >>>>>>>>> HTML content. Since I only "disarm" Web Bugs it appears >>>>>>>>> >>>>>>>>> >>>>>> that there may >>>>>> >>>>>> >>>>>>>>> be a bug in the Web Bugs code that causes an intermittent >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> problem. This >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> suspicion is reinforced by the observation that the problem >>>>>>>>> >>>>>>>>> >>>>>> appears to >>>>>> >>>>>> >>>>>>>>> have started when I enabled the Web Bug check late last >>>>>>>>> >>>>>>>>> >>>>> year. I will >>>>> >>>>> >>>>>>>>> first of all try "Allow WebBugs = yes" and see what happens. >>>>>>>>> >>>>>>>>> Quentin >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list >------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off >the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> -- >>>>>>>> Julian Field >>>>>>>> www.MailScanner.info >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >1415 B654 >>>>>>>> >>>>>>>> ------------------------ MailScanner list >------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and >>>>>>>> the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> ------------------------ MailScanner list >------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> Julian Field >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>> ------------------------ MailScanner list >------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 13 18:07:22 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:11 2006 Subject: "Banned Content" question - No luck; still getting "Content Check" messages Message-ID: Julian Initialising those variables in Message.pm has not had any effect. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 13 January 2005 18:03 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - still getting >"Content Check" messages > >Julian > >You gave me a version of Message.pm in late December to test out a >phishing net improvement. This already had "$DisarmInsideLink = 0;". > >However I have initialised the other variables you suggested. Will let >you know what happens. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get >its own." > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 13 January 2005 15:05 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - still getting >>"Content Check" messages >> >>1 more: >>There is a line in Message.pm that says >> >>$DisarmInsideLink = ""; >> >>Change it to say >> >>$DisarmInsideLink = 0; >> >>You might be hitting a Perl bug, which would explain the fact >you can't >>reproduce the problem reliably. >> >>Julian Field wrote: >> >>> A minor bugfix to Message.pm which probably won't make any >>difference, >>> but is still worth a try. >>> >>> @@ -3687,6 +3687,13 @@ >>> #print STDERR "Tags to convert are " . >>$this->{tagstoconvert} . "\n"; >>> >>> # Set the disarm booleans for this message >>> + $DisarmFormTag = 0; >>> + $DisarmScriptTag = 0; >>> + $DisarmCodebaseTag = 0; >>> + $DisarmCodebaseTag = 0; >>> + $DisarmIframeTag = 0; >>> + $DisarmWebBug = 0; >>> + $DisarmPhishing = 0; >>> $DisarmFormTag = 1 if $this->{tagstoconvert} =~ /form/i; >>> $DisarmScriptTag = 1 if $this->{tagstoconvert} =~ /script/i; >>> $DisarmCodebaseTag = 1 if $this->{tagstoconvert} =~ /codebase/i; >>> >>> I'm afraid I can't think of much else. All the other variables are >>> initialised, and these few just maintain state for the particular >>> message, they don't hold any message content. >>> >>> Quentin Campbell wrote: >>> >>>> Julian >>>> >>>> I have applied your SMDiskStore.pm changes as well as set >>"Allow WebBugs >>>> = yes". >>>> >>>> However we are still getting corrupted HTML in >multipart/alternative >>>> message. These are all accompanied with "Content Checks: >>Detected and >>>> will disarm HTML message in ..." messages in the Sendmail >>log. This is >>>> happening on both 4.35.10 and 4.37.7 systems. >>>> >>>> Unfortunately the problem is INTERMITTENT and it cannot be >>repeated by >>>> sending the same message again to the same recipient. :-( >>>> >>>> The "Content Checks:" message is misleading since I am no >>longer using >>>> the "disarm" content action anywhere, either in >>MailScanner.conf or in >>>> the MailScanner rules files. Where I specify an action to >>deal with HTML >>>> content it only uses "striphtml". >>>> >>>> Why then is MailScanner telling me it is "disarming" HTML >>when I have >>>> not asked it to? >>>> >>>> This is really getting frustrating and more users are >>complaining. :-( >>>> >>>> PS I note that I applied two patches from you late last year to the >>>> 4.35.10 system; >>>> these were to SMDiskStore.pm and SweepContent.pm. >>>> >>>> Quentin >>>> --- >>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>> >>--------------------------------------------------------------- >>--------- >>>> "Any opinion expressed above is mine. The University can >>get its own." >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list >>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>>> Sent: 13 January 2005 11:33 >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: "Banned Content" question - Lock/Unlock does not >>>>> fix problem >>>>> >>>>> Julian >>>>> >>>>> The mods to subs "Lock" and "Unlock" have not fixed the problem. >>>>> >>>>> It appears to be also present on a 4.37.7-1 system. As this >>>>> has the same >>>>> Lock/Unlock code that should not be a surprise. >>>>> >>>>> I will now allow web bugs to see if the corruption stops. >>>>> >>>>> Quentin >>>>> --- >>>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>> University of Newcastle, >>>>> Newcastle upon Tyne, >>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>> --------------------------------------------------------------- >>>>> --------- >>>>> "Any opinion expressed above is mine. The University can get >>>>> its own." >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: MailScanner mailing list >>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>>>> Sent: 13 January 2005 08:50 >>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>> code problem >>>>>> >>>>>> Julian >>>>>> >>>>>> You had already given me a new SMDiskStore.pm module, dated >>>>>> >>>>>> >>>>> 16 December >>>>> >>>>> >>>>>> to try. The locking code in this differs from the new >>code you want me >>>>>> to try as follows: >>>>>> >>>>>> < #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>> < close($this->{indhandle}); >>>>>> --- >>>>>> >>>>>> >>>>>>> # Now we lock the df file as well, we must unlock it too. >>>>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>> #close($this->{indhandle}); >>>>>>> >>>>>>> >>>>>> I have made the change as above and will let you know >>what happens. I >>>>>> also note that the new code is in the MailScanner-4.37.7-1 >>>>>> SMDiskStore.pm which I was planning to move to anyway. >>>>>> >>>>>> I have not touched the "Allow WebBugs = disarm" setting >>which I assume >>>>>> is an essential part of the test of the changes to >SMDiskStore.pm. >>>>>> >>>>>> Quentin >>>>>> --- >>>>>> PHONE: +44 191 222 8209 Information Systems and >Services (ISS), >>>>>> University of Newcastle, >>>>>> Newcastle upon Tyne, >>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>> --------------------------------------------------------------- >>>>>> --------- >>>>>> "Any opinion expressed above is mine. The University can get >>>>>> its own." >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: MailScanner mailing list >>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>> Sent: 12 January 2005 16:02 >>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>> code problem >>>>>>> >>>>>>> In which case try editing SMDiskStore.pm and replace the >>sub Lock and >>>>>>> sub Unlock with this code: >>>>>>> >>>>>>> # Open and lock the message >>>>>>> sub Lock { >>>>>>> my $this = shift; >>>>>>> >>>>>>> #print STDERR "About to lock " . $this->{hpath} . " and " . >>>>>>> # $this->{dpath} . "\n"; >>>>>>> MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>>>>>> $this->{hpath}, >>>>>>> 'w', 'quiet') >>>>>>> or return undef; >>>>>>> #print STDERR "Got hlock\n"; >>>>>>> >>>>>>> # If locking the dfile fails, then must close and unlock the >>>>>>> qffile too >>>>>>> # 14/12/2004 Try putting this back in for now. >>>>>>> unless (MailScanner::Lock::openlock($this->{indhandle}, >>>>>>> '+<' . $this->{dpath}, 'w', 'quiet')) { >>>>>>> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>>>>>> $this->{dpath})) { >>>>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>>> return undef; >>>>>>> } >>>>>>> #print STDERR "Got dlock\n"; >>>>>>> return undef unless $this->{inhhandle} && $this->{indhandle}; >>>>>>> return 1; >>>>>>> } >>>>>>> >>>>>>> >>>>>>> # Close and unlock the message >>>>>>> sub Unlock { >>>>>>> my $this = shift; >>>>>>> >>>>>>> # Now we lock the df file as well, we must unlock it too. >>>>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>> #close($this->{indhandle}); >>>>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>>> } >>>>>>> >>>>>>> >>>>>>> >>>>>>> Quentin Campbell wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Julian >>>>>>>> >>>>>>>> The version of MailScanner on which I have seen the problem >>>>>>>> >>>>>>>> >>>>>>> is 4.35.10. >>>>>>> >>>>>>> >>>>>>>> Quentin >>>>>>>> --- >>>>>>>> PHONE: +44 191 222 8209 Information Systems and >>Services (ISS), >>>>>>>> University of Newcastle, >>>>>>>> Newcastle upon Tyne, >>>>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>>> -------------------------------------------------------------- >>>>>>>> >>>>>>>> >>>>>>> ---------- >>>>>>> >>>>>>> >>>>>>>> "Any opinion expressed above is mine. The University can get >>>>>>>> >>>>>>>> >>>>>> its own." >>>>>> >>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: MailScanner mailing list >>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>>>> Sent: 12 January 2005 15:30 >>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>>>> code problem >>>>>>>>> >>>>>>>>> What version of MailScanner are you using? I slightly >>improved the >>>>>>>>> locking code (took out an "improvement" I made a long time >>>>>>>>> >>>>>>>>> >>>>>>> ago which I >>>>>>> >>>>>>> >>>>>>>>> only made after lots of people requested it) in 4.37. It now >>>>>>>>> >>>>>>>>> >>>>>>> locks the >>>>>>> >>>>>>> >>>>>>>>> df as well as the qf, which slows down delivery >>slightly in some >>>>>>>>> situations, but appears to be more reliable than just >>>>>>>>> >>>>>>>>> >>>>>> locking the qf. >>>>>> >>>>>> >>>>>>>>> Quentin Campbell wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>>> -----Original Message----- >>>>>>>>>>> From: MailScanner mailing list >>>>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>>>>>> Sent: 12 January 2005 11:53 >>>>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>>>> Subject: Re: "Banned Content" question - a related problem >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> From: MailScanner mailing list >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>>>> Behalf Of Quentin Campbell >>>>>>>>>>>> >>>>>>>>>>>> All the systems are now up2date as far as RH AS 3 >>patches are >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> concerned. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> All the systems use the Sendmail that comes with these >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> system; the last >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> time they were updated this was Sendmail 8.12.11. I use >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>> the default >>>>>>> >>>>>>> >>>>>>>>>>>> locking in MailScanner. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> I also had this problem on sendmail 8.12.10. After changing >>>>>>>>>>> the locking to posix, the problem was gone. So, although the >>>>>>>>>>> docs state that the locking problem occurs only >from 8.13 on, >>>>>>>>>>> it seems that also some 8.12 versions are affected. >>Please set >>>>>>>>>>> the locking mechanism to "posix" and see if it solves >>>>>>>>>>> >>>>>>>>>>> >>>>>> your problem. >>>>>> >>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> I will do this as a last resort. There are four reasons why >>>>>>>>>> >>>>>>>>>> >>>>>>> I want to >>>>>>> >>>>>>> >>>>>>>>>> investigate other things first. In particular I want >>to capture a >>>>>>>>>> message before then after it has gone through >>MailSanner and got >>>>>>>>>> corrupted: >>>>>>>>>> >>>>>>>>>> 1. Locking works OK on RH AS 3 systems with an >>up-to-date kernel. >>>>>>>>>> 2. The symptoms we are seeing do not appear to be >>>>>>>>>> >>>>>>>>>> >>>>> repeatable so far >>>>> >>>>> >>>>>>>>>> which makes conclusive testing difficult. >>>>>>>>>> 3. I have looked for other evidence of locking problems but >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> cannot find >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> any. For example I can show that all messages tagged >>as spam by >>>>>>>>>> MailScanner have been tagged once only. If there is a >>>>>>>>>> >>>>>>>>>> >>>>>>> locking problem >>>>>>> >>>>>>> >>>>>>>>>> you will see the same message (ie. same Sendmail QID) being >>>>>>>>>> >>>>>>>>>> >>>>>>> tagged as >>>>>>> >>>>>>> >>>>>>>>>> spam more than once by two or more MS processes. >>>>>>>>>> 4. The problem appears related to the Web Bug check. I will >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> switch that >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> off first. See below for more details of this. >>>>>>>>>> >>>>>>>>>> Having looked further at the problem it appears to be >>>>>>>>>> >>>>>>>>>> >>>>>>> related to MIME >>>>>>> >>>>>>> >>>>>>>>>> multipart/alternative messages having all or part of >>the HTML part >>>>>>>>>> corrupted. The text part is not being affected. >>>>>>>>>> >>>>>>>>>> In all of the cases the logs show that MailScanner has >>>>>>>>>> >>>>>>>>>> >>>>>>> "disarmed" the >>>>>>> >>>>>>> >>>>>>>>>> HTML content. Since I only "disarm" Web Bugs it appears >>>>>>>>>> >>>>>>>>>> >>>>>>> that there may >>>>>>> >>>>>>> >>>>>>>>>> be a bug in the Web Bugs code that causes an intermittent >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> problem. This >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> suspicion is reinforced by the observation that the problem >>>>>>>>>> >>>>>>>>>> >>>>>>> appears to >>>>>>> >>>>>>> >>>>>>>>>> have started when I enabled the Web Bug check late last >>>>>>>>>> >>>>>>>>>> >>>>>> year. I will >>>>>> >>>>>> >>>>>>>>>> first of all try "Allow WebBugs = yes" and see what happens. >>>>>>>>>> >>>>>>>>>> Quentin >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and >>>>>>>>>> the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off >>the website! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> Julian Field >>>>>>>>> www.MailScanner.info >>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>> >>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >>1415 B654 >>>>>>>>> >>>>>>>>> ------------------------ MailScanner list >>------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off >the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> ------------------------ MailScanner list >>------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and >>>>>>>> the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Julian Field >>>>>>> www.MailScanner.info >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> >>>>>>> ------------------------ MailScanner list >>------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> ------------------------ MailScanner list >------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mat at WINSTON.IT.IPT-LTD.CO.UK Thu Jan 13 16:15:57 2005 From: mat at WINSTON.IT.IPT-LTD.CO.UK (Mathew Davies) Date: Thu Jan 12 21:28:11 2006 Subject: Mailwatch and quarantine release. Message-ID: I've spent a while searching through the list archive and so far all I have found is this message on the list but no resolution http://sourceforge.net/mailarchive/message.php?msg_id=9495585 Mailwatch does not seem to be able to release a quarantined message I can sa-learn it, delete it, etc. When I try to release, it comes back and says: Release: error I've checked the permissions /var/spool/MailScanner/quarantine) I am running debian sarge package mailscanner 4.36.4-1 and src MailWatch 0.51 Does anyone know the resolution to this? thanks mat ---------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by IPT MailScanner, and is believed to be clean. Interactive Prospect Targeting http://www.ipt-ltd.co.uk/ ---------------------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 13 18:21:22 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:12 2006 Subject: "Banned Content" question - It is an old problem it seems. Message-ID: Julian In desperation I went back to some old logs. If can see the "Content Checks: ... will disarm HTML ..." message in July of last year. So it is an old problem it seems. It appeared to be related to the corrupted HTML problem we started experiencing in late December. However I am not aware of the corrupted HTML problem also being around in July. For the moment I will just concentrate on monitoring the the newer mulitpart/alternative corrupted HTML issue to see how often it happens. As a point of interest, in late December I did an 'up2date' on the RH AS 3 systems on which we run MailScanner. This 'up2date' appears to have updated Perl but I have no indication that the new Perl is duff. Thanks for your help. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 13 January 2005 18:07 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - No luck; still >getting "Content Check" messages > >Julian > >Initialising those variables in Message.pm has not had any effect. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >"Any opinion expressed above is mine. The University can get >its own." > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>Sent: 13 January 2005 18:03 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - still getting >>"Content Check" messages >> >>Julian >> >>You gave me a version of Message.pm in late December to test out a >>phishing net improvement. This already had "$DisarmInsideLink = 0;". >> >>However I have initialised the other variables you suggested. Will let >>you know what happens. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>"Any opinion expressed above is mine. The University can get >>its own." >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 13 January 2005 15:05 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question - still getting >>>"Content Check" messages >>> >>>1 more: >>>There is a line in Message.pm that says >>> >>>$DisarmInsideLink = ""; >>> >>>Change it to say >>> >>>$DisarmInsideLink = 0; >>> >>>You might be hitting a Perl bug, which would explain the fact >>you can't >>>reproduce the problem reliably. >>> >>>Julian Field wrote: >>> >>>> A minor bugfix to Message.pm which probably won't make any >>>difference, >>>> but is still worth a try. >>>> >>>> @@ -3687,6 +3687,13 @@ >>>> #print STDERR "Tags to convert are " . >>>$this->{tagstoconvert} . "\n"; >>>> >>>> # Set the disarm booleans for this message >>>> + $DisarmFormTag = 0; >>>> + $DisarmScriptTag = 0; >>>> + $DisarmCodebaseTag = 0; >>>> + $DisarmCodebaseTag = 0; >>>> + $DisarmIframeTag = 0; >>>> + $DisarmWebBug = 0; >>>> + $DisarmPhishing = 0; >>>> $DisarmFormTag = 1 if $this->{tagstoconvert} =~ /form/i; >>>> $DisarmScriptTag = 1 if $this->{tagstoconvert} =~ /script/i; >>>> $DisarmCodebaseTag = 1 if $this->{tagstoconvert} =~ /codebase/i; >>>> >>>> I'm afraid I can't think of much else. All the other variables are >>>> initialised, and these few just maintain state for the particular >>>> message, they don't hold any message content. >>>> >>>> Quentin Campbell wrote: >>>> >>>>> Julian >>>>> >>>>> I have applied your SMDiskStore.pm changes as well as set >>>"Allow WebBugs >>>>> = yes". >>>>> >>>>> However we are still getting corrupted HTML in >>multipart/alternative >>>>> message. These are all accompanied with "Content Checks: >>>Detected and >>>>> will disarm HTML message in ..." messages in the Sendmail >>>log. This is >>>>> happening on both 4.35.10 and 4.37.7 systems. >>>>> >>>>> Unfortunately the problem is INTERMITTENT and it cannot be >>>repeated by >>>>> sending the same message again to the same recipient. :-( >>>>> >>>>> The "Content Checks:" message is misleading since I am no >>>longer using >>>>> the "disarm" content action anywhere, either in >>>MailScanner.conf or in >>>>> the MailScanner rules files. Where I specify an action to >>>deal with HTML >>>>> content it only uses "striphtml". >>>>> >>>>> Why then is MailScanner telling me it is "disarming" HTML >>>when I have >>>>> not asked it to? >>>>> >>>>> This is really getting frustrating and more users are >>>complaining. :-( >>>>> >>>>> PS I note that I applied two patches from you late last >year to the >>>>> 4.35.10 system; >>>>> these were to SMDiskStore.pm and SweepContent.pm. >>>>> >>>>> Quentin >>>>> --- >>>>> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>> University of Newcastle, >>>>> Newcastle upon Tyne, >>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>> >>>--------------------------------------------------------------- >>>--------- >>>>> "Any opinion expressed above is mine. The University can >>>get its own." >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: MailScanner mailing list >>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>>>> Sent: 13 January 2005 11:33 >>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>> Subject: Re: "Banned Content" question - Lock/Unlock does not >>>>>> fix problem >>>>>> >>>>>> Julian >>>>>> >>>>>> The mods to subs "Lock" and "Unlock" have not fixed the problem. >>>>>> >>>>>> It appears to be also present on a 4.37.7-1 system. As this >>>>>> has the same >>>>>> Lock/Unlock code that should not be a surprise. >>>>>> >>>>>> I will now allow web bugs to see if the corruption stops. >>>>>> >>>>>> Quentin >>>>>> --- >>>>>> PHONE: +44 191 222 8209 Information Systems and >Services (ISS), >>>>>> University of Newcastle, >>>>>> Newcastle upon Tyne, >>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>> --------------------------------------------------------------- >>>>>> --------- >>>>>> "Any opinion expressed above is mine. The University can get >>>>>> its own." >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: MailScanner mailing list >>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of >Quentin Campbell >>>>>>> Sent: 13 January 2005 08:50 >>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>> code problem >>>>>>> >>>>>>> Julian >>>>>>> >>>>>>> You had already given me a new SMDiskStore.pm module, dated >>>>>>> >>>>>>> >>>>>> 16 December >>>>>> >>>>>> >>>>>>> to try. The locking code in this differs from the new >>>code you want me >>>>>>> to try as follows: >>>>>>> >>>>>>> < #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>> < close($this->{indhandle}); >>>>>>> --- >>>>>>> >>>>>>> >>>>>>>> # Now we lock the df file as well, we must unlock it too. >>>>>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>>> #close($this->{indhandle}); >>>>>>>> >>>>>>>> >>>>>>> I have made the change as above and will let you know >>>what happens. I >>>>>>> also note that the new code is in the MailScanner-4.37.7-1 >>>>>>> SMDiskStore.pm which I was planning to move to anyway. >>>>>>> >>>>>>> I have not touched the "Allow WebBugs = disarm" setting >>>which I assume >>>>>>> is an essential part of the test of the changes to >>SMDiskStore.pm. >>>>>>> >>>>>>> Quentin >>>>>>> --- >>>>>>> PHONE: +44 191 222 8209 Information Systems and >>Services (ISS), >>>>>>> University of Newcastle, >>>>>>> Newcastle upon Tyne, >>>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>> --------------------------------------------------------------- >>>>>>> --------- >>>>>>> "Any opinion expressed above is mine. The University can get >>>>>>> its own." >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: MailScanner mailing list >>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>>> Sent: 12 January 2005 16:02 >>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>>> code problem >>>>>>>> >>>>>>>> In which case try editing SMDiskStore.pm and replace the >>>sub Lock and >>>>>>>> sub Unlock with this code: >>>>>>>> >>>>>>>> # Open and lock the message >>>>>>>> sub Lock { >>>>>>>> my $this = shift; >>>>>>>> >>>>>>>> #print STDERR "About to lock " . $this->{hpath} . " and " . >>>>>>>> # $this->{dpath} . "\n"; >>>>>>>> MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>>>>>>> $this->{hpath}, >>>>>>>> 'w', 'quiet') >>>>>>>> or return undef; >>>>>>>> #print STDERR "Got hlock\n"; >>>>>>>> >>>>>>>> # If locking the dfile fails, then must close and unlock the >>>>>>>> qffile too >>>>>>>> # 14/12/2004 Try putting this back in for now. >>>>>>>> unless (MailScanner::Lock::openlock($this->{indhandle}, >>>>>>>> '+<' . $this->{dpath}, 'w', 'quiet')) { >>>>>>>> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>>>>>>> $this->{dpath})) { >>>>>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>>>> return undef; >>>>>>>> } >>>>>>>> #print STDERR "Got dlock\n"; >>>>>>>> return undef unless $this->{inhhandle} && $this->{indhandle}; >>>>>>>> return 1; >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> # Close and unlock the message >>>>>>>> sub Unlock { >>>>>>>> my $this = shift; >>>>>>>> >>>>>>>> # Now we lock the df file as well, we must unlock it too. >>>>>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>>> #close($this->{indhandle}); >>>>>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Quentin Campbell wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Julian >>>>>>>>> >>>>>>>>> The version of MailScanner on which I have seen the problem >>>>>>>>> >>>>>>>>> >>>>>>>> is 4.35.10. >>>>>>>> >>>>>>>> >>>>>>>>> Quentin >>>>>>>>> --- >>>>>>>>> PHONE: +44 191 222 8209 Information Systems and >>>Services (ISS), >>>>>>>>> University of Newcastle, >>>>>>>>> Newcastle upon Tyne, >>>>>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>>>> -------------------------------------------------------------- >>>>>>>>> >>>>>>>>> >>>>>>>> ---------- >>>>>>>> >>>>>>>> >>>>>>>>> "Any opinion expressed above is mine. The University can get >>>>>>>>> >>>>>>>>> >>>>>>> its own." >>>>>>> >>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> -----Original Message----- >>>>>>>>>> From: MailScanner mailing list >>>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>>>>> Sent: 12 January 2005 15:30 >>>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>>> Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>>>>> code problem >>>>>>>>>> >>>>>>>>>> What version of MailScanner are you using? I slightly >>>improved the >>>>>>>>>> locking code (took out an "improvement" I made a long time >>>>>>>>>> >>>>>>>>>> >>>>>>>> ago which I >>>>>>>> >>>>>>>> >>>>>>>>>> only made after lots of people requested it) in 4.37. It now >>>>>>>>>> >>>>>>>>>> >>>>>>>> locks the >>>>>>>> >>>>>>>> >>>>>>>>>> df as well as the qf, which slows down delivery >>>slightly in some >>>>>>>>>> situations, but appears to be more reliable than just >>>>>>>>>> >>>>>>>>>> >>>>>>> locking the qf. >>>>>>> >>>>>>> >>>>>>>>>> Quentin Campbell wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>> -----Original Message----- >>>>>>>>>>>> From: MailScanner mailing list >>>>>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>>>>>>> Sent: 12 January 2005 11:53 >>>>>>>>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>>>>> Subject: Re: "Banned Content" question - a related problem >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> From: MailScanner mailing list >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>>> Behalf Of Quentin Campbell >>>>>>>>>>>>> >>>>>>>>>>>>> All the systems are now up2date as far as RH AS 3 >>>patches are >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> concerned. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> All the systems use the Sendmail that comes with these >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> system; the last >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> time they were updated this was Sendmail 8.12.11. I use >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>> the default >>>>>>>> >>>>>>>> >>>>>>>>>>>>> locking in MailScanner. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> I also had this problem on sendmail 8.12.10. After changing >>>>>>>>>>>> the locking to posix, the problem was gone. So, >although the >>>>>>>>>>>> docs state that the locking problem occurs only >>from 8.13 on, >>>>>>>>>>>> it seems that also some 8.12 versions are affected. >>>Please set >>>>>>>>>>>> the locking mechanism to "posix" and see if it solves >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>> your problem. >>>>>>> >>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> I will do this as a last resort. There are four reasons why >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> I want to >>>>>>>> >>>>>>>> >>>>>>>>>>> investigate other things first. In particular I want >>>to capture a >>>>>>>>>>> message before then after it has gone through >>>MailSanner and got >>>>>>>>>>> corrupted: >>>>>>>>>>> >>>>>>>>>>> 1. Locking works OK on RH AS 3 systems with an >>>up-to-date kernel. >>>>>>>>>>> 2. The symptoms we are seeing do not appear to be >>>>>>>>>>> >>>>>>>>>>> >>>>>> repeatable so far >>>>>> >>>>>> >>>>>>>>>>> which makes conclusive testing difficult. >>>>>>>>>>> 3. I have looked for other evidence of locking problems but >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> cannot find >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> any. For example I can show that all messages tagged >>>as spam by >>>>>>>>>>> MailScanner have been tagged once only. If there is a >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> locking problem >>>>>>>> >>>>>>>> >>>>>>>>>>> you will see the same message (ie. same Sendmail QID) being >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> tagged as >>>>>>>> >>>>>>>> >>>>>>>>>>> spam more than once by two or more MS processes. >>>>>>>>>>> 4. The problem appears related to the Web Bug check. I will >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> switch that >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> off first. See below for more details of this. >>>>>>>>>>> >>>>>>>>>>> Having looked further at the problem it appears to be >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> related to MIME >>>>>>>> >>>>>>>> >>>>>>>>>>> multipart/alternative messages having all or part of >>>the HTML part >>>>>>>>>>> corrupted. The text part is not being affected. >>>>>>>>>>> >>>>>>>>>>> In all of the cases the logs show that MailScanner has >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> "disarmed" the >>>>>>>> >>>>>>>> >>>>>>>>>>> HTML content. Since I only "disarm" Web Bugs it appears >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> that there may >>>>>>>> >>>>>>>> >>>>>>>>>>> be a bug in the Web Bugs code that causes an intermittent >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> problem. This >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> suspicion is reinforced by the observation that the problem >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> appears to >>>>>>>> >>>>>>>> >>>>>>>>>>> have started when I enabled the Web Bug check late last >>>>>>>>>>> >>>>>>>>>>> >>>>>>> year. I will >>>>>>> >>>>>>> >>>>>>>>>>> first of all try "Allow WebBugs = yes" and see what happens. >>>>>>>>>>> >>>>>>>>>>> Quentin >>>>>>>>>>> >>>>>>>>>>> ------------------------ MailScanner list >>>------------------------ >>>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with >the words: >>>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>>> Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and >>>>>>>>>>> the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off >>>the website! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Julian Field >>>>>>>>>> www.MailScanner.info >>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>> >>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >>>1415 B654 >>>>>>>>>> >>>>>>>>>> ------------------------ MailScanner list >>>------------------------ >>>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>>> Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and >>>>>>>>>> the archives >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off >>the website! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> ------------------------ MailScanner list >>>------------------------ >>>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>>> Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and >>>>>>>>> the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off >the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> -- >>>>>>>> Julian Field >>>>>>>> www.MailScanner.info >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >1415 B654 >>>>>>>> >>>>>>>> ------------------------ MailScanner list >>>------------------------ >>>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>> 'leave mailscanner' in the body of the email. >>>>>>>> Before posting, read the MAQ >>>(http://www.mailscanner.biz/maq/) and >>>>>>>> the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> ------------------------ MailScanner list >>------------------------ >>>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>> 'leave mailscanner' in the body of the email. >>>>>>> Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and >>>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> ------------------------ MailScanner list >------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 13 18:21:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:12 2006 Subject: "Banned Content" question - No luck; still getting "Content Check" messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I didn't think it would make any difference, but it was worth a try. If you switch off the disarm setting of all the HTML content checks, and also switch off the phishing net, does it then work okay? Just trying to narrow down where the problem might be. Have you tried upgrading to the latest HTML::Parser? There might be some state bugs in there. It stinks of being an uninitialised variable. I've checked the DisarmHTMLEntity code pretty closely and can't find anything wrong there. Quentin Campbell wrote: >Julian > >Initialising those variables in Message.pm has not had any effect. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>Sent: 13 January 2005 18:03 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - still getting >>"Content Check" messages >> >>Julian >> >>You gave me a version of Message.pm in late December to test out a >>phishing net improvement. This already had "$DisarmInsideLink = 0;". >> >>However I have initialised the other variables you suggested. Will let >>you know what happens. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>--------------------------------------------------------------- >>--------- >>"Any opinion expressed above is mine. The University can get >>its own." >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 13 January 2005 15:05 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question - still getting >>>"Content Check" messages >>> >>>1 more: >>>There is a line in Message.pm that says >>> >>>$DisarmInsideLink = ""; >>> >>>Change it to say >>> >>>$DisarmInsideLink = 0; >>> >>>You might be hitting a Perl bug, which would explain the fact >>> >>> >>you can't >> >> >>>reproduce the problem reliably. >>> >>>Julian Field wrote: >>> >>> >>> >>>>A minor bugfix to Message.pm which probably won't make any >>>> >>>> >>>difference, >>> >>> >>>>but is still worth a try. >>>> >>>>@@ -3687,6 +3687,13 @@ >>>> #print STDERR "Tags to convert are " . >>>> >>>> >>>$this->{tagstoconvert} . "\n"; >>> >>> >>>> # Set the disarm booleans for this message >>>>+ $DisarmFormTag = 0; >>>>+ $DisarmScriptTag = 0; >>>>+ $DisarmCodebaseTag = 0; >>>>+ $DisarmCodebaseTag = 0; >>>>+ $DisarmIframeTag = 0; >>>>+ $DisarmWebBug = 0; >>>>+ $DisarmPhishing = 0; >>>> $DisarmFormTag = 1 if $this->{tagstoconvert} =~ /form/i; >>>> $DisarmScriptTag = 1 if $this->{tagstoconvert} =~ /script/i; >>>> $DisarmCodebaseTag = 1 if $this->{tagstoconvert} =~ /codebase/i; >>>> >>>>I'm afraid I can't think of much else. All the other variables are >>>>initialised, and these few just maintain state for the particular >>>>message, they don't hold any message content. >>>> >>>>Quentin Campbell wrote: >>>> >>>> >>>> >>>>>Julian >>>>> >>>>>I have applied your SMDiskStore.pm changes as well as set >>>>> >>>>> >>>"Allow WebBugs >>> >>> >>>>>= yes". >>>>> >>>>>However we are still getting corrupted HTML in >>>>> >>>>> >>multipart/alternative >> >> >>>>>message. These are all accompanied with "Content Checks: >>>>> >>>>> >>>Detected and >>> >>> >>>>>will disarm HTML message in ..." messages in the Sendmail >>>>> >>>>> >>>log. This is >>> >>> >>>>>happening on both 4.35.10 and 4.37.7 systems. >>>>> >>>>>Unfortunately the problem is INTERMITTENT and it cannot be >>>>> >>>>> >>>repeated by >>> >>> >>>>>sending the same message again to the same recipient. :-( >>>>> >>>>>The "Content Checks:" message is misleading since I am no >>>>> >>>>> >>>longer using >>> >>> >>>>>the "disarm" content action anywhere, either in >>>>> >>>>> >>>MailScanner.conf or in >>> >>> >>>>>the MailScanner rules files. Where I specify an action to >>>>> >>>>> >>>deal with HTML >>> >>> >>>>>content it only uses "striphtml". >>>>> >>>>>Why then is MailScanner telling me it is "disarming" HTML >>>>> >>>>> >>>when I have >>> >>> >>>>>not asked it to? >>>>> >>>>>This is really getting frustrating and more users are >>>>> >>>>> >>>complaining. :-( >>> >>> >>>>>PS I note that I applied two patches from you late last year to the >>>>>4.35.10 system; >>>>> these were to SMDiskStore.pm and SweepContent.pm. >>>>> >>>>>Quentin >>>>>--- >>>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>> University of Newcastle, >>>>> Newcastle upon Tyne, >>>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>> >>>>> >>>>> >>>--------------------------------------------------------------- >>>--------- >>> >>> >>>>>"Any opinion expressed above is mine. The University can >>>>> >>>>> >>>get its own." >>> >>> >>>>> >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: MailScanner mailing list >>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>>>>Sent: 13 January 2005 11:33 >>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>Subject: Re: "Banned Content" question - Lock/Unlock does not >>>>>>fix problem >>>>>> >>>>>>Julian >>>>>> >>>>>>The mods to subs "Lock" and "Unlock" have not fixed the problem. >>>>>> >>>>>>It appears to be also present on a 4.37.7-1 system. As this >>>>>>has the same >>>>>>Lock/Unlock code that should not be a surprise. >>>>>> >>>>>>I will now allow web bugs to see if the corruption stops. >>>>>> >>>>>>Quentin >>>>>>--- >>>>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>>>> University of Newcastle, >>>>>> Newcastle upon Tyne, >>>>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>--------------------------------------------------------------- >>>>>>--------- >>>>>>"Any opinion expressed above is mine. The University can get >>>>>>its own." >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>-----Original Message----- >>>>>>>From: MailScanner mailing list >>>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >>>>>>>Sent: 13 January 2005 08:50 >>>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>>code problem >>>>>>> >>>>>>>Julian >>>>>>> >>>>>>>You had already given me a new SMDiskStore.pm module, dated >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>16 December >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>to try. The locking code in this differs from the new >>>>>>> >>>>>>> >>>code you want me >>> >>> >>>>>>>to try as follows: >>>>>>> >>>>>>>< #JKF MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>>< close($this->{indhandle}); >>>>>>>--- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> # Now we lock the df file as well, we must unlock it too. >>>>>>>> MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>>> #close($this->{indhandle}); >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>I have made the change as above and will let you know >>>>>>> >>>>>>> >>>what happens. I >>> >>> >>>>>>>also note that the new code is in the MailScanner-4.37.7-1 >>>>>>>SMDiskStore.pm which I was planning to move to anyway. >>>>>>> >>>>>>>I have not touched the "Allow WebBugs = disarm" setting >>>>>>> >>>>>>> >>>which I assume >>> >>> >>>>>>>is an essential part of the test of the changes to >>>>>>> >>>>>>> >>SMDiskStore.pm. >> >> >>>>>>>Quentin >>>>>>>--- >>>>>>>PHONE: +44 191 222 8209 Information Systems and >>>>>>> >>>>>>> >>Services (ISS), >> >> >>>>>>> University of Newcastle, >>>>>>> Newcastle upon Tyne, >>>>>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>>--------------------------------------------------------------- >>>>>>>--------- >>>>>>>"Any opinion expressed above is mine. The University can get >>>>>>>its own." >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>-----Original Message----- >>>>>>>>From: MailScanner mailing list >>>>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>>>Sent: 12 January 2005 16:02 >>>>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>>>code problem >>>>>>>> >>>>>>>>In which case try editing SMDiskStore.pm and replace the >>>>>>>> >>>>>>>> >>>sub Lock and >>> >>> >>>>>>>>sub Unlock with this code: >>>>>>>> >>>>>>>># Open and lock the message >>>>>>>>sub Lock { >>>>>>>>my $this = shift; >>>>>>>> >>>>>>>>#print STDERR "About to lock " . $this->{hpath} . " and " . >>>>>>>># $this->{dpath} . "\n"; >>>>>>>>MailScanner::Lock::openlock($this->{inhhandle}, '+<' . >>>>>>>>$this->{hpath}, >>>>>>>>'w', 'quiet') >>>>>>>> or return undef; >>>>>>>>#print STDERR "Got hlock\n"; >>>>>>>> >>>>>>>># If locking the dfile fails, then must close and unlock the >>>>>>>>qffile too >>>>>>>># 14/12/2004 Try putting this back in for now. >>>>>>>>unless (MailScanner::Lock::openlock($this->{indhandle}, >>>>>>>> '+<' . $this->{dpath}, 'w', 'quiet')) { >>>>>>>> #JKF 14/12/2004 open($this->{indhandle}, '+<' . >>>>>>>>$this->{dpath})) { >>>>>>>> MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>>>> return undef; >>>>>>>>} >>>>>>>>#print STDERR "Got dlock\n"; >>>>>>>>return undef unless $this->{inhhandle} && $this->{indhandle}; >>>>>>>>return 1; >>>>>>>>} >>>>>>>> >>>>>>>> >>>>>>>># Close and unlock the message >>>>>>>>sub Unlock { >>>>>>>>my $this = shift; >>>>>>>> >>>>>>>># Now we lock the df file as well, we must unlock it too. >>>>>>>>MailScanner::Lock::unlockclose($this->{indhandle}); >>>>>>>>#close($this->{indhandle}); >>>>>>>>MailScanner::Lock::unlockclose($this->{inhhandle}); >>>>>>>>} >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>Quentin Campbell wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>Julian >>>>>>>>> >>>>>>>>>The version of MailScanner on which I have seen the problem >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>is 4.35.10. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>Quentin >>>>>>>>>--- >>>>>>>>>PHONE: +44 191 222 8209 Information Systems and >>>>>>>>> >>>>>>>>> >>>Services (ISS), >>> >>> >>>>>>>>> University of Newcastle, >>>>>>>>> Newcastle upon Tyne, >>>>>>>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>>>>-------------------------------------------------------------- >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>---------- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>"Any opinion expressed above is mine. The University can get >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>its own." >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>>-----Original Message----- >>>>>>>>>>From: MailScanner mailing list >>>>>>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>>>>>Sent: 12 January 2005 15:30 >>>>>>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>>>Subject: Re: "Banned Content" question - possibly a Web Bug >>>>>>>>>>code problem >>>>>>>>>> >>>>>>>>>>What version of MailScanner are you using? I slightly >>>>>>>>>> >>>>>>>>>> >>>improved the >>> >>> >>>>>>>>>>locking code (took out an "improvement" I made a long time >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>ago which I >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>only made after lots of people requested it) in 4.37. It now >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>locks the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>df as well as the qf, which slows down delivery >>>>>>>>>> >>>>>>>>>> >>>slightly in some >>> >>> >>>>>>>>>>situations, but appears to be more reliable than just >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>locking the qf. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>>Quentin Campbell wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>>-----Original Message----- >>>>>>>>>>>>From: MailScanner mailing list >>>>>>>>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>>>>>>>>>Sent: 12 January 2005 11:53 >>>>>>>>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>>>>>>>Subject: Re: "Banned Content" question - a related problem >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>From: MailScanner mailing list >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>>>Behalf Of Quentin Campbell >>>>>>>>>>>>> >>>>>>>>>>>>>All the systems are now up2date as far as RH AS 3 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>patches are >>> >>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>concerned. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>All the systems use the Sendmail that comes with these >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>system; the last >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>time they were updated this was Sendmail 8.12.11. I use >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>the default >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>>>locking in MailScanner. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>I also had this problem on sendmail 8.12.10. After changing >>>>>>>>>>>>the locking to posix, the problem was gone. So, although the >>>>>>>>>>>>docs state that the locking problem occurs only >>>>>>>>>>>> >>>>>>>>>>>> >>from 8.13 on, > > >>>>>>>>>>>>it seems that also some 8.12 versions are affected. >>>>>>>>>>>> >>>>>>>>>>>> >>>Please set >>> >>> >>>>>>>>>>>>the locking mechanism to "posix" and see if it solves >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>your problem. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>I will do this as a last resort. There are four reasons why >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>I want to >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>investigate other things first. In particular I want >>>>>>>>>>> >>>>>>>>>>> >>>to capture a >>> >>> >>>>>>>>>>>message before then after it has gone through >>>>>>>>>>> >>>>>>>>>>> >>>MailSanner and got >>> >>> >>>>>>>>>>>corrupted: >>>>>>>>>>> >>>>>>>>>>>1. Locking works OK on RH AS 3 systems with an >>>>>>>>>>> >>>>>>>>>>> >>>up-to-date kernel. >>> >>> >>>>>>>>>>>2. The symptoms we are seeing do not appear to be >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>repeatable so far >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>>>>>which makes conclusive testing difficult. >>>>>>>>>>>3. I have looked for other evidence of locking problems but >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>cannot find >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>any. For example I can show that all messages tagged >>>>>>>>>>> >>>>>>>>>>> >>>as spam by >>> >>> >>>>>>>>>>>MailScanner have been tagged once only. If there is a >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>locking problem >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>you will see the same message (ie. same Sendmail QID) being >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>tagged as >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>spam more than once by two or more MS processes. >>>>>>>>>>>4. The problem appears related to the Web Bug check. I will >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>switch that >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>off first. See below for more details of this. >>>>>>>>>>> >>>>>>>>>>>Having looked further at the problem it appears to be >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>related to MIME >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>multipart/alternative messages having all or part of >>>>>>>>>>> >>>>>>>>>>> >>>the HTML part >>> >>> >>>>>>>>>>>corrupted. The text part is not being affected. >>>>>>>>>>> >>>>>>>>>>>In all of the cases the logs show that MailScanner has >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>"disarmed" the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>HTML content. Since I only "disarm" Web Bugs it appears >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>that there may >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>be a bug in the Web Bugs code that causes an intermittent >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>problem. This >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>suspicion is reinforced by the observation that the problem >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>appears to >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>have started when I enabled the Web Bug check late last >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>year. I will >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>>>first of all try "Allow WebBugs = yes" and see what happens. >>>>>>>>>>> >>>>>>>>>>>Quentin >>>>>>>>>>> >>>>>>>>>>>------------------------ MailScanner list >>>>>>>>>>> >>>>>>>>>>> >>>------------------------ >>> >>> >>>>>>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>>'leave mailscanner' in the body of the email. >>>>>>>>>>>Before posting, read the MAQ >>>>>>>>>>> >>>>>>>>>>> >>>(http://www.mailscanner.biz/maq/) and >>> >>> >>>>>>>>>>>the archives >>>>>>>>>>> >>>>>>>>>>> >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> >>>>>>>>>>>Support MailScanner development - buy the book off >>>>>>>>>>> >>>>>>>>>>> >>>the website! >>> >>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>-- >>>>>>>>>>Julian Field >>>>>>>>>>www.MailScanner.info >>>>>>>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>> >>>>>>>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >>>>>>>>>> >>>>>>>>>> >>>1415 B654 >>> >>> >>>>>>>>>>------------------------ MailScanner list >>>>>>>>>> >>>>>>>>>> >>>------------------------ >>> >>> >>>>>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>>'leave mailscanner' in the body of the email. >>>>>>>>>>Before posting, read the MAQ >>>>>>>>>> >>>>>>>>>> >>>(http://www.mailscanner.biz/maq/) and >>> >>> >>>>>>>>>>the archives >>>>>>>>>> >>>>>>>>>> >>>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> >>>>>>>>>>Support MailScanner development - buy the book off >>>>>>>>>> >>>>>>>>>> >>the website! >> >> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>------------------------ MailScanner list >>>>>>>>> >>>>>>>>> >>>------------------------ >>> >>> >>>>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>>'leave mailscanner' in the body of the email. >>>>>>>>>Before posting, read the MAQ >>>>>>>>> >>>>>>>>> >>>(http://www.mailscanner.biz/maq/) and >>> >>> >>>>>>>>>the archives >>>>>>>>> >>>>>>>>> >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >>>>>>>>>Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>-- >>>>>>>>Julian Field >>>>>>>>www.MailScanner.info >>>>>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> >>>>>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>> >>>>>>>>------------------------ MailScanner list >>>>>>>> >>>>>>>> >>>------------------------ >>> >>> >>>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>'leave mailscanner' in the body of the email. >>>>>>>>Before posting, read the MAQ >>>>>>>> >>>>>>>> >>>(http://www.mailscanner.biz/maq/) and >>> >>> >>>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>>Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>------------------------ MailScanner list >>>>>>> >>>>>>> >>------------------------ >> >> >>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>'leave mailscanner' in the body of the email. >>>>>>>Before posting, read the MAQ >>>>>>> >>>>>>> >>(http://www.mailscanner.biz/maq/) and >> >> >>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>>Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 13 18:29:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:12 2006 Subject: "Banned Content" question - It is an old problem it seems. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What did you do in late December? Quentin Campbell wrote: >It appeared to be related to the corrupted HTML problem we started >experiencing in late December. However I am not aware of the corrupted >HTML problem also being around in July. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From georgelist at CONPOINT.COM Thu Jan 13 22:55:15 2005 From: georgelist at CONPOINT.COM (george) Date: Thu Jan 12 21:28:12 2006 Subject: Problems with mail backing up Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have been having a problem with the MS incoming queue getting backed up and slowing down delivery time substantially. We also have many users who do not want spam filtering. Currently we are whitelisting these users, but we were wondering if there is a way to keep emails for these users from even going through MS in the first place. We are hoping that bypassing MS for these users will relieve the load thereby speeding up delivery time. We are using Postfix. Thanks for any suggestions or ideas that you may have. George Edwards Connecting Point Computer Center Internet Department 402.371.4530 x212 http://www.conpoint.com gtedwards@conpoint.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jan 13 23:04:28 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:12 2006 Subject: Problems with mail backing up Message-ID: Point your Spam Checks = directive to a ruleset: FromTo: lazy_user@domain.com no FromTo: other_lazy_user@domain.com no FromTo: default yes Are you running a local caching nameserver on the mailbox? Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of george Sent: Thursday, January 13, 2005 4:55 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Problems with mail backing up We have been having a problem with the MS incoming queue getting backed up and slowing down delivery time substantially. We also have many users who do not want spam filtering. Currently we are whitelisting these users, but we were wondering if there is a way to keep emails for these users from even going through MS in the first place. We are hoping that bypassing MS for these users will relieve the load thereby speeding up delivery time. We are using Postfix. Thanks for any suggestions or ideas that you may have. George Edwards Connecting Point Computer Center Internet Department 402.371.4530 x212 http://www.conpoint.com gtedwards@conpoint.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Fri Jan 14 00:30:46 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:12 2006 Subject: MailScanner Proxy and client IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We are running MailScanner as a mail proxy ( filter) in-between our corporate mail server and our MTA. Because of this we get the address of the MTA for the clientip when we get incoming mail. Is there an easy fix for this, so that the clientip field is who our MTA is receiving the mail from? Thanks in Advance John Crossan Systems Administrator Valley Presbyterian Hospital ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Fri Jan 14 00:37:21 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:12 2006 Subject: We are receiving a lot of bank Phishing emails. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We are receiving a lot of bank Phishing emails. ClamAV recognizes them and they are quarantined. I would like to forward these to uce@fte.gov or a more appropriate government agency to track down these criminals. When I get email that has a script in it or a bad filename I can check Release and Alternate Recipient(s): and fill in an address and it works. When I get a Phishing virus there is no release box to check and when I check Alternate Recipient (s): and fill in an address and it Does Not work. What is the best way to catch these criminals and can it be placed on "auto-pilot"? HTML.Phishing.Bank-1 is our top "virus" as detected by ClamAV. Since using MailScanner the count is now 582 for the "HTML.Phishing.Bank-1" Thanks in Advance John Crossan Systems Administrator Valley Presbyterian Hospital ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at langherd.com Fri Jan 14 07:05:33 2005 From: john at langherd.com (John P. Lang) Date: Thu Jan 12 21:28:12 2006 Subject: Question about the MailScanner book Message-ID: Sorry to post this question here... Does the book contain any detailed info about writing custom functions? Thanx, John ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 14 09:11:40 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:12 2006 Subject: Question about the MailScanner book Message-ID: (Flipping through the book, perusing the index...) Not really, not if you're after complete annotated examples. There is info on the rationale for, and expectations on, a Custom Function though. The meaty/gory examples are in the package. Anyway, if your're thinking of buying the book, it's a good idea if for nothing else than it being a good way to make your PHB pay Julian a (small, but still) tribute:-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John P. Lang > Sent: den 14 januari 2005 08:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Question about the MailScanner book > > > Sorry to post this question here... > > Does the book contain any detailed info about writing custom > functions? > > Thanx, > > John > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Jan 14 09:18:25 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:12 2006 Subject: "Banned Content" question - It is an old problem it seems. Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 13 January 2005 18:30 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - It is an old problem it seems. > >What did you do in late December? > >Quentin Campbell wrote: > >>It appeared to be related to the corrupted HTML problem we started >>experiencing in late December. However I am not aware of the corrupted >>HTML problem also being around in July. [snip] In December: 1. Tested some changes you made to Message.pm and SMDiskStore.pm on 4.35.10-1. 2. Started using the WebBug = disarm feature. 3. Ran 'up2date' on the 8 x RedHat AS 3 boxes on which MailScanner runs. 4. Upgraded to 4.37.7-1 on one of these 8 boxes. Updating RedHat AS 3 almost certainly installed a new version of Perl. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 14 09:19:17 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:12 2006 Subject: We are receiving a lot of bank Phishing emails. Message-ID: Sounds like you're using MailWatch. MW will not let you do this, true, but the solution isn't that much more complex... Unless you really don't like the commandline:-). Simply sendmail alternat@addre.ss < /path/to/MailScanner/quarantine///message and you should be fine. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Crossan > Sent: den 14 januari 2005 01:37 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: We are receiving a lot of bank Phishing emails. > > > We are receiving a lot of bank Phishing emails. > ClamAV recognizes them and they are quarantined. > I would like to forward these to uce@fte.gov or a more appropriate > government agency to track down these criminals. > When I get email that has a script in it or a bad filename I can check > Release and Alternate Recipient(s): and fill in an address > and it works. > When I get a Phishing virus there is no release box to check > and when I > check Alternate Recipient (s): and fill in an address and it > Does Not work. > What is the best way to catch these criminals and can it be placed on > "auto-pilot"? > HTML.Phishing.Bank-1 is our top "virus" as detected by ClamAV. > > Since using MailScanner the count is now 582 for > the "HTML.Phishing.Bank-1" > > Thanks in Advance > John Crossan > Systems Administrator > Valley Presbyterian Hospital > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 14 10:02:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:12 2006 Subject: "Banned Content" question - It is an old problem it seems. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 13 January 2005 18:30 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - It is an old problem it seems. >> >>What did you do in late December? >> >>Quentin Campbell wrote: >> >> >> >>>It appeared to be related to the corrupted HTML problem we started >>>experiencing in late December. However I am not aware of the corrupted >>>HTML problem also being around in July. >>> >>> >[snip] > >In December: > >1. Tested some changes you made to Message.pm and SMDiskStore.pm on >4.35.10-1. >2. Started using the WebBug = disarm feature. >3. Ran 'up2date' on the 8 x RedHat AS 3 boxes on which MailScanner runs. >4. Upgraded to 4.37.7-1 on one of these 8 boxes. > >Updating RedHat AS 3 almost certainly installed a new version of Perl. > > And you are only getting the problem on the machine involved in item 4? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Jan 14 12:23:18 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:12 2006 Subject: "Banned Content" question - It is an old problem it seems. Message-ID: [snip] >>In December: >> >>1. Tested some changes you made to Message.pm and SMDiskStore.pm on >>4.35.10-1. >>2. Started using the WebBug = disarm feature. >>3. Ran 'up2date' on the 8 x RedHat AS 3 boxes on which >MailScanner runs. >>4. Upgraded to 4.37.7-1 on one of these 8 boxes. >> >>Updating RedHat AS 3 almost certainly installed a new version of Perl. >> >> >And you are only getting the problem on the machine involved in item 4? > I am getting it on the modified 4.35.10-1 systems. I have not yet seen an example on the 4.37.7-1 system which is not to say that it is not happening. I am starting to upgrade the other machines to 4.37.7-1 so that at least all 8 relays are running a consistent system. Then I will see where we are with the problem. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jan 14 13:26:20 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:12 2006 Subject: Dovecot - pop-before-smtp Message-ID: You should enable SMTP AUTH instead. POP before SMTP is unreliable and, in the worst of cases, spoofable. Implementing SMTP AUTH adds an extra measure of protection, since your server will (and shouldn't ever) relay any message without proper authentication. ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Wess Bechard Sent: Thursday, January 13, 2005 10:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Dovecot - pop-before-smtp Marcel, This may not be the answer you are looking for, but consider using smtp authentication with cyrus-sasl or similar software. I have been using pop-before-smtp with MS and postfix for over 6 months now. Pop-before-smtp has given me so many problems that I have been forced to dump it. The perl and C versions randomly crash for me after a few hours. Cyrus-SASL is a great solution, and is much more secure, especially if you have remote users. On Thu, 2005-01-13 at 09:56, Marcel Blenkers wrote: Hi there, maybe someone on this list could help me, as the ml of pop-before-smtp seems not work at all ;) Heard of dovecot on this ml and saw that this would be a pop3/imap-daemon, which could help me a lot.. so i tried the pop-before-smtp-programm, as stated on the website..and managed to get it working.. now my problem is the following.. it seems that my berkley db and the Module DB_File are way uptodate (yes, that could happen ;) as they produce a db-file with version 8..but i do need version 7. access.db: Berkeley DB (Hash, version 7, native byte-order) popauth.db: Berkeley DB (Hash, version 8, native byte-order) due to the fact that the file popauth.db is not really version 7, sendmail is not able to read and use it.. So..maybe some of the geeks in here could help? :) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/ ) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Fri Jan 14 14:17:10 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:12 2006 Subject: Dovecot - pop-before-smtp Message-ID: > You should enable SMTP AUTH instead. POP before SMTP is > unreliable and, in the worst of cases, spoofable. > Implementing SMTP AUTH adds an extra measure of protection, > since your server will (and shouldn't ever) relay any message > without proper authentication. > POP before SMTP also causes headaches for users on dialup or satellite. SMTP AUTH is the way to go Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Fri Jan 14 15:32:56 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:12 2006 Subject: We are receiving a lot of bank Phishing emails. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steen, Glenn > Sent: Friday, January 14, 2005 4:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: We are receiving a lot of bank Phishing emails. > > Sounds like you're using MailWatch. MW will not let you do this, > true, but the solution isn't that much more complex... Unless you > really don't like the commandline:-). > Simply > sendmail alternat@addre.ss < > /path/to/MailScanner/quarantine///message > and you should be fine. > > -- Glenn > I don't think this will work. I will just be caught again by ClamAV. Possibly a rule for Virus Scanning = that looks at the To: address: To: user@somedoamin.com no ToOrFrom: default yes Where user@somedomain.co is the recipient of the virus :) Might be work. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Fri Jan 14 16:34:34 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:12 2006 Subject: Dovecot - pop-before-smtp Message-ID: Hi there, > > > POP before SMTP also causes headaches for users on dialup or satellite. > SMTP AUTH is the way to go > > after fumbling around a bit switched over to smtp auth.. thanks :) Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Fri Jan 14 16:40:49 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:28:12 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Following up with more details on my own email......... > We have two mail servers running on Solaris 9 Sparc. Sendmail 8.12.10 > utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier > today, one of our large mailing lists got hit a couple of times and > the servers got a bit busy. However, something went wrong and /tmp > filled up with > spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands were > created in a short time, running /tmp out of i-nodes and thus > effectively stopping MailScanner. > > Killing MailScanner, cleaning /tmp and restarting would then reproduce > the problem again soon after. I truss'd the output of a few of the > MailScanner processes that were going bad and all they were doing was > trying to open new files in /tmp. We have further discovered that this problem definitely only occurs when MailScanner is set to use SpamAssassin. Switch off SpamAssassin and there are zero problems. So, being relatively unknowledgable about MailScanner, the question that comes up is what is creating these temporary files? It is either SpamAssassin itself or something in MailScanner that gets switched on when you tell it to use SpamAssassin. Can anybody offer any guidance on whether MailScanner itself creates these files? Cheers Ade -- ___________________________________________________ Ade Fewings MEng School of Informatics, University of Wales, Bangor, Dean Street, Bangor, Gwynedd. LL57 1UT. UK. ade@informatics.bangor.ac.uk www.informatics.bangor.ac.uk/~ade Tel: +44 (0)1248 382736 Fax: +44 (0)1248 361429 ___________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Fri Jan 14 16:52:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:12 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ade Fewings wrote: > Following up with more details on my own email......... > >> We have two mail servers running on Solaris 9 Sparc. Sendmail 8.12.10 >> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier >> today, one of our large mailing lists got hit a couple of times and >> the servers got a bit busy. However, something went wrong and /tmp >> filled up with >> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands were >> created in a short time, running /tmp out of i-nodes and thus >> effectively stopping MailScanner. >> >> Killing MailScanner, cleaning /tmp and restarting would then reproduce >> the problem again soon after. I truss'd the output of a few of the >> MailScanner processes that were going bad and all they were doing was >> trying to open new files in /tmp. > > > We have further discovered that this problem definitely only occurs when > MailScanner is set to use SpamAssassin. Switch off SpamAssassin and > there are zero problems. So, being relatively unknowledgable about > MailScanner, the question that comes up is what is creating these > temporary files? It is either SpamAssassin itself or something in > MailScanner that gets switched on when you tell it to use SpamAssassin. > > Can anybody offer any guidance on whether MailScanner itself creates > these files? Advise you try increasing SpamAssassin Timeout in MailScanner.conf. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 14 17:45:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:12 2006 Subject: Beta 4.38.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released beta version 4.38.1. Main addition is it can now detect numeric IP addresses in the phishing net. I know there's already a SpamAssassin rule for this, but someone wanted an inline alert as well. Download as usual from www.mailscanner.info. Changelog is: * New Features and Improvements * - Upgraded to MIME-tools 5.416. - Added new filename restrictions using Microsoft vulnerability report from AUScert. - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work Dir and Incoming Queue Dir automatically from MailScanner.conf file. - Can now use $from, $id and $subject in inline signature for signing clean messages. - Any entry in the "Archive Mail" setting can contain _DATE_ which will be replaced with the current date in yyyymmdd form, so you can backup or move yesterday's archive safely knowing that it won't be written to today. - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to cause problems. - Added "Also Find Numeric Phishing" setting (on by default) so that all numeric IP addresses in links are flagged as being dangerous. * Fixes * - Fixed problem where some spam was delivered even if the Spam Actions was set to "store delete" if the messages were not to be virus-scanned. - Fixed harmless uninitialised variables in HTML disarming. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Fri Jan 14 17:55:40 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:12 2006 Subject: We are receiving a lot of bank Phishing emails. Message-ID: I have a rule to not scan anything from localhost so I could send without being re-detected. I was looking for some way of placing the process on auto-pilot. I know that MailScanner can recognize and store/forward all viruses /spam. I was hoping that there was someone with experience that is already automatically forwarding (including the necessary headers) just the bank Phishing to the appropriate Law enforcement agency. I would want to forward the original message, not the processed one that has a substitute text message/file instead of the virus. Thanks in advance John Crossan Systems Administrator Valley Presbyterian Hospital -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Steve Swaney Sent: Friday, January 14, 2005 7:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: We are receiving a lot of bank Phishing emails. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steen, Glenn > Sent: Friday, January 14, 2005 4:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: We are receiving a lot of bank Phishing emails. > > Sounds like you're using MailWatch. MW will not let you do this, > true, but the solution isn't that much more complex... Unless you > really don't like the commandline:-). > Simply > sendmail alternat@addre.ss < > /path/to/MailScanner/quarantine///message > and you should be fine. > > -- Glenn > I don't think this will work. I will just be caught again by ClamAV. Possibly a rule for Virus Scanning = that looks at the To: address: To: user@somedoamin.com no ToOrFrom: default yes Where user@somedomain.co is the recipient of the virus :) Might be work. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Fri Jan 14 18:39:29 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:28:12 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Ade Fewings wrote: > >> Following up with more details on my own email......... >> >>> We have two mail servers running on Solaris 9 Sparc. Sendmail 8.12.10 >>> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier >>> today, one of our large mailing lists got hit a couple of times and >>> the servers got a bit busy. However, something went wrong and /tmp >>> filled up with >>> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands were >>> created in a short time, running /tmp out of i-nodes and thus >>> effectively stopping MailScanner. >>> >>> Killing MailScanner, cleaning /tmp and restarting would then reproduce >>> the problem again soon after. I truss'd the output of a few of the >>> MailScanner processes that were going bad and all they were doing was >>> trying to open new files in /tmp. >> >> >> >> We have further discovered that this problem definitely only occurs when >> MailScanner is set to use SpamAssassin. Switch off SpamAssassin and >> there are zero problems. So, being relatively unknowledgable about >> MailScanner, the question that comes up is what is creating these >> temporary files? It is either SpamAssassin itself or something in >> MailScanner that gets switched on when you tell it to use SpamAssassin. >> >> Can anybody offer any guidance on whether MailScanner itself creates >> these files? > > > Advise you try increasing > SpamAssassin Timeout > in MailScanner.conf. > Thanks for this guidance, but it hasn't worked. I quadrupled the SpamAssassin timeout and got the same behaviour. Additionally, I have had the chance to see a bad MailScanner process in action when things are going wrong. The whole process of creating a couple of hundred thousand takes less than twenty seconds and truss'ing the process itself shows endless pages of the following sprawling past very quickly: open64("/tmp/spamassassin.19296.zEQAlU.tmp", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 close(256) = 0 open64("/tmp/spamassassin.19296.6s0hxi.tmp", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 close(256) = 0 open64("/tmp/spamassassin.19296.4c61CQ.tmp", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 close(256) = 0 open64("/tmp/spamassassin.19296.uPHYoK.tmp", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 close(256) = 0 ..... I've tried upgrading MIME::Tools to 5.416 and SpamAssassin to 3.0.2 with no success. I am now rather clueless. Thanks for your help Ade -- ___________________________________________________ Ade Fewings MEng School of Informatics, University of Wales, Bangor, Dean Street, Bangor, Gwynedd. LL57 1UT. UK. ade@informatics.bangor.ac.uk www.informatics.bangor.ac.uk/~ade Tel: +44 (0)1248 382736 Fax: +44 (0)1248 361429 ___________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From Denis.Beauchemin at USHERBROOKE.CA Fri Jan 14 18:59:05 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:12 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ade Fewings wrote: > Julian Field wrote: > >> Ade Fewings wrote: >> >>> Following up with more details on my own email......... >>> >>>> We have two mail servers running on Solaris 9 Sparc. Sendmail 8.12.10 >>>> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier >>>> today, one of our large mailing lists got hit a couple of times and >>>> the servers got a bit busy. However, something went wrong and /tmp >>>> filled up with >>>> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands were >>>> created in a short time, running /tmp out of i-nodes and thus >>>> effectively stopping MailScanner. >>>> >>>> Killing MailScanner, cleaning /tmp and restarting would then reproduce >>>> the problem again soon after. I truss'd the output of a few of the >>>> MailScanner processes that were going bad and all they were doing was >>>> trying to open new files in /tmp. >>> >>> >>> >>> >>> We have further discovered that this problem definitely only occurs >>> when >>> MailScanner is set to use SpamAssassin. Switch off SpamAssassin and >>> there are zero problems. So, being relatively unknowledgable about >>> MailScanner, the question that comes up is what is creating these >>> temporary files? It is either SpamAssassin itself or something in >>> MailScanner that gets switched on when you tell it to use SpamAssassin. >>> >>> Can anybody offer any guidance on whether MailScanner itself creates >>> these files? >> >> >> >> Advise you try increasing >> SpamAssassin Timeout >> in MailScanner.conf. >> > Thanks for this guidance, but it hasn't worked. I quadrupled the > SpamAssassin timeout and got the same behaviour. Additionally, I have > had the chance to see a bad MailScanner process in action when things > are going wrong. The whole process of creating a couple of hundred > thousand takes less than twenty seconds and truss'ing the process itself > shows endless pages of the following sprawling past very quickly: > > open64("/tmp/spamassassin.19296.zEQAlU.tmp", > O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 > close(256) = 0 > open64("/tmp/spamassassin.19296.6s0hxi.tmp", > O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 > close(256) = 0 > open64("/tmp/spamassassin.19296.4c61CQ.tmp", > O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 > close(256) = 0 > open64("/tmp/spamassassin.19296.uPHYoK.tmp", > O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 > close(256) = 0 > ..... > Ade, Anything wrong with /tmp permissions? Mine (on Linux) looks like: ls -ld /tmp drwxrwxrwt 14 root root 16384 jan 14 13:58 /tmp/ Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ade at INFORMATICS.BANGOR.AC.UK Fri Jan 14 19:14:57 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:28:12 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Ade Fewings wrote: > >> Julian Field wrote: >> >>> Ade Fewings wrote: >>> >>>> Following up with more details on my own email......... >>>> >>>>> We have two mail servers running on Solaris 9 Sparc. Sendmail >>>>> 8.12.10 >>>>> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier >>>>> today, one of our large mailing lists got hit a couple of times and >>>>> the servers got a bit busy. However, something went wrong and /tmp >>>>> filled up with >>>>> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands were >>>>> created in a short time, running /tmp out of i-nodes and thus >>>>> effectively stopping MailScanner. >>>>> >>>>> Killing MailScanner, cleaning /tmp and restarting would then >>>>> reproduce >>>>> the problem again soon after. I truss'd the output of a few of the >>>>> MailScanner processes that were going bad and all they were doing was >>>>> trying to open new files in /tmp. >>>> >>>> >>>> >>>> >>>> >>>> We have further discovered that this problem definitely only occurs >>>> when >>>> MailScanner is set to use SpamAssassin. Switch off SpamAssassin and >>>> there are zero problems. So, being relatively unknowledgable about >>>> MailScanner, the question that comes up is what is creating these >>>> temporary files? It is either SpamAssassin itself or something in >>>> MailScanner that gets switched on when you tell it to use >>>> SpamAssassin. >>>> >>>> Can anybody offer any guidance on whether MailScanner itself creates >>>> these files? >>> >>> >>> >>> >>> Advise you try increasing >>> SpamAssassin Timeout >>> in MailScanner.conf. >>> >> Thanks for this guidance, but it hasn't worked. I quadrupled the >> SpamAssassin timeout and got the same behaviour. Additionally, I have >> had the chance to see a bad MailScanner process in action when things >> are going wrong. The whole process of creating a couple of hundred >> thousand takes less than twenty seconds and truss'ing the process itself >> shows endless pages of the following sprawling past very quickly: >> >> open64("/tmp/spamassassin.19296.zEQAlU.tmp", >> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >> close(256) = 0 >> open64("/tmp/spamassassin.19296.6s0hxi.tmp", >> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >> close(256) = 0 >> open64("/tmp/spamassassin.19296.4c61CQ.tmp", >> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >> close(256) = 0 >> open64("/tmp/spamassassin.19296.uPHYoK.tmp", >> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >> close(256) = 0 >> ..... >> > > Ade, > > Anything wrong with /tmp permissions? Mine (on Linux) looks like: > ls -ld /tmp > drwxrwxrwt 14 root root 16384 jan 14 13:58 /tmp/ > > Denis > Denis, There doesn't appear to be: drwxrwxrwt 3 root sys 256 Jan 14 19:08 tmp The group being sys is normal for Solaris and all our machines have always used that. The problem only seems to occur when one of the mail servers comes under a bit of a load, such as a mailing list type thing. I watched the incoming queues go up to 600 on each server earlier and things were fine. In both servers, MailScanner was going fine until the incoming mail queue got down to between 250-300 and then it behaved as above and I had to restart and (unfortunately) pass some mail without running SpamAssassin over it as the problem kept occurring if I cleaned /tmp and restarted MailScanner. I'm thinking of trying a new Perl build now......really have no other ideas left. Thanks Ade -- ___________________________________________________ Ade Fewings MEng School of Informatics, University of Wales, Bangor, Dean Street, Bangor, Gwynedd. LL57 1UT. UK. ade@informatics.bangor.ac.uk www.informatics.bangor.ac.uk/~ade Tel: +44 (0)1248 382736 Fax: +44 (0)1248 361429 ___________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From vachanta at GMAIL.COM Fri Jan 14 20:01:24 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:12 2006 Subject: Problem with Bayes DB lock files Message-ID: Greetings all, Our incoming mail queues are increasing and the problem relates back to excessive lock files in the /etc/MailScanner/bayes which take forever to expire. we have tried the proposed work around from the FAQ and are still having the same problem.I exchanged couple e-mails with Peter Bonivart (http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/303.html) about the same. But we are curious to know what other people are doing to fix this issue with SA. MailScanner version 4.35.11 Spamassassin version 3.0.1 Any ideas/fixes/suggestions ? Thanks Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 14 20:14:09 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:12 2006 Subject: We are receiving a lot of bank Phishing emails. Message-ID: Yes, sorry... I should have made clear about the "virus-whitelist" assumption (good spot Steve, and fine that you had it already John:-). I don't have what you're asking for, but it shouldn't be too dificult to make a script that queries the maillog table for Phishing viruses/day and simply send them. Can perhaps help come monday, if you need that. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of John Crossan > Sent: den 14 januari 2005 18:56 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: We are receiving a lot of bank Phishing emails. > > > I have a rule to not scan anything from localhost so I could > send without > being re-detected. > I was looking for some way of placing the process on auto-pilot. > I know that MailScanner can recognize and store/forward all > viruses /spam. > I was hoping that there was someone with experience that is already > automatically forwarding (including the necessary headers) > just the bank > Phishing to the appropriate Law enforcement agency. > I would want to forward the original message, not the > processed one that has > a substitute text message/file instead of the virus. > > > Thanks in advance > John Crossan > Systems Administrator > Valley Presbyterian Hospital > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steve Swaney > Sent: Friday, January 14, 2005 7:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: We are receiving a lot of bank Phishing emails. > > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Steen, Glenn > > Sent: Friday, January 14, 2005 4:19 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: We are receiving a lot of bank Phishing emails. > > > > Sounds like you're using MailWatch. MW will not let you do this, > > true, but the solution isn't that much more complex... Unless you > > really don't like the commandline:-). > > Simply > > sendmail alternat@addre.ss < > > /path/to/MailScanner/quarantine///message > > and you should be fine. > > > > -- Glenn > > > I don't think this will work. I will just be caught again by ClamAV. > > Possibly a rule for Virus Scanning = that looks at the To: address: > > To: user@somedoamin.com no > ToOrFrom: default yes > > Where user@somedomain.co is the recipient of the virus :) > Might be work. > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > > -- > This message has been scanned for viruses and dangerous content by The > MailScanner at Fortress Systems Ltd., www.fsl.com, and is > believed to be > clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Jan 14 20:26:17 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:12 2006 Subject: Postfix & Virtual Users Auto Responder Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Folks. I have managed to get a working auto response system working for MailScanner users running Postfix with MySQL based virtual users. I may be slightly off topic with this post, but auto responders are difficult to come by for this virtual setup. Julian, I hope you don't mind me posting here to help our Postfix users. :) Here we go, with some formatting to make this readable. ________________________________________________________________________ --- Description --- I pieced together a system of old fixes, modified code, and put together a semi-simple way to use auto responders with MailScanner, Postfix, and Virtual Users. You will need to make a few database entrees and create a text file to use this system. --- Instructions --- 1. This perl script can be run from anywhere, but I chose to place it in my virtual mail directory. (/home/vmail/) I have set the ownership to my vmail user. --- autoreply code start ---- #!/usr/bin/perl -w # # Filename: autoreply # Updated By: Wess Bechard # Author: David Miller , based on a # script posted to the postfix-users maillist by # Gimbert Mario on 02 Dec 2002. # # use strict; package main; # location of sendmail binary my $SENDMAIL = "/usr/sbin/sendmail"; #---------------------------- # Main Thread of Execution #---------------------------- #my ($sender, $reciplist) = $ARGV; my ($sender, $reciplist) = @ARGV; # do not reply to mailing lists exit 0 if($sender=~/^(?i)owner-.*|^(?i)newsletter.*|(?i)listserver.*|^(?i)mailerdaemon.* ^(?i)mailer-daemon.*/); # break apart recipient list $reciplist=~s/,/ /g; #print "$reciplist\n"; my @recips = split(" ", $reciplist); # check each recipient and send mail foreach my $rec (@recips) { my ($user, $domain) = split("@", $rec); $domain =~ s/autoreply\.//; my $file = "/home/vmail/$domain/$user/autoreply.txt"; # print "$file\n"; if( -f $file) { # print "$file\n"; sendreplyto($sender, "$user\@$domain", $file); } } exit 0; sub sendreplyto { my ($sender, $recip, $replyfile); ($sender, $recip, $replyfile) = @_; #print "$replyfile"; open(MAIL, "|$SENDMAIL -f '' -t") || die "Cannot execute $SENDMAIL: $!\n"; print MAIL <) { print MAIL $_; } print MAIL "\n"; close REPLY || die "Close of $replyfile failed: $!\n"; close MAIL || die "$SENDMAIL failed: $!\n"; } --- autoreply code end ---- 2. Add the following transport to the end of your /etc/postfix/master.cf. autoreply unix - n n - - pipe flags=F user=vmail argv=/home/vmail/autoreply $sender $recipient Please change the user to match the permissions set to the perl script. 3. Please add the following data to the transport table if it does not exist. This step will need to be done once for every domain using auto responders. In Transport table: Domain: autoreply.domain.tld Destination: autoreply 4. Create a forward for the user that uses the new autoreply transport. In Virtual table: Create a forward to the user's usual inbox first. Email: user@domain.tld Destination: user@domain.tld Now create a forward to the autoreply. Email: user@domain.tld Destination: user@autoreply.domain.tld 5. Create the autoreply.txt in the user's maildir. /home/vmail/domain.tld/user/autoreply.txt Adjust directory path to taste. The autoreply.txt can contain any plain text email message. ------------------------------------------------------------------------------- ----------- I hope this help out a lot of people. Feel free to visit me on the MailScanner IRC chat room if you need any assistance. MailScanner on IRC Community Support irc.freenode.net #mailscanner -- Wess Bechard Systems Administrator eliquidMEDIA International Inc. wess@eliquid.com 519.973.1930 -1.800.561.7525 Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 14 22:25:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:12 2006 Subject: Beta 4.38.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry about 4.38.1, try 4.38.2 instead :-) Julian Field wrote: > I have just released beta version 4.38.1. > > Main addition is it can now detect numeric IP addresses in the phishing > net. I know there's already a SpamAssassin rule for this, but someone > wanted an inline alert as well. > > Download as usual from www.mailscanner.info. > > Changelog is: > > * New Features and Improvements * > - Upgraded to MIME-tools 5.416. > - Added new filename restrictions using Microsoft vulnerability report > from AUScert. > - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work > Dir and > Incoming Queue Dir automatically from MailScanner.conf file. > - Can now use $from, $id and $subject in inline signature for signing > clean > messages. > - Any entry in the "Archive Mail" setting can contain _DATE_ which > will be > replaced with the current date in yyyymmdd form, so you can backup or > move > yesterday's archive safely knowing that it won't be written to today. > - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to > cause problems. > - Added "Also Find Numeric Phishing" setting (on by default) so that all > numeric IP addresses in links are flagged as being dangerous. > > * Fixes * > - Fixed problem where some spam was delivered even if the Spam Actions > was set > to "store delete" if the messages were not to be virus-scanned. > - Fixed harmless uninitialised variables in HTML disarming. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Sat Jan 15 02:48:41 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:28:12 2006 Subject: Beta 4.38.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Sorry about 4.38.1, try 4.38.2 instead :-) > > Julian Field wrote: > >> I have just released beta version 4.38.1. >> >> Main addition is it can now detect numeric IP addresses in the phishing >> net. I know there's already a SpamAssassin rule for this, but someone >> wanted an inline alert as well. >> >> Download as usual from www.mailscanner.info. >> >> Changelog is: >> >> * New Features and Improvements * >> - Upgraded to MIME-tools 5.416. >> - Added new filename restrictions using Microsoft vulnerability report >> from AUScert. >> - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work >> Dir and >> Incoming Queue Dir automatically from MailScanner.conf file. >> - Can now use $from, $id and $subject in inline signature for signing >> clean >> messages. >> - Any entry in the "Archive Mail" setting can contain _DATE_ which >> will be >> replaced with the current date in yyyymmdd form, so you can backup or >> move > Hi Julian, i'm interested in this new feature of archiving mail with date. Can u show me how to use it ? as i don't know much about make a script. I just want simple daily archive by date Thanks (sorry for my bad english) ius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 15 03:02:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:12 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ade Fewings wrote: > Denis Beauchemin wrote: > >> Ade Fewings wrote: >> >>> Julian Field wrote: >>> >>>> Ade Fewings wrote: >>>> >>>>> Following up with more details on my own email......... >>>>> >>>>>> We have two mail servers running on Solaris 9 Sparc. Sendmail >>>>>> 8.12.10 >>>>>> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier >>>>>> today, one of our large mailing lists got hit a couple of times and >>>>>> the servers got a bit busy. However, something went wrong and /tmp >>>>>> filled up with >>>>>> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands >>>>>> were >>>>>> created in a short time, running /tmp out of i-nodes and thus >>>>>> effectively stopping MailScanner. >>>>>> >>>>>> Killing MailScanner, cleaning /tmp and restarting would then >>>>>> reproduce >>>>>> the problem again soon after. I truss'd the output of a few of the >>>>>> MailScanner processes that were going bad and all they were doing >>>>>> was >>>>>> trying to open new files in /tmp. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> We have further discovered that this problem definitely only occurs >>>>> when >>>>> MailScanner is set to use SpamAssassin. Switch off SpamAssassin and >>>>> there are zero problems. So, being relatively unknowledgable about >>>>> MailScanner, the question that comes up is what is creating these >>>>> temporary files? It is either SpamAssassin itself or something in >>>>> MailScanner that gets switched on when you tell it to use >>>>> SpamAssassin. >>>>> >>>>> Can anybody offer any guidance on whether MailScanner itself creates >>>>> these files? >>>> >>>> >>>> >>>> >>>> >>>> Advise you try increasing >>>> SpamAssassin Timeout >>>> in MailScanner.conf. >>>> >>> Thanks for this guidance, but it hasn't worked. I quadrupled the >>> SpamAssassin timeout and got the same behaviour. Additionally, I have >>> had the chance to see a bad MailScanner process in action when things >>> are going wrong. The whole process of creating a couple of hundred >>> thousand takes less than twenty seconds and truss'ing the process >>> itself >>> shows endless pages of the following sprawling past very quickly: >>> >>> open64("/tmp/spamassassin.19296.zEQAlU.tmp", >>> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >>> close(256) = 0 >>> open64("/tmp/spamassassin.19296.6s0hxi.tmp", >>> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >>> close(256) = 0 >>> open64("/tmp/spamassassin.19296.4c61CQ.tmp", >>> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >>> close(256) = 0 >>> open64("/tmp/spamassassin.19296.uPHYoK.tmp", >>> O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 256 >>> close(256) = 0 >>> ..... >>> >> >> Ade, >> >> Anything wrong with /tmp permissions? Mine (on Linux) looks like: >> ls -ld /tmp >> drwxrwxrwt 14 root root 16384 jan 14 13:58 /tmp/ >> >> Denis >> > Denis, > > There doesn't appear to be: > > drwxrwxrwt 3 root sys 256 Jan 14 19:08 tmp > > The group being sys is normal for Solaris and all our machines have > always used that. > > The problem only seems to occur when one of the mail servers comes under > a bit of a load, such as a mailing list type thing. I watched the > incoming queues go up to 600 on each server earlier and things were > fine. In both servers, MailScanner was going fine until the incoming > mail queue got down to between 250-300 and then it behaved as above and > I had to restart and (unfortunately) pass some mail without running > SpamAssassin over it as the problem kept occurring if I cleaned /tmp and > restarted MailScanner. > > I'm thinking of trying a new Perl build now......really have no other > ideas left. These files are generated by SpamAssassin and not MailScanner itself. So that is where you need to look. Check you are running a recent File::Temp module and that your Perl is new enough (I don't think SpamAssassin supports anything older than about 5.6.1). You can easily install a new perl from www.sunfreeware.com and then just mv /usr/bin/perl /usr/bin/perl.SUN ln -s /usr/local/bin/perl /usr/bin/perl This will ensure that the new Perl is always used regardless of the $PATH. My own production MailScanner servers are mostly Solaris boxes and I have never seen this problem on there, so it's not a general problem. Let me know if the new perl helps. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 15 03:10:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:13 2006 Subject: Beta 4.38.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ius wrote: > Julian Field wrote: > >> Sorry about 4.38.1, try 4.38.2 instead :-) >> >> Julian Field wrote: >> >>> I have just released beta version 4.38.1. >>> >>> Main addition is it can now detect numeric IP addresses in the phishing >>> net. I know there's already a SpamAssassin rule for this, but someone >>> wanted an inline alert as well. >>> >>> Download as usual from www.mailscanner.info. >>> >>> Changelog is: >>> >>> * New Features and Improvements * >>> - Upgraded to MIME-tools 5.416. >>> - Added new filename restrictions using Microsoft vulnerability report >>> from AUScert. >>> - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work >>> Dir and >>> Incoming Queue Dir automatically from MailScanner.conf file. >>> - Can now use $from, $id and $subject in inline signature for signing >>> clean >>> messages. >>> - Any entry in the "Archive Mail" setting can contain _DATE_ which >>> will be >>> replaced with the current date in yyyymmdd form, so you can backup or >>> move >> >> > Hi Julian, > > i'm interested in this new feature of archiving mail with date. Can u > show me how to use it ? as i don't know much about make a script. I just > want simple daily archive by date If you are archiving to a directory, you could set Archive Mail = /var/archive/_DATE_ You will need to create the /var/archive directory before you start, obviously. You will end up archiving to /var/archive/20050116 (i.e. the 16th day of January 2005, which is my birthday (hint :-) If you are archiving to an mbox mailbox file for easy browsing with Thunderbird or your IMAP server or whatever, you could create tomorrow's mbox file some time during the day (with a little cron job) and then set Archive Mail = /var/archive/MailArchive._DATE_.mbox and it will archive to the file /var/archive/MailArchive.20050116.mbox on the 16th January 2005. It's as simple as that. It just replaces _DATE_ with the current date in a form where sorting alphabetically (which is what ls does by default) gives you the files in order of date. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Sat Jan 15 03:43:51 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:28:13 2006 Subject: Beta 4.38.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > ius wrote: > >> Julian Field wrote: >> >>> Sorry about 4.38.1, try 4.38.2 instead :-) >>> >>> Julian Field wrote: >>> >>>> I have just released beta version 4.38.1. >>>> >>>> Main addition is it can now detect numeric IP addresses in the >>>> phishing >>>> net. I know there's already a SpamAssassin rule for this, but someone >>>> wanted an inline alert as well. >>>> >>>> Download as usual from www.mailscanner.info. >>>> >>>> Changelog is: >>>> >>>> * New Features and Improvements * >>>> - Upgraded to MIME-tools 5.416. >>>> - Added new filename restrictions using Microsoft vulnerability report >>>> from AUScert. >>>> - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work >>>> Dir and >>>> Incoming Queue Dir automatically from MailScanner.conf file. >>>> - Can now use $from, $id and $subject in inline signature for signing >>>> clean >>>> messages. >>>> - Any entry in the "Archive Mail" setting can contain _DATE_ which >>>> will be >>>> replaced with the current date in yyyymmdd form, so you can backup or >>>> move >>> >>> >>> >> Hi Julian, >> >> i'm interested in this new feature of archiving mail with date. Can u >> show me how to use it ? as i don't know much about make a script. I just >> want simple daily archive by date > > > If you are archiving to a directory, you could set > Archive Mail = /var/archive/_DATE_ > You will need to create the /var/archive directory before you start, > obviously. You will end up archiving to /var/archive/20050116 (i.e. the > 16th day of January 2005, which is my birthday (hint :-) > > If you are archiving to an mbox mailbox file for easy browsing with > Thunderbird or your IMAP server or whatever, you could create tomorrow's > mbox file some time during the day (with a little cron job) and then set > Archive Mail = /var/archive/MailArchive._DATE_.mbox > and it will archive to the file /var/archive/MailArchive.20050116.mbox > on the 16th January 2005. > > It's as simple as that. It just replaces _DATE_ with the current date in > a form where sorting alphabetically (which is what ls does by default) > gives you the files in order of date. > Thank you very much ... Rgds ius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Sun Jan 16 16:28:22 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:13 2006 Subject: quarantined messages and envelope address Message-ID: Hi all, I have a question regarding quarantined messages and the envelope address. Currently all infected messages are quarantined by MailScanner. Sometimes I want to send a message to it's sender although it is infected. Therefore I need the envelope address. Afaik this is only possible with the option "Quarantine Whole Messages As Queue Files". Only problem is that the option above doesn't preserve the original message: All attachments are stripped from the mail. Because of that it is much harder injecting the mail into the Exim queue again (have to encode the attachements as base64, append them to the mail body etc). How can I preserve the original message structure AND the envelope address so that it is as easy as possible to enqueue the message again? Thanks for your help :-) -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Jan 16 19:59:10 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just a quick note to wish you a Happy Birthday!! Thanks for all your hard work on MailScanner, a great piece of software. We all love you even if there are hundreds of spam and virus writers that don't :-) . Hope you had a great day! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 16 20:31:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for that! Went out for a lovely Thai meal with some friends last night, will probably organise something with the guys at work this week too. And my mates certainly know what I like, they gave me a box of chocolates and a big box of cookies :-) Yum yum! Drew Marshall wrote: > Just a quick note to wish you a Happy Birthday!! > > Thanks for all your hard work on MailScanner, a great piece of > software. We all love you even if there are hundreds of spam and virus > writers that don't :-) . > > Hope you had a great day! > > Drew -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Sun Jan 16 21:07:16 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: Also a very Happy Birthday from your users in Canada. Cheers Julian. What's it like to be 21 again ??? ;-)) Dave Julian Field wrote: > Thanks for that! > Went out for a lovely Thai meal with some friends last night, will > probably organise something with the guys at work this week too. > And my mates certainly know what I like, they gave me a box of > chocolates and a big box of cookies :-) > Yum yum! > > Drew Marshall wrote: > >> Just a quick note to wish you a Happy Birthday!! >> >> Thanks for all your hard work on MailScanner, a great piece of >> software. We all love you even if there are hundreds of spam and virus >> writers that don't :-) . >> >> Hope you had a great day! >> >> Drew > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gymer at ODENSE.KOLLEGIENET.DK Sun Jan 16 22:58:07 2005 From: gymer at ODENSE.KOLLEGIENET.DK (Lasse B. Jensen) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also congratz from Denmark. Thanks for a great piece of software. /Lasse Julian Field wrote: > Thanks for that! > Went out for a lovely Thai meal with some friends last night, will > probably organise something with the guys at work this week too. > And my mates certainly know what I like, they gave me a box of > chocolates and a big box of cookies :-) > Yum yum! > > Drew Marshall wrote: > >> Just a quick note to wish you a Happy Birthday!! >> >> Thanks for all your hard work on MailScanner, a great piece of >> software. We all love you even if there are hundreds of spam and virus >> writers that don't :-) . >> >> Hope you had a great day! >> >> Drew > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med venlig hilsen/Kind regards Lasse Birnbaum Jensen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Sun Jan 16 22:32:08 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:13 2006 Subject: Beta 4.38.1 released Message-ID: Can one archive using other variables, like _TO_ or something like that? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Friday, January 14, 2005 10:10 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Beta 4.38.1 released ius wrote: > Julian Field wrote: > >> Sorry about 4.38.1, try 4.38.2 instead :-) >> >> Julian Field wrote: >> >>> I have just released beta version 4.38.1. >>> >>> Main addition is it can now detect numeric IP addresses in the >>> phishing net. I know there's already a SpamAssassin rule for this, >>> but someone wanted an inline alert as well. >>> >>> Download as usual from www.mailscanner.info. >>> >>> Changelog is: >>> >>> * New Features and Improvements * >>> - Upgraded to MIME-tools 5.416. >>> - Added new filename restrictions using Microsoft vulnerability >>> report from AUScert. >>> - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work >>> Dir and Incoming Queue Dir automatically from MailScanner.conf >>> file. >>> - Can now use $from, $id and $subject in inline signature for >>> signing clean messages. >>> - Any entry in the "Archive Mail" setting can contain _DATE_ which >>> will be replaced with the current date in yyyymmdd form, so you can >>> backup or move >> >> > Hi Julian, > > i'm interested in this new feature of archiving mail with date. Can u > show me how to use it ? as i don't know much about make a script. I > just want simple daily archive by date If you are archiving to a directory, you could set Archive Mail = /var/archive/_DATE_ You will need to create the /var/archive directory before you start, obviously. You will end up archiving to /var/archive/20050116 (i.e. the 16th day of January 2005, which is my birthday (hint :-) If you are archiving to an mbox mailbox file for easy browsing with Thunderbird or your IMAP server or whatever, you could create tomorrow's mbox file some time during the day (with a little cron job) and then set Archive Mail = /var/archive/MailArchive._DATE_.mbox and it will archive to the file /var/archive/MailArchive.20050116.mbox on the 16th January 2005. It's as simple as that. It just replaces _DATE_ with the current date in a form where sorting alphabetically (which is what ls does by default) gives you the files in order of date. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Sun Jan 16 22:33:14 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Feliz Cumpleaños from Panama... Hope you'll be around another 100 years or so... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lasse B. Jensen Sent: Sunday, January 16, 2005 5:58 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT: Happy Birthday to Julian!!! Also congratz from Denmark. Thanks for a great piece of software. /Lasse Julian Field wrote: > Thanks for that! > Went out for a lovely Thai meal with some friends last night, will > probably organise something with the guys at work this week too. > And my mates certainly know what I like, they gave me a box of > chocolates and a big box of cookies :-) Yum yum! > > Drew Marshall wrote: > >> Just a quick note to wish you a Happy Birthday!! >> >> Thanks for all your hard work on MailScanner, a great piece of >> software. We all love you even if there are hundreds of spam and >> virus writers that don't :-) . >> >> Hope you had a great day! >> >> Drew > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med venlig hilsen/Kind regards Lasse Birnbaum Jensen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Jan 16 23:56:55 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:13 2006 Subject: Beta 4.38.1 released Message-ID: Hi! > * New Features and Improvements * > - Upgraded to MIME-tools 5.416. Works nicely. Also tested it with the lasted Exim (4.44). Running on our smaller cluster now. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jan 17 00:14:01 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:13 2006 Subject: Happy Birthday to Julian!!! Message-ID: Happy Birthday y'all from Texas :) Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: Sunday, January 16, 2005 1:59 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Happy Birthday to Julian!!! Just a quick note to wish you a Happy Birthday!! Thanks for all your hard work on MailScanner, a great piece of software. We all love you even if there are hundreds of spam and virus writers that don't :-) . Hope you had a great day! Drew ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Mon Jan 17 01:19:31 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Filchak wrote: > Also a very Happy Birthday from your users in Canada. Cheers Julian. > What's it like to be 21 again ??? ;-)) > > Dave > > Julian Field wrote: > >> Thanks for that! >> Went out for a lovely Thai meal with some friends last night, will >> probably organise something with the guys at work this week too. >> And my mates certainly know what I like, they gave me a box of >> chocolates and a big box of cookies :-) >> Yum yum! >> >> Drew Marshall wrote: >> >>> Just a quick note to wish you a Happy Birthday!! >>> >>> Thanks for all your hard work on MailScanner, a great piece of >>> software. We all love you even if there are hundreds of spam and virus >>> writers that don't :-) . >>> >>> Hope you had a great day! >>> >>> Drew >> >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Also from Indonesia, Happy Birthday to ya Julian. Thx for the great piece of software.. Love it! cheers, Ius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Mon Jan 17 02:22:38 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 17 Jan 2005 06:59 am, Drew Marshall wrote: > Just a quick note to wish you a Happy Birthday!! Happy Birthday from Sydney Australia and Boston MA! I'm in Sydney, the MailScanner boxen are in Boston! :) Have a great day (yesterday....) James -- You are wise, witty, and wonderful, but you spend too much time reading this sort of trash. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Mon Jan 17 02:24:06 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And also from the Philippines! Happy B-day Julian! Been using your great software for 5 years now.! Again happy b-day! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of ius Sent: Monday, January 17, 2005 9:20 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: {Spam?} Re: OT: Happy Birthday to Julian!!! Dave Filchak wrote: > Also a very Happy Birthday from your users in Canada. Cheers Julian. > What's it like to be 21 again ??? ;-)) > > Dave > > Julian Field wrote: > >> Thanks for that! >> Went out for a lovely Thai meal with some friends last night, will >> probably organise something with the guys at work this week too. >> And my mates certainly know what I like, they gave me a box of >> chocolates and a big box of cookies :-) >> Yum yum! >> >> Drew Marshall wrote: >> >>> Just a quick note to wish you a Happy Birthday!! >>> >>> Thanks for all your hard work on MailScanner, a great piece of >>> software. We all love you even if there are hundreds of spam and virus >>> writers that don't :-) . >>> >>> Hope you had a great day! >>> >>> Drew >> >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Also from Indonesia, Happy Birthday to ya Julian. Thx for the great piece of software.. Love it! cheers, Ius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Mon Jan 17 03:03:26 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:28:13 2006 Subject: ClamAV perl module not found! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello friends, I juat installed the latest version of clamav to be used with mailscanner, sad to say that it didnt find the the clamav perl module, i already looked at /etc/MailScanner/virus.scanners.conf and i saw it was using /bin/false and i saw clamav-wrapper having a directory of /usr/lib/MailScanner/ and with /usr/local/bin/ How can i go around with this problem? Thank you very much Jose Nathaniel G. Nengasca -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evertjan at VANRAMSELAAR.NL Mon Jan 17 06:31:44 2005 From: evertjan at VANRAMSELAAR.NL (Evert Jan van Ramselaar) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sun, January 16, 2005 20:59, Drew Marshall said: > Just a quick note to wish you a Happy Birthday!! Happy Birtday to you Julian! And many years to come! All the best from The Netherlands, -- Evert Jan van Ramselaar ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jan 17 06:36:36 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also from India, a very Happy Birthday. cheers, - dhawal Evert Jan van Ramselaar wrote: > On Sun, January 16, 2005 20:59, Drew Marshall said: > >>Just a quick note to wish you a Happy Birthday!! > > > Happy Birtday to you Julian! And many years to come! > > All the best from The Netherlands, > > -- > Evert Jan van Ramselaar > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.clancy at businessworld.ie Mon Jan 17 08:06:28 2005 From: john.clancy at businessworld.ie (John Clancy) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And a Happy Birthday from Dublin, Ireland! Thanks for all the great work. John Clancy ----- Original Message ----- From: "Dhawal Doshy" To: Sent: Monday, January 17, 2005 6:36 AM Subject: Re: OT: Happy Birthday to Julian!!! > Also from India, a very Happy Birthday. > > cheers, > - dhawal > > Evert Jan van Ramselaar wrote: >> On Sun, January 16, 2005 20:59, Drew Marshall said: >> >>>Just a quick note to wish you a Happy Birthday!! >> >> >> Happy Birtday to you Julian! And many years to come! >> >> All the best from The Netherlands, >> >> -- >> Evert Jan van Ramselaar >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Jan 17 08:22:18 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:13 2006 Subject: ClamAV perl module not found! Message-ID: Hi! > I juat installed the latest version of clamav to be used with mailscanner, > sad to say that it didnt find the the clamav perl module, i already looked > at /etc/MailScanner/virus.scanners.conf and i saw it was using /bin/false > and i saw clamav-wrapper having a directory of /usr/lib/MailScanner/ and > with /usr/local/bin/ > > How can i go around with this problem? And besides the clamav package you also installed the perl module for it? Just checking.... Mail::ClamAV Can you run: MailScanner -v | grep ClamAV Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 08:55:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:13 2006 Subject: Beta 4.38.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not at the moment, no. The trouble with "To" is that it is a list of recipients, so I would have to generate multiple archive copies. Alex Neuman van der Hans wrote: >Can one archive using other variables, like _TO_ or something like that? > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Friday, January 14, 2005 10:10 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Beta 4.38.1 released > >ius wrote: > > > >>Julian Field wrote: >> >> >> >>>Sorry about 4.38.1, try 4.38.2 instead :-) >>> >>>Julian Field wrote: >>> >>> >>> >>>>I have just released beta version 4.38.1. >>>> >>>>Main addition is it can now detect numeric IP addresses in the >>>>phishing net. I know there's already a SpamAssassin rule for this, >>>>but someone wanted an inline alert as well. >>>> >>>>Download as usual from www.mailscanner.info. >>>> >>>>Changelog is: >>>> >>>>* New Features and Improvements * >>>>- Upgraded to MIME-tools 5.416. >>>>- Added new filename restrictions using Microsoft vulnerability >>>>report from AUScert. >>>>- Improved /etc/sysconfig/MailScanner so that it finds Incoming Work >>>>Dir and Incoming Queue Dir automatically from MailScanner.conf >>>>file. >>>>- Can now use $from, $id and $subject in inline signature for >>>>signing clean messages. >>>>- Any entry in the "Archive Mail" setting can contain _DATE_ which >>>>will be replaced with the current date in yyyymmdd form, so you can >>>>backup or move >>>> >>>> >>> >>> >>Hi Julian, >> >>i'm interested in this new feature of archiving mail with date. Can u >>show me how to use it ? as i don't know much about make a script. I >>just want simple daily archive by date >> >> > >If you are archiving to a directory, you could set Archive Mail = >/var/archive/_DATE_ You will need to create the /var/archive directory >before you start, obviously. You will end up archiving to >/var/archive/20050116 (i.e. the 16th day of January 2005, which is my >birthday (hint :-) > >If you are archiving to an mbox mailbox file for easy browsing with >Thunderbird or your IMAP server or whatever, you could create tomorrow's >mbox file some time during the day (with a little cron job) and then set >Archive Mail = /var/archive/MailArchive._DATE_.mbox >and it will archive to the file /var/archive/MailArchive.20050116.mbox >on the 16th January 2005. > >It's as simple as that. It just replaces _DATE_ with the current date in a >form where sorting alphabetically (which is what ls does by default) gives >you the files in order of date. > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional Support >Services at www.MailScanner.biz MailScanner thanks transtec Computers for >their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 08:57:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thankyou all! You've made my day! Monday's aren't so bad after all... :-) John Clancy wrote: > And a Happy Birthday from Dublin, Ireland! > > Thanks for all the great work. > > John Clancy > ----- Original Message ----- > From: "Dhawal Doshy" > To: > Sent: Monday, January 17, 2005 6:36 AM > Subject: Re: OT: Happy Birthday to Julian!!! > > >> Also from India, a very Happy Birthday. >> >> cheers, >> - dhawal >> >> Evert Jan van Ramselaar wrote: >> >>> On Sun, January 16, 2005 20:59, Drew Marshall said: >>> >>>> Just a quick note to wish you a Happy Birthday!! >>> >>> >>> >>> Happy Birtday to you Julian! And many years to come! >>> >>> All the best from The Netherlands, >>> >>> -- >>> Evert Jan van Ramselaar >>> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Jan 17 09:02:20 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:13 2006 Subject: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] "Feliz Aniversário" (thats Happy Birthday) from Brazil too! > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Drew Marshall > Sent: Sunday, January 16, 2005 1:59 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Happy Birthday to Julian!!! > > > Just a quick note to wish you a Happy Birthday!! > > Thanks for all your hard work on MailScanner, a great piece of software. We > all love you even if there are hundreds of spam and virus writers that don't > :-) . > > Hope you had a great day! > > Drew > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 17 09:10:43 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: Julian from the UK user....happy nth birthday James - hope you don't have to support the hardware! (I did have user in Japan, now localsupport thank goodness, but I still got users in LA that require a 10 hour flight..) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 James Gray wrote: > On Mon, 17 Jan 2005 06:59 am, Drew Marshall wrote: > >>Just a quick note to wish you a Happy Birthday!! > > > Happy Birthday from Sydney Australia and Boston MA! I'm in Sydney, the > MailScanner boxen are in Boston! :) > > Have a great day (yesterday....) > > James > -- > You are wise, witty, and wonderful, but you spend too much time reading > this sort of trash. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Mon Jan 17 09:20:41 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Happy birthday from Poland! Wszystkiego najlepszego z okazji urodzin. -- Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jan 17 09:20:48 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] "Har den äran på födelsedagen" from at least one of your grateful "users" in Sweden... -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Marcin Rozek > Sent: den 17 januari 2005 10:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Happy Birthday to Julian!!! > > > Happy birthday from Poland! > Wszystkiego najlepszego z okazji urodzin. > > -- > Marcin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Mon Jan 17 09:22:37 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! {Virus Scanned} Message-ID: Guess what South Africa Use MailScanner also and would like to say Happy Birthday to Julian. Wish we could make all your wishes come true but I'm not Santa. Hope you enjoyed your day and keep up the good work with MailScanner. Thanx A million Christo E-Commerce Manager > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Monday, January 17, 2005 10:57 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Happy Birthday to Julian!!! {Virus Scanned} > > Thankyou all! > You've made my day! > > Monday's aren't so bad after all... > :-) > > John Clancy wrote: > > > And a Happy Birthday from Dublin, Ireland! > > > > Thanks for all the great work. > > > > John Clancy > > ----- Original Message ----- > > From: "Dhawal Doshy" > > To: > > Sent: Monday, January 17, 2005 6:36 AM > > Subject: Re: OT: Happy Birthday to Julian!!! > > > > > >> Also from India, a very Happy Birthday. > >> > >> cheers, > >> - dhawal > >> > >> Evert Jan van Ramselaar wrote: > >> > >>> On Sun, January 16, 2005 20:59, Drew Marshall said: > >>> > >>>> Just a quick note to wish you a Happy Birthday!! > >>> > >>> > >>> > >>> Happy Birtday to you Julian! And many years to come! > >>> > >>> All the best from The Netherlands, > >>> > >>> -- > >>> Evert Jan van Ramselaar > >>> > >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at soton.ac.uk Mon Jan 17 09:30:16 2005 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! {Virus Scanned} Message-ID: And Happy Birthday from me, If I see you about this week I'll get you a pint, Gary Christo Bezuidenhout wrote: > Guess what South Africa Use MailScanner also and would like to say > Happy Birthday to Julian. Wish we could make all your wishes come > true but I'm not Santa. Hope you enjoyed your day and keep up the > good work with MailScanner. > > Thanx A million > Christo > E-Commerce Manager > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Julian Field Sent: Monday, January 17, 2005 10:57 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: OT: Happy Birthday to Julian!!! {Virus Scanned} >> >> Thankyou all! >> You've made my day! >> >> Monday's aren't so bad after all... >> :-) >> >> John Clancy wrote: >> >>> And a Happy Birthday from Dublin, Ireland! >>> >>> Thanks for all the great work. >>> >>> John Clancy >>> ----- Original Message ----- >>> From: "Dhawal Doshy" >>> To: >>> Sent: Monday, January 17, 2005 6:36 AM >>> Subject: Re: OT: Happy Birthday to Julian!!! >>> >>> >>>> Also from India, a very Happy Birthday. >>>> >>>> cheers, >>>> - dhawal >>>> >>>> Evert Jan van Ramselaar wrote: >>>> >>>>> On Sun, January 16, 2005 20:59, Drew Marshall said: >>>>> >>>>>> Just a quick note to wish you a Happy Birthday!! >>>>> >>>>> >>>>> >>>>> Happy Birtday to you Julian! And many years to come! >>>>> >>>>> All the best from The Netherlands, >>>>> >>>>> -- >>>>> Evert Jan van Ramselaar >>>>> >>>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list >> ------------------------ To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the >> body of the email. Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. MailScanner thanks >> transtec Computers for their support. >> > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Mon Jan 17 09:35:41 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! {Virus Scanned} Message-ID: Many Happy returns Julian! Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Mon Jan 17 10:24:37 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:28:13 2006 Subject: Happy Birthday to Julian!!! Message-ID: A late but none the less Happy Birthday from the swedish section :) ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: Sunday, January 16, 2005 8:59 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Happy Birthday to Julian!!! Just a quick note to wish you a Happy Birthday!! Thanks for all your hard work on MailScanner, a great piece of software. We all love you even if there are hundreds of spam and virus writers that don't :-) . Hope you had a great day! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Mon Jan 17 11:27:00 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Another Feliz Cumpleaños from Argentina!! Leo On Mon, Jan 17, 2005 at 10:20:26AM +0100, Steen, Glenn wrote: > "Har den äran på födelsedagen" from at least one of your grateful "users" in Sweden... > > -- Glenn > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Marcin Rozek > > Sent: den 17 januari 2005 10:21 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: OT: Happy Birthday to Julian!!! > > > > > > Happy birthday from Poland! > > Wszystkiego najlepszego z okazji urodzin. > > > > -- > > Marcin > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Jan 17 12:33:02 2005 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:28:13 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: From d.santos at barcelohotels.com.do Mon Jan 17 13:26:25 2005 From: d.santos at barcelohotels.com.do (Dywer Santos) Date: Thu Jan 12 21:28:13 2006 Subject: Happy Birthday to Julian. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Feliz Cumpleaños (happy birthday in spanish) from the Dominican Republic. :--) dywer santos ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jan 17 14:06:15 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:13 2006 Subject: wee tweak for 4.38 Message-ID: Julian, Please apply the attached patch file to MailScanner.conf for the next editon. I suggested this last week and it got lost in the shuffle. BTW, Happy Birthday from Maine, USA. I'll bet if you posted your snail-mail address (work) to the list then grateful Mailscanner users would send you cool postcards from all parts of the planet. It would make a nice decoration in your office. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "diff.file") 21 lines. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Mon Jan 17 14:11:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:13 2006 Subject: wee tweak for 4.38 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The list should not be case-sensitive, so I have just added eicar in lowercase. Jeff A. Earickson wrote: > Julian, > > Please apply the attached patch file to MailScanner.conf for the > next editon. I suggested this last week and it got lost in the > shuffle. > > BTW, Happy Birthday from Maine, USA. I'll bet if you posted your > snail-mail address (work) to the list then grateful Mailscanner > users would send you cool postcards from all parts of the planet. > It would make a nice decoration in your office. > > Jeff Earickson > Colby College -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From georgelist at CONPOINT.COM Mon Jan 17 15:08:51 2005 From: georgelist at CONPOINT.COM (george) Date: Thu Jan 12 21:28:13 2006 Subject: Problems with mail backing up Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: >Point your Spam Checks = directive to a ruleset: > >FromTo: lazy_user@domain.com no >FromTo: other_lazy_user@domain.com no >FromTo: default yes > >Are you running a local caching nameserver on the mailbox? > >Mike > > Hi Mike, I tried this with just one of my personal email addresses to and it did not do anything. It is still scanning the messages for spam.. Is there any reason why, anything else I should be looking at? My MailScanner.conf files has Spam Checks = %rules-dir%/spam.rules My spam.rules has FromOrTo: cpgeorge@conpoint.com no FromOrTo: default yes > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of george >Sent: Thursday, January 13, 2005 4:55 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Problems with mail backing up > >We have been having a problem with the MS incoming queue getting backed up >and slowing down delivery time substantially. We also have many users who >do not want spam filtering. Currently we are whitelisting these users, but >we were wondering if there is a way to keep emails for these users from even >going through MS in the first place. We are hoping that bypassing MS for >these users will relieve the load thereby speeding up delivery time. We are >using Postfix. > > Thanks for any suggestions or ideas that you may have. > > George Edwards >Connecting Point Computer Center >Internet Department >402.371.4530 x212 >http://www.conpoint.com >gtedwards@conpoint.com > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Mon Jan 17 15:12:16 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everyone, We're getting tons of spam directed at addresses that neither exist, nor ever exist. I'm not sure of the spammers' motivation here...are they hoping to simply spam the "catch-all" account, if it exists? Is there an easy way of somehow rejecting emails destined to nonexistent addresses before they are processed by MailScanner? We're running Fedora Linux, Sendmail, Procmail, and of course MailScanner. Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Jan 17 15:26:02 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: Hi! > We're getting tons of spam directed at addresses that neither exist, nor > ever exist. I'm not sure of the spammers' motivation here...are they > hoping to simply spam the "catch-all" account, if it exists? Is there an > easy way of somehow rejecting emails destined to nonexistent addresses > before they are processed by MailScanner? > > We're running Fedora Linux, Sendmail, Procmail, and of course MailScanner. How does a spammer know its a nonexistent addresses? They dont, so they beam up anything they can. To stop this, you can for example use ldap on your frontend servers and do real time checks with your MTA on your userbase. Bye, Raymond ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jan 17 15:25:21 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: sendmail ought to reject them as unknown users before they ever get to MailScanner. This assumes your MS box is not a gateway. Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Fractal IT Dept. Sent: Monday, January 17, 2005 9:12 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Reject emails to nonexistent addresses? Hi everyone, We're getting tons of spam directed at addresses that neither exist, nor ever exist. I'm not sure of the spammers' motivation here...are they hoping to simply spam the "catch-all" account, if it exists? Is there an easy way of somehow rejecting emails destined to nonexistent addresses before they are processed by MailScanner? We're running Fedora Linux, Sendmail, Procmail, and of course MailScanner. Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Mon Jan 17 15:33:41 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: Steve Swaney posted about a sendmail milter that addresses this. I haven't had a chance to test it inhouse yet, but it would do the job on a gateway. The other option is to look at something like vispan which allows you to throttle/block Ips/hosts sending you inordinate quantities of rubbish. Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From josephwatson at FSE.US Mon Jan 17 15:54:20 2005 From: josephwatson at FSE.US (Joseph Watson) Date: Thu Jan 12 21:28:13 2006 Subject: Rav Virus Scanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From mike at CAMAROSS.NET Mon Jan 17 15:56:13 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: There are a couple of milters. The one I use is milter-sender. There is another called milter-ahead that does the call ahead to your Exchange server or other final destination. milter-sender also does the call ahead. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: Blacknight Solutions Sent: Monday, January 17, 2005 9:34 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Reject emails to nonexistent addresses? Steve Swaney posted about a sendmail milter that addresses this. I haven't had a chance to test it inhouse yet, but it would do the job on a gateway. The other option is to look at something like vispan which allows you to throttle/block Ips/hosts sending you inordinate quantities of rubbish. Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 17 15:51:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:13 2006 Subject: Beta 4.38.1 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Happy Belated birthday, Julian!!! Julian Field wrote: > ius wrote: > >> Julian Field wrote: >> >>> Sorry about 4.38.1, try 4.38.2 instead :-) >>> >>> Julian Field wrote: >>> >>>> I have just released beta version 4.38.1. >>>> >>>> Main addition is it can now detect numeric IP addresses in the phishing >>>> net. I know there's already a SpamAssassin rule for this, but someone >>>> wanted an inline alert as well. >>>> >>>> Download as usual from www.mailscanner.info. >>>> >>>> Changelog is: >>>> >>>> * New Features and Improvements * >>>> - Upgraded to MIME-tools 5.416. >>>> - Added new filename restrictions using Microsoft vulnerability report >>>> from AUScert. >>>> - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work >>>> Dir and >>>> Incoming Queue Dir automatically from MailScanner.conf file. >>>> - Can now use $from, $id and $subject in inline signature for signing >>>> clean >>>> messages. >>>> - Any entry in the "Archive Mail" setting can contain _DATE_ which >>>> will be >>>> replaced with the current date in yyyymmdd form, so you can backup or >>>> move >>> >>> >>> >> Hi Julian, >> >> i'm interested in this new feature of archiving mail with date. Can u >> show me how to use it ? as i don't know much about make a script. I just >> want simple daily archive by date > > > If you are archiving to a directory, you could set > Archive Mail = /var/archive/_DATE_ > You will need to create the /var/archive directory before you start, > obviously. You will end up archiving to /var/archive/20050116 (i.e. the > 16th day of January 2005, which is my birthday (hint :-) > > If you are archiving to an mbox mailbox file for easy browsing with > Thunderbird or your IMAP server or whatever, you could create tomorrow's > mbox file some time during the day (with a little cron job) and then set > Archive Mail = /var/archive/MailArchive._DATE_.mbox > and it will archive to the file /var/archive/MailArchive.20050116.mbox > on the 16th January 2005. > > It's as simple as that. It just replaces _DATE_ with the current date in > a form where sorting alphabetically (which is what ls does by default) > gives you the files in order of date. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Mon Jan 17 16:08:53 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: > There are a couple of milters. The one I use is > milter-sender. There is another called milter-ahead that > does the call ahead to your Exchange server or other final > destination. milter-sender also does the call ahead. Is there much difference between them? What happens if the receiving server is down/unavailable? We're currently evaluating our options for installing this kind of solution on a gateway, so any feedback would be appreciated. Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Mon Jan 17 16:15:33 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Kercher > Sent: Monday, January 17, 2005 10:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > There are a couple of milters. The one I use is milter-sender. There is > another called milter-ahead that does the call ahead to your Exchange > server > or other final destination. milter-sender also does the call ahead. > > Mike > Milter-ahead checks to see if the email can be delivered to the recipient before sendmail accepts the message for delivery. Not normally needed on a mailhub but very useful on a pass-through gateway. Milter-sender attempts to verify that the sender's email address is in good standing by performing an SMTP callback to the MX server responsible for the sender's domain. Both are handy tools. There are many more useful milters available at http://www.milter.info/ Another one I'm about to test is milter-limit limits the number of messages by connecting client IP, from a sender, or to a recipient over a given time period. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bberglund at TECHPRO.COM Mon Jan 17 16:28:49 2005 From: bberglund at TECHPRO.COM (Todd Bourdage) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: Leave mailsweeper -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn Sent: Monday, January 17, 2005 9:26 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Reject emails to nonexistent addresses? Hi! > We're getting tons of spam directed at addresses that neither exist, > nor ever exist. I'm not sure of the spammers' motivation here...are > they hoping to simply spam the "catch-all" account, if it exists? Is > there an easy way of somehow rejecting emails destined to nonexistent > addresses before they are processed by MailScanner? > > We're running Fedora Linux, Sendmail, Procmail, and of course MailScanner. How does a spammer know its a nonexistent addresses? They dont, so they beam up anything they can. To stop this, you can for example use ldap on your frontend servers and do real time checks with your MTA on your userbase. Bye, Raymond ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ricardo.canavate at nozar.es Mon Jan 17 16:32:11 2005 From: ricardo.canavate at nozar.es ([iso-8859-1] Ricardo Luis Cañavate) Date: Thu Jan 12 21:28:13 2006 Subject: RV: Problem with BayesDB? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Friends!! Dennis is trying to help me but my server is at point to crash. Now the partition it is at 97%. Please, please, please. Could someone help me with bayes_toks.expire... -----Mensaje original----- De: Ricardo Luis Cañavate [mailto:ricardo.canavate@nozar.es] Enviado el: lunes, 17 de enero de 2005 9:32 Para: Denis Beauchemin Asunto: RE: Problem with BayesDB? Find the attached document with the ls output > -----Mensaje original----- > De: Denis Beauchemin [mailto:Denis.Beauchemin@USherbrooke.ca] > Enviado el: jueves, 13 de enero de 2005 19:34 > Para: ricardo.canavate@nozar.es > Asunto: Re: Problem with BayesDB? > > > Ricardo, > > I just realized you mentioned /etc/MailScanner/bayes... > > All my Bayes files are in /root/.spamassassin, not under > /etc/MailScanner... > > 498MB seems quite large. Could you send me a ls -l > /etc/MailScanner/bayes? > > I think you may have many temp files in there... > > Denis > Ricardo Luis Cañavate wrote: > > >Hi, thanks for your help and sorry for the html post. > > > >These are my folders, thank you. > > > >[root@servnozar MailScanner]# du -sh /root/.spamassassin > >8.0K /root/.spamassassin > >[root@servnozar MailScanner]# ls > >bayes MailScanner.conf spam.assassin.prefs.conf > >eicar_com.zip mailscanner-mrtg.conf spam.lists.conf > >filename.rules.conf mcp virus.scanners.conf > >filetype.rules.conf reports virus.scanners.conf.bak > >flush_ms_quarantine rules > >[root@servnozar MailScanner]# cd .. > >[root@servnozar etc]# cd .. > >[root@servnozar /]# du -sh /etc > >522M /etc > >[root@servnozar /]# du -sh /etc/MailScanner/ > >500M /etc/MailScanner > >[root@servnozar /]# du -sh /etc/MailScanner/bayes/ > >498M /etc/MailScanner/bayes > >[root@servnozar /]# > > > > > > > >>-----Mensaje original----- > >>De: Denis Beauchemin [mailto:Denis.Beauchemin@USherbrooke.ca] > >>Enviado el: jueves, 13 de enero de 2005 15:19 > >>Para: ricardo.canavate@nozar.es > >>Asunto: Re: Problem with BayesDB? > >> > >> > >>Ricardo Luis Cañavate wrote: > >> > >> > >> > >>>My folder /etc/MailScanner/bayes is increasing a lot every day, What > >>>could I do stop this growth? > >>> > >>> > >>> > >>Ricardo, > >> > >>Please don't post HTML emails here (and no nice background > image neither). > >> > >>My .spamassassin folder is at about 176MB on one of my systems. Is this > >>yours bigger than that? > >> > >>Denis > >> > >>-- > >> _ > >> °v° Denis Beauchemin, analyste > >> /(_)\ Université de Sherbrooke, S.T.I. > >> ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > >> > >> > >> > >> > >> > > > > > >========================================================================= > >Usted recibe este mensaje porque su dirección e-mail se encuentra en > >nuestra base de datos al haber tenido contactos anteriores con nosotros, > >por lo que entendemos que contamos con su autorización para enviarle > >información profesional. No obstante, si no desea seguir recibiéndola > >basta con hacérnoslo saber. > >Este mensaje se dirige exclusivamente a su destinatario y puede contener > >información privilegiada o confidencial. Si no es vd. el destinatario > >indicado, queda notificado de que la utilización, divulgación y/o copia > >sin autorización está prohibida en virtud de la legislación vigente. > >Si ha recibido este mensaje por error, le rogamos que nos lo comunique > >inmediatamente por esta misma vía y proceda a su destrucción. > > > > > >You are receiving this message because your e-mail address is listed in > >our database due to previous communications with us, > >so we have assumed that we have your permission to send you professional > >information. However, if you do not wish to continue to receive such > >information then please let us know. > >This message is intended exclusively for its addressee and may contain > >information that is CONFIDENTIAL and protected by professional > privilege. > >If you are not the intended recipient you are hereby notified that any > >dissemination, copy or disclosure of this communication is strictly > >prohibited by law. If this message has been received in error, please > >immediately notify us via e-mail and delete it. > >======================================================================= > > > > > > > > > > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > ========================================================================= Usted recibe este mensaje porque su dirección e-mail se encuentra en nuestra base de datos al haber tenido contactos anteriores con nosotros, por lo que entendemos que contamos con su autorización para enviarle información profesional. No obstante, si no desea seguir recibiéndola basta con hacérnoslo saber. Este mensaje se dirige exclusivamente a su destinatario y puede contener información privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. You are receiving this message because your e-mail address is listed in our database due to previous communications with us, so we have assumed that we have your permission to send you professional information. However, if you do not wish to continue to receive such information then please let us know. This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. ======================================================================= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "ls.txt") 824 lines. ] [ Unable to print this part. ] From Q.G.Campbell at NEWCASTLE.AC.UK Mon Jan 17 16:39:13 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:13 2006 Subject: Request for additional logged info Message-ID: Julian Is it possible to add to the "Content Checks: Detected HTML-specific exploits in ..." message the actual HTML exploit that caused the message? At present we only have info on Iframe exploits through the separate logging facility for that tag. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 16:46:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:13 2006 Subject: New advertising flyer Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have just finished a new advertising "flyer" sheet to help promote MailScanner. Please feel free to print this out and give it to anyone who might have an interest in MailScanner, or any of your clients to whom you would like to sell a MailScanner-based service. Please do *not* edit or change it in any way, except for any adjustments needed to print it on US letter paper (it is currently designed for A4). Please print it in colour if at all possible, it looks much better. The advertising sheet is linked off the documentation page at http://www.sng.ecs.soton.ac.uk/mailscanner/docs.html -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Mon Jan 17 16:54:42 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:28:13 2006 Subject: RV: Problem with BayesDB? Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ricardo Luis Canavate wrote: > Hi Friends!! > Dennis is trying to help me but my server is at point to crash. Now the > partition it is at 97%. > > Please, please, please. > > Could someone help me with bayes_toks.expire... I have this in my root's crontab: 30 23 * * * /usr/bin/sa-learn --force-expire 40 23 * * * rm -f /root/.spamassassin/bayes_toks.expire* Maybe you should also put this into your crontab changing /root/.spamassassin to /etc/MailScanner/bayes/ -- Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Mon Jan 17 16:51:16 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michele Neylon :: Blacknight Solutions > Sent: Monday, January 17, 2005 11:09 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > > There are a couple of milters. The one I use is > > milter-sender. There is another called milter-ahead that > > does the call ahead to your Exchange server or other final > > destination. milter-sender also does the call ahead. > > Is there much difference between them? > Yes - very much, One validates the sender the other validates the recipient > What happens if the sending MTA were is down/unavailable? Please checkout the web site http://www.milter.info/ for all of the error codes. I've tested the milter-ahead for most of the possible error conditions and the all work as advertised. We are using milter-ahead software with good success on more and more sites. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Mon Jan 17 16:58:40 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:13 2006 Subject: Package conficts between an updated RH AS 3 and MS-4.37.7-1 Message-ID: When I ran install.sh for MS-4.37.7-1 on recently updated RedHat AS 3 systems I noted that you get a raft of message similar to: file /usr/lib/perl5/5.8.0/ExtUtils/Install.pm from install of perl-ExtUtils-MakeMaker-6.05-1 conflicts with file from package perl-5.8.0-88.9. I am ignoring them for the moment. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgutlon at YAHOO.COM Mon Jan 17 17:25:21 2005 From: rgutlon at YAHOO.COM (Rick Gutlon) Date: Thu Jan 12 21:28:13 2006 Subject: Reject emails to nonexistent addresses? Message-ID: Chris: If you are dealing with a manageable and fairly stable list of users another option is to control this via sendmail's access.db file. Works great for us smaller guys :) The following convention was suggested by someone on this list awhile back which we implemented quite successfully: TO:username1@yourdomain.com RELAY TO:username2@yourdomain.com RELAY TO:yourdomain.com ERROR:5.1.1:550 User unknown The above will accept mail for valid users and reject all unknowns before the mail is passed to MailScanner. This cut back on a huge amount of overhead for us. The last line could be changed from ERROR to DISCARD if you wanted the unknowns to hit the bit bucket. One caveat ... if you use the above you have to account for all aliases access file including misc. items such as postmaster, abuse, etc. Just some food for thought ... --- "Fractal IT Dept." wrote: > Is there an easy way of somehow rejecting emails destined to nonexistent addresses before they are processed by MailScanner? __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Jan 17 17:29:12 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:14 2006 Subject: RV: Problem with BayesDB? Message-ID: [ The following text is in the "X-UNKNOWN" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 17 Jan 2005, [iso-8859-1] Ricardo Luis Cañavate wrote: > Dennis is trying to help me but my server is at point to crash. Now the > partition it is at 97%. > > Please, please, please. > > Could someone help me with bayes_toks.expire... What follows is my experience. It doesn't necessarily reflect best practice. The quick (and, I suspect, not as clean as desirable) fix is periodically to remove those "bayes_toks.expire*" files. We, too, had this problem (with reasonably up-to-date MS including 4.37.7, and versions of SA including 2.63 and 3.0.2). Our MailScanner.conf has: Rebuild Bayes Every = 3600 Wait During Bayes Rebuild = yes but, despite the "Wait During...", we still got these "bayes_toks.expire*" files on busy machines. A few days ago, I changed "SpamAssassin Timeout" from 40 to 120 and the problem seems to have gone away. My simple expectation was that "Wait During Bayes Rebuild = yes" would have been sufficient to let the rebuild run to completion. But it appears that it is insufficient, and that something else, somewhere else, goverened by "SpamAssassin Timeout", happens that aborts the rebuild regardless. So increasing "SpamAssassin Timeout" might be worth a try. Meanwhile, if anyone else has a good, clean explanation (and solution) that can be placed in the FAQ (or is there a bug to be fixed?), I'm sure that it would be most welcome by several people. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Mon Jan 17 17:38:42 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:14 2006 Subject: RV: Problem with BayesDB? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David Lee > Sent: Monday, January 17, 2005 12:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: RV: Problem with BayesDB? > > On Mon, 17 Jan 2005, [iso-8859-1] Ricardo Luis Cañavate wrote: > > > Dennis is trying to help me but my server is at point to crash. Now the > > partition it is at 97%. > > > > Please, please, please. > > > > Could someone help me with bayes_toks.expire... > > What follows is my experience. It doesn't necessarily reflect best > practice. > > The quick (and, I suspect, not as clean as desirable) fix is periodically > to remove those "bayes_toks.expire*" files. > > > We, too, had this problem (with reasonably up-to-date MS including 4.37.7, > and versions of SA including 2.63 and 3.0.2). Our MailScanner.conf has: > Rebuild Bayes Every = 3600 > Wait During Bayes Rebuild = yes > > but, despite the "Wait During...", we still got these "bayes_toks.expire*" > files on busy machines. A few days ago, I changed "SpamAssassin Timeout" > from 40 to 120 and the problem seems to have gone away. > > My simple expectation was that "Wait During Bayes Rebuild = yes" would > have been sufficient to let the rebuild run to completion. But it appears > that it is insufficient, and that something else, somewhere else, > goverened by "SpamAssassin Timeout", happens that aborts the rebuild > regardless. > > So increasing "SpamAssassin Timeout" might be worth a try. > > Meanwhile, if anyone else has a good, clean explanation (and solution) > that can be placed in the FAQ (or is there a bug to be fixed?), I'm sure > that it would be most welcome by several people. We support many systems that use only a daily cron job, bayes-rebuild: #! /bin/bash # # rebuild the bayes database daily /usr/bin/sa-learn --sync --force-expire -p \ /etc/MailScanner/spam.assassin.prefs.conf MailScanner.conf settings are: Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no We very rarely see any problems with the bayes database: Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From josephwatson at FSE.US Mon Jan 17 17:55:49 2005 From: josephwatson at FSE.US (Joseph Watson) Date: Thu Jan 12 21:28:14 2006 Subject: Sophos and multi volume archives Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am running Mandrake 10.0 MailScanner Sophos DrWeb F-prot I just recently tried to send a multi volume archive zip file that I created with WinZip "Split" function. Sophos picked this up and returned the following message: (part of multi volume archive). So it was blocked. I could not find a way to control this behavior with Sophos, so I had to turn off Sophos to get this email through (I had to get just this one out). Does anyone know if this is controllable?? This brings up a question thought. How can you allow emails with multi volume archives but still protect yourself from possible bad guys using this method?? Any thoughts? - Regards Joseph Watson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Mon Jan 17 18:02:58 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:14 2006 Subject: New advertising flyer Message-ID: Looks excellent. I'll try and get it op on the web later today. Thanks! Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, January 17, 2005 11:46 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: New advertising flyer > > We have just finished a new advertising "flyer" sheet to help promote > MailScanner. Please feel free to print this out and give it to anyone > who might have an interest in MailScanner, or any of your clients to > whom you would like to sell a MailScanner-based service. > > Please do *not* edit or change it in any way, except for any adjustments > needed to print it on US letter paper (it is currently designed for A4). > Please print it in colour if at all possible, it looks much better. > > The advertising sheet is linked off the documentation page at > > http://www.sng.ecs.soton.ac.uk/mailscanner/docs.html > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by The > MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be > clean. > > -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ricardo.canavate at nozar.es Mon Jan 17 18:05:40 2005 From: ricardo.canavate at nozar.es ([iso-8859-1] Ricardo Luis Cañavate) Date: Thu Jan 12 21:28:14 2006 Subject: RV: Problem with BayesDB? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks David; I set: Rebuild Bayes Every = 28800 Wait During Bayes Rebuild = yes SpamAssassin Timeout = 60 before this its sets 40 I have deleted those "bayes_toks.expire*" files manually, tomorrow I will tell you what happens this night. Ricardo > > -----Mensaje original----- > De: David Lee [mailto:t.d.lee@durham.ac.uk] > Enviado el: lunes, 17 de enero de 2005 18:29 > Para: Ricardo Luis Cañavate > CC: MAILSCANNER@JISCMAIL.AC.UK > Asunto: Re: RV: Problem with BayesDB? > > > On Mon, 17 Jan 2005, [iso-8859-1] Ricardo Luis Cañavate wrote: > > > Dennis is trying to help me but my server is at point to crash. Now the > > partition it is at 97%. > > > > Please, please, please. > > > > Could someone help me with bayes_toks.expire... > > What follows is my experience. It doesn't necessarily reflect best > practice. > > The quick (and, I suspect, not as clean as desirable) fix is periodically > to remove those "bayes_toks.expire*" files. > > > We, too, had this problem (with reasonably up-to-date MS > including 4.37.7, > and versions of SA including 2.63 and 3.0.2). Our MailScanner.conf has: > Rebuild Bayes Every = 3600 > Wait During Bayes Rebuild = yes > > but, despite the "Wait During...", we still got these > "bayes_toks.expire*" > files on busy machines. A few days ago, I changed "SpamAssassin Timeout" > from 40 to 120 and the problem seems to have gone away. > > My simple expectation was that "Wait During Bayes Rebuild = yes" would > have been sufficient to let the rebuild run to completion. But > it appears > that it is insufficient, and that something else, somewhere else, > goverened by "SpamAssassin Timeout", happens that aborts the rebuild > regardless. > > So increasing "SpamAssassin Timeout" might be worth a try. > > Meanwhile, if anyone else has a good, clean explanation (and solution) > that can be placed in the FAQ (or is there a bug to be fixed?), I'm sure > that it would be most welcome by several people. > > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : ========================================================================= Usted recibe este mensaje porque su dirección e-mail se encuentra en nuestra base de datos al haber tenido contactos anteriores con nosotros, por lo que entendemos que contamos con su autorización para enviarle información profesional. No obstante, si no desea seguir recibiéndola basta con hacérnoslo saber. Este mensaje se dirige exclusivamente a su destinatario y puede contener información privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. You are receiving this message because your e-mail address is listed in our database due to previous communications with us, so we have assumed that we have your permission to send you professional information. However, if you do not wish to continue to receive such information then please let us know. This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. ======================================================================= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Mon Jan 17 18:07:30 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:14 2006 Subject: New advertising flyer Message-ID: Would it be possible to get a copy of the front and back cover of the MailScanner book? I've misplaced my book and I'm thinking of redoing the cover for the SMGateway manual. I wasn't going to lift the cover design :), just looking at different covers to get some ideas. Thanks, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steve Swaney > Sent: Monday, January 17, 2005 1:03 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: New advertising flyer > > Looks excellent. I'll try and get it op on the web later today. > > Thanks! > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Julian Field > > Sent: Monday, January 17, 2005 11:46 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: New advertising flyer > > > > We have just finished a new advertising "flyer" sheet to help promote > > MailScanner. Please feel free to print this out and give it to anyone > > who might have an interest in MailScanner, or any of your clients to > > whom you would like to sell a MailScanner-based service. > > > > Please do *not* edit or change it in any way, except for any adjustments > > needed to print it on US letter paper (it is currently designed for A4). > > Please print it in colour if at all possible, it looks much better. > > > > The advertising sheet is linked off the documentation page at > > > > http://www.sng.ecs.soton.ac.uk/mailscanner/docs.html > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and dangerous content by The > > MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be > > clean. > > > > > > > > -- > This message has been scanned for viruses and dangerous content by The > MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be > clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ricardo.canavate at nozar.es Mon Jan 17 18:15:20 2005 From: ricardo.canavate at nozar.es ([iso-8859-1] Ricardo Luis Cañavate) Date: Thu Jan 12 21:28:14 2006 Subject: RV: RV: Problem with BayesDB? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I still have two bayes_toks what is the only file that I would have, bayes_toks since 13 ene have 675Mb and bayes_toks.new 278Mb. [root@servnozar bayes]# ls -ls total 652384 4 -rw-rw-rw- 1 root apache 46 ene 17 18:59 bayes.lock 4 -rw------- 1 root apache 1356 nov 23 08:55 bayes.mutex 1148 -rw-rw---- 1 root apache 1335296 ene 13 12:28 bayes_seen 461244 -rw-rw---- 1 root apache 677400576 ene 13 12:28 bayes_toks 189984 -rw-rw---- 1 root apache 278929408 ene 17 19:00 bayes_toks.new -----Mensaje original----- De: Ricardo Luis Cañavate [mailto:ricardo.canavate@nozar.es] Enviado el: lunes, 17 de enero de 2005 19:06 Para: David Lee CC: MAILSCANNER@JISCMAIL.AC.UK Asunto: RE: RV: Problem with BayesDB? Thanks David; I set: Rebuild Bayes Every = 28800 Wait During Bayes Rebuild = yes SpamAssassin Timeout = 60 before this its sets 40 I have deleted those "bayes_toks.expire*" files manually, tomorrow I will tell you what happens this night. Ricardo > > -----Mensaje original----- > De: David Lee [mailto:t.d.lee@durham.ac.uk] > Enviado el: lunes, 17 de enero de 2005 18:29 > Para: Ricardo Luis Cañavate > CC: MAILSCANNER@JISCMAIL.AC.UK > Asunto: Re: RV: Problem with BayesDB? > > > On Mon, 17 Jan 2005, [iso-8859-1] Ricardo Luis Cañavate wrote: > > > Dennis is trying to help me but my server is at point to crash. Now the > > partition it is at 97%. > > > > Please, please, please. > > > > Could someone help me with bayes_toks.expire... > > What follows is my experience. It doesn't necessarily reflect best > practice. > > The quick (and, I suspect, not as clean as desirable) fix is periodically > to remove those "bayes_toks.expire*" files. > > > We, too, had this problem (with reasonably up-to-date MS > including 4.37.7, > and versions of SA including 2.63 and 3.0.2). Our MailScanner.conf has: > Rebuild Bayes Every = 3600 > Wait During Bayes Rebuild = yes > > but, despite the "Wait During...", we still got these > "bayes_toks.expire*" > files on busy machines. A few days ago, I changed "SpamAssassin Timeout" > from 40 to 120 and the problem seems to have gone away. > > My simple expectation was that "Wait During Bayes Rebuild = yes" would > have been sufficient to let the rebuild run to completion. But > it appears > that it is insufficient, and that something else, somewhere else, > goverened by "SpamAssassin Timeout", happens that aborts the rebuild > regardless. > > So increasing "SpamAssassin Timeout" might be worth a try. > > Meanwhile, if anyone else has a good, clean explanation (and solution) > that can be placed in the FAQ (or is there a bug to be fixed?), I'm sure > that it would be most welcome by several people. > > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : ========================================================================= Usted recibe este mensaje porque su dirección e-mail se encuentra en nuestra base de datos al haber tenido contactos anteriores con nosotros, por lo que entendemos que contamos con su autorización para enviarle información profesional. No obstante, si no desea seguir recibiéndola basta con hacérnoslo saber. Este mensaje se dirige exclusivamente a su destinatario y puede contener información privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. You are receiving this message because your e-mail address is listed in our database due to previous communications with us, so we have assumed that we have your permission to send you professional information. However, if you do not wish to continue to receive such information then please let us know. This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. ======================================================================= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jan 17 18:18:26 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:14 2006 Subject: Reject emails to nonexistent addresses? Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Swaney Sent: Monday, January 17, 2005 10:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Reject emails to nonexistent addresses? > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Kercher > Sent: Monday, January 17, 2005 10:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > There are a couple of milters. The one I use is milter-sender. There > is another called milter-ahead that does the call ahead to your > Exchange server or other final destination. milter-sender also does > the call ahead. > > Mike > Milter-ahead checks to see if the email can be delivered to the recipient before sendmail accepts the message for delivery. Not normally needed on a mailhub but very useful on a pass-through gateway. Milter-sender attempts to verify that the sender's email address is in good standing by performing an SMTP callback to the MX server responsible for the sender's domain. Both are handy tools. There are many more useful milters available at http://www.milter.info/ Another one I'm about to test is milter-limit limits the number of messages by connecting client IP, from a sender, or to a recipient over a given time period. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- Bear in mind that milter-sender ALSO (optionally) performs the call-ahead function in addition to verifying the sender. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 17 18:42:46 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:14 2006 Subject: RV: RV: Problem with BayesDB? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ricardo Luis Cañavate wrote: > I still have two bayes_toks what is the only file that I would have, > bayes_toks since 13 ene have 675Mb and bayes_toks.new 278Mb. > > [root@servnozar bayes]# ls -ls > total 652384 > 4 -rw-rw-rw- 1 root apache 46 ene 17 18:59 bayes.lock > 4 -rw------- 1 root apache 1356 nov 23 08:55 bayes.mutex > 1148 -rw-rw---- 1 root apache 1335296 ene 13 12:28 bayes_seen > 461244 -rw-rw---- 1 root apache 677400576 ene 13 12:28 bayes_toks > 189984 -rw-rw---- 1 root apache 278929408 ene 17 19:00 > bayes_toks.new The bayes_toks.new is generated during the rebuild. then the old one is deleted and the new one is renamed. You should at least move it if you don't want to delete it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paal at NKI.NO Mon Jan 17 20:10:21 2005 From: paal at NKI.NO (Paal Hagerup) Date: Thu Jan 12 21:28:14 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi! After upgrading to 4.36.7 today we suddenly stopped receiving mail. Mail gets accepted by sendmail, MailScanner does spam checking and the virusscan starts. Everything looks ok in the log but the mail just dissappears. Turning off virusscanning results inn mail being delivered again. Inn MailScanner.conf we use the following settings: Spam Actions = /etc/MailScanner/rules/spam.actions.conf Non Spam Actions = /etc/MailScanner/rules/nonspam.actions.conf After turning virusscanning on and setting these to store deliver and deliver everything works. In short: Virus Scanning = yes and (Non) Spam Actions = files results in no mail Virus Scanning = yes and (Non) Spam Actions = store deliver results in mail Virus Scanning = no and (Non) Spam Actions = store deliver or files results in mail Im not good at explaining but I hope some of you understand. Have I missed someting or is this a bug? Mailscanner is running on RH3. Paal H. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Mon Jan 17 20:15:25 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:14 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Gutlon wrote: >Chris: > >If you are dealing with a manageable and fairly stable >list of users another option is to control this via >sendmail's access.db file. Works great for us smaller >guys :) > >The following convention was suggested by someone on >this list awhile back which we implemented quite >successfully: > >TO:username1@yourdomain.com RELAY >TO:username2@yourdomain.com RELAY >TO:yourdomain.com ERROR:5.1.1:550 User >unknown > >The above will accept mail for valid users and reject >all unknowns before the mail is passed to MailScanner. >This cut back on a huge amount of overhead for us. The >last line could be changed from ERROR to DISCARD if >you wanted the unknowns to hit the bit bucket. > >One caveat ... if you use the above you have to >account for all aliases access file including misc. >items such as postmaster, abuse, etc. > >Just some food for thought ... > > Rick, That is a really interesting option. I haven't been able to find anything in the sendmail documentation that gives "TO:" as an option, although there is a ton of documentation and perhaps I missed it. Do I need to rebuild the map file after doing this? Can you provide a web link that will give further details, as I googled unsuccessfully because one cannot use "to" as a seach word. Thanks, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Jan 17 20:30:40 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:14 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fractal IT Dept. wrote: > That is a really interesting option. I haven't been able to find > anything in the sendmail documentation that gives "TO:" as an option, > although there is a ton of documentation and perhaps I missed it. Do I > need to rebuild the map file after doing this? Can you provide a web > link that will give further details, as I googled unsuccessfully because > one cannot use "to" as a seach word. Check this out: http://sendmail.org/m4/anti_spam.html#access_db_fine -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jan 17 20:34:00 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:14 2006 Subject: Reject emails to nonexistent addresses? Message-ID: http://www.sendmail.org/~ca/email/chk-810.html -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Fractal IT Dept. Sent: Monday, January 17, 2005 2:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Reject emails to nonexistent addresses? Rick Gutlon wrote: >Chris: > >If you are dealing with a manageable and fairly stable list of users >another option is to control this via sendmail's access.db file. Works >great for us smaller guys :) > >The following convention was suggested by someone on this list awhile >back which we implemented quite >successfully: > >TO:username1@yourdomain.com RELAY >TO:username2@yourdomain.com RELAY >TO:yourdomain.com ERROR:5.1.1:550 User >unknown > >The above will accept mail for valid users and reject all unknowns >before the mail is passed to MailScanner. >This cut back on a huge amount of overhead for us. The last line could >be changed from ERROR to DISCARD if you wanted the unknowns to hit the >bit bucket. > >One caveat ... if you use the above you have to account for all aliases >access file including misc. >items such as postmaster, abuse, etc. > >Just some food for thought ... > > Rick, That is a really interesting option. I haven't been able to find anything in the sendmail documentation that gives "TO:" as an option, although there is a ton of documentation and perhaps I missed it. Do I need to rebuild the map file after doing this? Can you provide a web link that will give further details, as I googled unsuccessfully because one cannot use "to" as a seach word. Thanks, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Mon Jan 17 20:34:34 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:14 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I tried to subscribe to the list, but it wouldnt let me post to it. Anyway if you could help me out with this one i would be forever greatful. I keep getting the error postfix: Process did not exit cleanly, returned 255 with signal 0 when i tail the messages log, it does not show up in the mailscanner log at all, I only noticed this error because i added a new filtering server, because we have a high volume of mail, and the new server runs much slower than the older one. I thought this was strange so i tailed the messages log and saw this. This does not happen on the older server, i tried to look the error up online, but it seems im the only person in the world having this issue. Rocky McCamey West Coast Internet ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 20:54:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] "files" is not a valid spam action. Paal Hagerup wrote: >Hi! > >After upgrading to 4.36.7 today we suddenly stopped receiving mail. > >Mail gets accepted by sendmail, MailScanner does spam checking and the >virusscan starts. Everything looks ok in the log but the mail just >dissappears. > >Turning off virusscanning results inn mail being delivered again. > >Inn MailScanner.conf we use the following settings: >Spam Actions = /etc/MailScanner/rules/spam.actions.conf >Non Spam Actions = /etc/MailScanner/rules/nonspam.actions.conf > >After turning virusscanning on and setting these to store deliver and deliver >everything works. > >In short: >Virus Scanning = yes >and >(Non) Spam Actions = files >results in no mail > >Virus Scanning = yes >and >(Non) Spam Actions = store deliver >results in mail > >Virus Scanning = no >and >(Non) Spam Actions = store deliver or files >results in mail > >Im not good at explaining but I hope some of you understand. > >Have I missed someting or is this a bug? > >Mailscanner is running on RH3. > >Paal H. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paal at NKI.NO Mon Jan 17 20:49:44 2005 From: paal at NKI.NO (Paal Hagerup) Date: Thu Jan 12 21:28:14 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, what I mean is , setting the parameters to an external file. Ex. /etc/MailScanner/rules/nonspam.action.conf and /etc/MailScanner/rules/spam.action.conf. Just tried to save som space :) Paal H. Quoting Julian Field : > "files" is not a valid spam action. > > Paal Hagerup wrote: > > >Hi! > > > >After upgrading to 4.36.7 today we suddenly stopped receiving mail. > > > >Mail gets accepted by sendmail, MailScanner does spam checking and the > >virusscan starts. Everything looks ok in the log but the mail just > >dissappears. > > > >Turning off virusscanning results inn mail being delivered again. > > > >Inn MailScanner.conf we use the following settings: > >Spam Actions = /etc/MailScanner/rules/spam.actions.conf > >Non Spam Actions = /etc/MailScanner/rules/nonspam.actions.conf > > > >After turning virusscanning on and setting these to store deliver and > deliver > >everything works. > > > >In short: > >Virus Scanning = yes > >and > >(Non) Spam Actions = files > >results in no mail > > > >Virus Scanning = yes > >and > >(Non) Spam Actions = store deliver > >results in mail > > > >Virus Scanning = no > >and > >(Non) Spam Actions = store deliver or files > >results in mail > > > >Im not good at explaining but I hope some of you understand. > > > >Have I missed someting or is this a bug? > > > >Mailscanner is running on RH3. > > > >Paal H. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Jan 17 21:09:53 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:14 2006 Subject: How to add to the whitelist Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Happy Birthday Julian I need to allow some mail that is being stopped through. It is only oine address at the moment but I am sure it will become more. Is there an easy way to do this? Thanks guys Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 21:24:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What happens if you call the rules files a name that ends in .rule or .rules ? It's also normally written as Non Spam Actions = Paal Hagerup wrote: >Sorry, what I mean is , setting the parameters to an external file. Ex. >/etc/MailScanner/rules/nonspam.action.conf and >/etc/MailScanner/rules/spam.action.conf. Just tried to save som space :) > >Paal H. > >Quoting Julian Field : > > > >>"files" is not a valid spam action. >> >>Paal Hagerup wrote: >> >> >> >>>Hi! >>> >>>After upgrading to 4.36.7 today we suddenly stopped receiving mail. >>> >>>Mail gets accepted by sendmail, MailScanner does spam checking and the >>>virusscan starts. Everything looks ok in the log but the mail just >>>dissappears. >>> >>>Turning off virusscanning results inn mail being delivered again. >>> >>>Inn MailScanner.conf we use the following settings: >>>Spam Actions = /etc/MailScanner/rules/spam.actions.conf >>>Non Spam Actions = /etc/MailScanner/rules/nonspam.actions.conf >>> >>>After turning virusscanning on and setting these to store deliver and >>> >>> >>deliver >> >> >>>everything works. >>> >>>In short: >>>Virus Scanning = yes >>>and >>>(Non) Spam Actions = files >>>results in no mail >>> >>>Virus Scanning = yes >>>and >>>(Non) Spam Actions = store deliver >>>results in mail >>> >>>Virus Scanning = no >>>and >>>(Non) Spam Actions = store deliver or files >>>results in mail >>> >>>Im not good at explaining but I hope some of you understand. >>> >>>Have I missed someting or is this a bug? >>> >>>Mailscanner is running on RH3. >>> >>>Paal H. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > > >---------------------------------------------------------------- >This message was sent using IMP, the Internet Messaging Program. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgutlon at yahoo.com Mon Jan 17 21:23:36 2005 From: rgutlon at yahoo.com (Rick Gutlon) Date: Thu Jan 12 21:28:14 2006 Subject: Reject emails to nonexistent addresses? Message-ID: Chris: Yes ... you will need to rebuild the access file after editing with a command similar to: makemap hash /etc/mail/access < /etc/mail/access I see others have provided a link to some documentation. Rick --- "Fractal IT Dept." wrote: > Do I need to rebuild the map file after doing this? __________________________________ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 21:29:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: How to add to the whitelist Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Happy Birthday Julian Thanks! > I need to allow some mail that is being stopped through. > It is only oine address at the moment but I am sure it will become more. > Is there an easy way to do this? All depends on how you have quarantined it. If as raw queue files then just drop the files into the outgoing queue. If not, but you have the whole message, then tell your mta to deliver the message. If you only have the attachments you will have to construct a new message around them. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 21:34:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: How to add to the whitelist Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Lance Haig wrote: > >> Happy Birthday Julian > > > Thanks! > >> I need to allow some mail that is being stopped through. >> It is only oine address at the moment but I am sure it will become more. >> Is there an easy way to do this? > > > All depends on how you have quarantined it. If as raw queue files then > just drop the files into the outgoing queue. If not, but you have the > whole message, then tell your mta to deliver the message. If you only > have the attachments you will have to construct a new message around > them. Make sure your "Is Definitely Not Spam" setting points to a ruleset file and put From: user@address.com yes FromOrTo: default no to the file and reload MailScanner. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Mon Jan 17 21:36:13 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:28:14 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This can all be done from your virtusertable file. While we do use the access.db to control relay, we control the nonexistant users from the virtusertable. Here is an example: joe@domain1.com joe john@domain1.com john webmaster@domain1.com john postmaster@domain1.com john @domain1.com error:5.7.0:550 Address Is Not Valid rick@domain2.com rick jeff@domain2.com jeff webmaster@domain2.com jeff @domain2.com error:5.7.0:550 Address Is Not Valid Feel free to email me off list if you need any help. Tracy Greggs ----- Original Message ----- From: "Rick Gutlon" To: Sent: Monday, January 17, 2005 11:25 AM Subject: Re: Reject emails to nonexistent addresses? > Chris: > > If you are dealing with a manageable and fairly stable > list of users another option is to control this via > sendmail's access.db file. Works great for us smaller > guys :) > > The following convention was suggested by someone on > this list awhile back which we implemented quite > successfully: > > TO:username1@yourdomain.com RELAY > TO:username2@yourdomain.com RELAY > TO:yourdomain.com ERROR:5.1.1:550 User > unknown > > The above will accept mail for valid users and reject > all unknowns before the mail is passed to MailScanner. > This cut back on a huge amount of overhead for us. The > last line could be changed from ERROR to DISCARD if > you wanted the unknowns to hit the bit bucket. > > One caveat ... if you use the above you have to > account for all aliases access file including misc. > items such as postmaster, abuse, etc. > > Just some food for thought ... > > --- "Fractal IT Dept." wrote: > > > Is there an easy way of somehow rejecting emails > destined to nonexistent addresses before they are > processed by MailScanner? > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - Find what you need with new enhanced search. > http://info.mail.yahoo.com/mail_250 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paal at NKI.NO Mon Jan 17 21:34:51 2005 From: paal at NKI.NO (Paal Hagerup) Date: Thu Jan 12 21:28:14 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] YES, it works! I worked with .conf i 4.35, is this a recent change? I have tested with other filenames and files that does not exist. MailScanner never complain and the mail just dissappear. Thanks for the help! Paal H. Quoting Julian Field : > What happens if you call the rules files a name that ends in .rule or > .rules ? > > It's also normally written as > Non Spam Actions = > > Paal Hagerup wrote: > > >Sorry, what I mean is , setting the parameters to an external file. > Ex. > >/etc/MailScanner/rules/nonspam.action.conf and > >/etc/MailScanner/rules/spam.action.conf. Just tried to save som space :) > > > >Paal H. > > > >Quoting Julian Field : > > > > > > > >>"files" is not a valid spam action. > >> > >>Paal Hagerup wrote: > >> > >> > >> > >>>Hi! > >>> > >>>After upgrading to 4.36.7 today we suddenly stopped receiving mail. > >>> > >>>Mail gets accepted by sendmail, MailScanner does spam checking and the > >>>virusscan starts. Everything looks ok in the log but the mail just > >>>dissappears. > >>> > >>>Turning off virusscanning results inn mail being delivered again. > >>> > >>>Inn MailScanner.conf we use the following settings: > >>>Spam Actions = /etc/MailScanner/rules/spam.actions.conf > >>>Non Spam Actions = /etc/MailScanner/rules/nonspam.actions.conf > >>> > >>>After turning virusscanning on and setting these to store deliver and > >>> > >>> > >>deliver > >> > >> > >>>everything works. > >>> > >>>In short: > >>>Virus Scanning = yes > >>>and > >>>(Non) Spam Actions = files > >>>results in no mail > >>> > >>>Virus Scanning = yes > >>>and > >>>(Non) Spam Actions = store deliver > >>>results in mail > >>> > >>>Virus Scanning = no > >>>and > >>>(Non) Spam Actions = store deliver or files > >>>results in mail > >>> > >>>Im not good at explaining but I hope some of you understand. > >>> > >>>Have I missed someting or is this a bug? > >>> > >>>Mailscanner is running on RH3. > >>> > >>>Paal H. > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > > > > > > > >---------------------------------------------------------------- > >This message was sent using IMP, the Internet Messaging Program. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 17 22:04:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I did have to change the functionality of the checks for the "Actions" keywords in order to provide support for the "add arbitrary headers" functionality. This affects how it can work out what you meant in the Actions list, and so it can't deduce that you meant a rules file unless you end it in .rule or .rules. After all, what's the difference between Spam Actions = header X-spam.actions.conf and Spam Actions = X-spam.actions.conf It's hard to separate these automatically. So you now have to put .rule or .rules on the end of the rules filename so it can work out what is going on. Sorry about that. Paal Hagerup wrote: >YES, it works! > >I worked with .conf i 4.35, is this a recent change? > >I have tested with other filenames and files that does not exist. MailScanner >never complain and the mail just dissappear. > >Thanks for the help! > >Paal H. > >Quoting Julian Field : > > > >>What happens if you call the rules files a name that ends in .rule or >>.rules ? >> >>It's also normally written as >>Non Spam Actions = >> >>Paal Hagerup wrote: >> >> >> >>>Sorry, what I mean is , setting the parameters to an external file. >>> >>> >>Ex. >> >> >>>/etc/MailScanner/rules/nonspam.action.conf and >>>/etc/MailScanner/rules/spam.action.conf. Just tried to save som space :) >>> >>>Paal H. >>> >>>Quoting Julian Field : >>> >>> >>> >>> >>> >>>>"files" is not a valid spam action. >>>> >>>>Paal Hagerup wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Hi! >>>>> >>>>>After upgrading to 4.36.7 today we suddenly stopped receiving mail. >>>>> >>>>>Mail gets accepted by sendmail, MailScanner does spam checking and the >>>>>virusscan starts. Everything looks ok in the log but the mail just >>>>>dissappears. >>>>> >>>>>Turning off virusscanning results inn mail being delivered again. >>>>> >>>>>Inn MailScanner.conf we use the following settings: >>>>>Spam Actions = /etc/MailScanner/rules/spam.actions.conf >>>>>Non Spam Actions = /etc/MailScanner/rules/nonspam.actions.conf >>>>> >>>>>After turning virusscanning on and setting these to store deliver and >>>>> >>>>> >>>>> >>>>> >>>>deliver >>>> >>>> >>>> >>>> >>>>>everything works. >>>>> >>>>>In short: >>>>>Virus Scanning = yes >>>>>and >>>>>(Non) Spam Actions = files >>>>>results in no mail >>>>> >>>>>Virus Scanning = yes >>>>>and >>>>>(Non) Spam Actions = store deliver >>>>>results in mail >>>>> >>>>>Virus Scanning = no >>>>>and >>>>>(Non) Spam Actions = store deliver or files >>>>>results in mail >>>>> >>>>>Im not good at explaining but I hope some of you understand. >>>>> >>>>>Have I missed someting or is this a bug? >>>>> >>>>>Mailscanner is running on RH3. >>>>> >>>>>Paal H. >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>>Professional Support Services at www.MailScanner.biz >>>>MailScanner thanks transtec Computers for their support >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> >>> >>>---------------------------------------------------------------- >>>This message was sent using IMP, the Internet Messaging Program. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > > >---------------------------------------------------------------- >This message was sent using IMP, the Internet Messaging Program. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Jan 17 23:07:16 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:14 2006 Subject: How to add to the whitelist Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, The message gets tagged with the following Other Bad Content Detected So it does not class as spam. This is a mailing list for a football club so shouldnt be malicious How would I allow this? Thanks Lance > Julian Field wrote: > >> Lance Haig wrote: >> >>> Happy Birthday Julian >> >> >> Thanks! >> >>> I need to allow some mail that is being stopped through. >>> It is only oine address at the moment but I am sure it will become >>> more. >>> Is there an easy way to do this? >> >> >> All depends on how you have quarantined it. If as raw queue files then >> just drop the files into the outgoing queue. If not, but you have the >> whole message, then tell your mta to deliver the message. If you only >> have the attachments you will have to construct a new message around >> them. > > Make sure your "Is Definitely Not Spam" setting points to a ruleset file > and put > From: user@address.com yes > FromOrTo: default no > to the file and reload MailScanner. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.thomas at PSYSOLUTIONS.COM Mon Jan 17 23:05:59 2005 From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas) Date: Thu Jan 12 21:28:14 2006 Subject: New advertising flyer Message-ID: Julian Field wrote: > We have just finished a new advertising "flyer" sheet to help promote > MailScanner. Please feel free to print this out and give it to anyone > who might have an interest in MailScanner, or any of your clients to > whom you would like to sell a MailScanner-based service. Mail it to ten of your friends within 24 hours and remember, don't break the chain!!! Rich -- MIS Department | |Phone: +1 615 312 5787 840 Crescent Ctr Dr | Psychiatric Solutions Inc |Fax: +1 615 312 5711 Suite 460 | | Franklin, TN 37067 | | ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From cslyon at gmail.com Mon Jan 17 23:19:18 2005 From: cslyon at gmail.com (Chris Lyon) Date: Thu Jan 12 21:28:14 2006 Subject: Problem with Bayes DB lock files Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have been seeing the same thing. The FAQ really didn't help. I am running the same thing but with SA 3.0.2. Clear the lock files and the entire databases./etc/MailScanner/bayes & /root/.spamassassin. It will run for about 10 minutes and everything will be good then mail will start to stack up. Once it stacks up I turn on debug and get this: debug: lock: 4079 created /etc/MailScanner/bayes/bayes.lock..com.4079 debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 0 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 1 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 2 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 3 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 4 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 5 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 6 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 7 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 8 retries debug: lock: 4079 trying to get lock on /etc/MailScanner/bayes/bayes with 9 retries Cannot open bayes databases /etc/MailScanner/bayes/bayes_* R/W: lock failed: File exists This happens for every message. It will keep doing this until I do something with the lock files and the bayes databases. So, I deleted the entire spam database, both /etc/MailScanner/bayes/* and /root/.spamassassin/*. That seems to work every time but give it about 5 minutes then it will start back up again. Give it about 5 min and the lock files start to show and mail stops flowing. I try to do an sa-learn â^À^Óforce-expire and a restart MailScanner: Doesn't do anything. Delete the files then give it another try: It seems to work without for a few then goes back to the lock file issues. So, every 5-6 minutes this happens. Not sure what to do in this case but I am totally dead in the water. Can anybody shed some light on this? On Fri, 14 Jan 2005 20:01:24 +0000, Venkata Achanta wrote: > Greetings all, > > Our incoming mail queues are increasing and the problem relates back to > excessive lock files in the /etc/MailScanner/bayes which take forever to > expire. > > we have tried the proposed work around from the FAQ and are still having > the same problem.I exchanged couple e-mails with Peter Bonivart > (http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/303.html) about the > same. > > But we are curious to know what other people are doing to fix this issue > with SA. > > MailScanner version 4.35.11 > Spamassassin version 3.0.1 > > Any ideas/fixes/suggestions ? > > Thanks > Venkata Achanta > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 18 00:18:05 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:14 2006 Subject: Problem with Bayes DB lock files Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Lyon wrote: > I have been seeing the same thing. The FAQ really didn't help. I am > running the same thing but with SA 3.0.2. > > Clear the lock files and the entire databases./etc/MailScanner/bayes & > /root/.spamassassin. It will run for about 10 minutes and everything > will be good then mail will start to stack up. Once it stacks up I > turn on debug and get this: The FAQ entry was written by me since I at that time had problems running Bayes for a long time, but we're talking weeks or months in my case. Your Bayes seems broken from start, that's different. Your first step is to run without Bayes to deliver some mail, if you got all the SURBL lists working it shouldn't hurt you that much not having Bayes. If you stop the mail flow and type "spamassassin -D --lint", do you get errors? If you clean your Bayes directory and test again, what do you get then? What does "sa-learn --dump=magic" show? Do you have version 3? You might have a Perl module problem here. I'm not familiar with the SA code but maybe Matt Kettler on this list can help. But disable Bayes until you have found the reason for this problem. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cslyon at gmail.com Tue Jan 18 01:30:31 2005 From: cslyon at gmail.com (Chris Lyon) Date: Thu Jan 12 21:28:14 2006 Subject: Problem with Bayes DB lock files Message-ID: On Tue, 18 Jan 2005 01:18:05 +0100, Peter Bonivart wrote: > Chris Lyon wrote: > > I have been seeing the same thing. The FAQ really didn't help. I am > > running the same thing but with SA 3.0.2. > > > > Clear the lock files and the entire databases./etc/MailScanner/bayes & > > /root/.spamassassin. It will run for about 10 minutes and everything > > will be good then mail will start to stack up. Once it stacks up I > > turn on debug and get this: > > The FAQ entry was written by me since I at that time had problems > running Bayes for a long time, but we're talking weeks or months in my > case. Your Bayes seems broken from start, that's different. > > Your first step is to run without Bayes to deliver some mail, if you got > all the SURBL lists working it shouldn't hurt you that much not having > Bayes. > > If you stop the mail flow and type "spamassassin -D --lint", do you get > errors? If you clean your Bayes directory and test again, what do you > get then? What does "sa-learn --dump=magic" show? Do you have version 3? Here is an error that I found and it is also below: bayes: no dbs present, Here is the dump=magic: sa-learn --dump=magic -D debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? no debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/11_gentoo.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/._cfg0000_local.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/subject.cf debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8526ed0) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8aa0154) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8a7c564) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8526ed0) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8aa0154) implements 'parse_config' debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: Score set 0 chosen. debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks ERROR: Bayes dump returned an error, please re-run with -D for more information > > You might have a Perl module problem here. I'm not familiar with the SA > code but maybe Matt Kettler on this list can help. > > But disable Bayes until you have found the reason for this problem. > > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Tue Jan 18 09:01:47 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:14 2006 Subject: RV: RV: Problem with BayesDB? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 17 Jan 2005, [iso-8859-1] Ricardo Luis Cañavate wrote: > I still have two bayes_toks what is the only file that I would have, > bayes_toks since 13 ene have 675Mb and bayes_toks.new 278Mb. > > [root@servnozar bayes]# ls -ls > total 652384 > 4 -rw-rw-rw- 1 root apache 46 ene 17 18:59 bayes.lock > 4 -rw------- 1 root apache 1356 nov 23 08:55 bayes.mutex > 1148 -rw-rw---- 1 root apache 1335296 ene 13 12:28 bayes_seen > 461244 -rw-rw---- 1 root apache 677400576 ene 13 12:28 bayes_toks > 189984 -rw-rw---- 1 root apache 278929408 ene 17 19:00 > bayes_toks.new Your 677MB "bayes_toks" looks very large. (On our own main machines it is around 10-12MB, on a lighter machine around 6MB.) My guess is that it is somehow bad. Certainly, any rebuild will take a long time, simply shuffling that vast quantity of data on the disk. Also the ".new" extension looks odd. From memory that corresponds to around version 2.50 of SA. I had thought (but I may be wrong) that around SA 2.62, this filename pattern was changed to the ".expire*" with which this email discussion started. I don't recall seeing both ".expire*" and ".new" extensions in a single SA installation. It might be worth starting again, either simply clearing out those files (and, if resonably possible, feeding it some known ham and spam), or applying one of the "Bayes Starter DB" kindly offered by Steve Swaney of FSL: http://www.fsl.com/support/ Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pz at CHRIST-NET.SK Tue Jan 18 08:34:38 2005 From: pz at CHRIST-NET.SK (Peter Zimen) Date: Thu Jan 12 21:28:14 2006 Subject: testvirus.org #25 Message-ID: Hello, where i have bad setting, when test Test #25 is failed - bad content is delivered... __ S pozdravom Peter Zimen PGP Fingerprint: 69BA B78B 7455 9D61 F7D8 48C4 ADBA 2A61 2000 F599 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 18 09:52:50 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:14 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, January 17, 2005 20:34, Rocky McCamey said: > I tried to subscribe to the list, but it wouldnt let me post to it. > Anyway if you could help me out with this one i would be forever > greatful. I keep getting the error postfix: Process did not exit > cleanly, returned 255 with signal 0 when i tail the messages log, it > does not show up in the mailscanner log at all, I only noticed this > error because i added a new filtering server, because we have a high > volume of mail, and the new server runs much slower than the older one. > I thought this was strange so i tailed the messages log and saw this. > This does not happen on the older server, i tried to look the error up > online, but it seems im the only person in the world having this issue. Could you post some logs around this exit error (Particularly before it). I'm sure that will give more clues. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 18 10:00:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:14 2006 Subject: Sophos and multi volume archives Message-ID: Joseph there a line in MailScanner.conf.. Allowed Sophos Error Messages = "corrupt", "format not supported" Amend this so it's got the appropriate error message in it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Joseph Watson wrote: > I am running > Mandrake 10.0 > MailScanner > Sophos > DrWeb > F-prot > > I just recently tried to send a multi volume archive zip file that I created > with WinZip "Split" function. Sophos picked this up and returned the > following message: (part of multi volume archive). So it was blocked. I > could not find a way to control this behavior with Sophos, so I had to turn > off Sophos to get this email through (I had to get just this one out). Does > anyone know if this is controllable?? > > This brings up a question thought. How can you allow emails with multi > volume archives but still protect yourself from possible bad guys using this > method?? > > Any thoughts? > > - Regards > > Joseph Watson > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Tue Jan 18 10:08:53 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:14 2006 Subject: testvirus.org #25 Message-ID: > Hello, > where i have bad setting, when test Test #25 is failed - bad content > is delivered... > I've no idea what Test #25 does, but Julian has posted on numerous occassions about this - ignore these things. They are designed by vendors to show how great their own software is. Just because mail "fails" a test does not mean that your system is insecure. NB: I have no idea what test #25 is Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 18 13:27:11 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:14 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: Sorry for me to be late.. was ill Soo.. haaaaapppyyy Birthday from Germany Julian :) Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 18 13:40:55 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:14 2006 Subject: Mails do slip through MS.. Message-ID: Hi there, somehow some mails do slip through, but in the logfiles it seems that MS scannes them. But then SpamAssassin reports these Mails as spam or some virusscanners on the client-side report these mails to be infected. After checking those mails, and look through the Mail-Log, all i found was this: Jan 18 01:15:32 mail sendmail-in[24308]: j0I0FUBP024308: from=, size=1491, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=28.255-0.172.63.66.in-addr.arpa [66.63.172.28] (may be forged) Jan 18 01:15:33 mail MailScanner[22054]: New Batch: Scanning 1 messages, 2043 bytes Jan 18 01:15:33 mail MailScanner[22054]: Spam Checks: Starting Jan 18 01:15:36 mail MailScanner[22054]: Virus and Content Scanning: Starting Jan 18 01:15:37 mail MailScanner[22054]: Uninfected: Delivered 1 messages Jan 18 01:15:37 mail MailScanner[22054]: MailScanner child dying of old age Jan 18 01:15:37 mail MailScanner[24333]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 18 01:15:41 mail MailScanner[24333]: Using locktype = posix Jan 18 01:15:41 mail MailScanner[24333]: Creating hardcoded struct_flock subroutine for linux (Linux-type) it seems that MS says in the log it is checking the mail, but the mail does not contain the MS-Headers. After checking against other not scanned mails, this only happens if the mail was received as MS dies of "old age". Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 13:47:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Mails do slip through MS.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check your file locking. What version of Sendmail are you using, and on what version of what OS on what architecture? Marcel Blenkers wrote: >Hi there, > >somehow some mails do slip through, but in the logfiles it seems that MS >scannes them. > >But then SpamAssassin reports these Mails as spam or some virusscanners on >the client-side report these mails to be infected. > >After checking those mails, and look through the Mail-Log, all i found was >this: > >Jan 18 01:15:32 mail sendmail-in[24308]: j0I0FUBP024308: >from=, size=1491, class=0, nrcpts=1, >msgid=, proto=SMTP, daemon=MTA, >relay=28.255-0.172.63.66.in-addr.arpa [66.63.172.28] (may be forged) >Jan 18 01:15:33 mail MailScanner[22054]: New Batch: Scanning 1 messages, >2043 bytes >Jan 18 01:15:33 mail MailScanner[22054]: Spam Checks: Starting >Jan 18 01:15:36 mail MailScanner[22054]: Virus and Content Scanning: >Starting >Jan 18 01:15:37 mail MailScanner[22054]: Uninfected: Delivered 1 messages >Jan 18 01:15:37 mail MailScanner[22054]: MailScanner child dying of old >age >Jan 18 01:15:37 mail MailScanner[24333]: MailScanner E-Mail Virus Scanner >version 4.37.7 starting... >Jan 18 01:15:41 mail MailScanner[24333]: Using locktype = posix >Jan 18 01:15:41 mail MailScanner[24333]: Creating hardcoded struct_flock >subroutine for linux (Linux-type) > > >it seems that MS says in the log it is checking the mail, but the mail >does not contain the MS-Headers. >After checking against other not scanned mails, this only happens if the >mail was received as MS dies of "old age". > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 18 13:52:21 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'd would like to have a way of "disarming" phishing frauds from the e-mail instead of warning the user about it. Could it be done? Something like removing the from the e-mail, disabling the fraud. Even warning my users, some of them open the link. Maybe because they're curious about it... Is it possible? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 14:03:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I purposely didn't do that as there is an inevitable false alarm rate. I don't even tag the Subject: line. Having a valid (false positive) link removed would annoy my users very quickly! Roger Jochem wrote: >I'd would like to have a way of "disarming" phishing frauds from the e-mail >instead of warning the user about it. Could it be done? Something like >removing the from the e-mail, disabling the fraud. Even warning >my users, some of them open the link. Maybe because they're curious about >it... Is it possible? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Tue Jan 18 14:25:28 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: Julian, I think a possible solution could be to include a "phishing whitelist", not quite sure how the concept would work yet as I'm thinking aloud a little. This would allow a disarm action to be used as I suspect if your users are broadly like mine, the complaints are likely to be from a small group of mailing list users and those mails could be whitelisted around the phishing code? Thoughts? Julian Field wrote: > I purposely didn't do that as there is an inevitable false alarm > rate. I don't even tag the Subject: line. Having a valid (false > positive) link removed would annoy my users very quickly! > > Roger Jochem wrote: > >> I'd would like to have a way of "disarming" phishing frauds from the >> e-mail instead of warning the user about it. Could it be done? >> Something like removing the from the e-mail, disabling >> the fraud. Even warning my users, some of them open the link. Maybe >> because they're curious about it... Is it possible? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 18 14:40:01 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This would work too. In my case I'd let the whitelist empty, and all phishing would be disarmed... ----- Original Message ----- From: "Pentland G." To: Sent: Tuesday, January 18, 2005 12:25 PM Subject: Re: Feature Request: Phishing > Julian, > > I think a possible solution could be to include a "phishing whitelist", > not quite sure how the concept would work yet as I'm thinking aloud a > little. > > This would allow a disarm action to be used as I suspect if your users > are broadly like mine, the complaints are likely to be from a small > group of mailing list users and those mails could be whitelisted around > the phishing code? > > Thoughts? > > Julian Field wrote: > > I purposely didn't do that as there is an inevitable false alarm > > rate. I don't even tag the Subject: line. Having a valid (false > > positive) link removed would annoy my users very quickly! > > > > Roger Jochem wrote: > > > >> I'd would like to have a way of "disarming" phishing frauds from the > >> e-mail instead of warning the user about it. Could it be done? > >> Something like removing the from the e-mail, disabling > >> the fraud. Even warning my users, some of them open the link. Maybe > >> because they're curious about it... Is it possible? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 18 14:39:02 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Even so, the link would disapear, but the address (the real one) don't. If the user really wants to access it, it could be done simply by cutting and pasting the address in the browser... And would be an option. "Disarm", "Allert", or "No" would be the options... No - Would not look for the frauds Allert - Would work like today Disarm - Would be the new option ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 18, 2005 12:03 PM Subject: Re: Feature Request: Phishing > I purposely didn't do that as there is an inevitable false alarm rate. I > don't even tag the Subject: line. Having a valid (false positive) link > removed would annoy my users very quickly! > > Roger Jochem wrote: > > >I'd would like to have a way of "disarming" phishing frauds from the e-mail > >instead of warning the user about it. Could it be done? Something like > >removing the from the e-mail, disabling the fraud. Even warning > >my users, some of them open the link. Maybe because they're curious about > >it... Is it possible? > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 14:40:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can already do this with a ruleset based on the sender's email address. But the whitelist for this really needs to be URL-based, not email address-based, agreed. I'll take a look into providing a whitelist for the URL's that are checked in the phishing net. It would indeed come in very handy. I could whitelist e-mail.egg.com! Pentland G. wrote: >Julian, > >I think a possible solution could be to include a "phishing whitelist", >not quite sure how the concept would work yet as I'm thinking aloud a >little. > >This would allow a disarm action to be used as I suspect if your users >are broadly like mine, the complaints are likely to be from a small >group of mailing list users and those mails could be whitelisted around >the phishing code? > >Thoughts? > >Julian Field wrote: > > >>I purposely didn't do that as there is an inevitable false alarm >>rate. I don't even tag the Subject: line. Having a valid (false >>positive) link removed would annoy my users very quickly! >> >>Roger Jochem wrote: >> >> >> >>>I'd would like to have a way of "disarming" phishing frauds from the >>>e-mail instead of warning the user about it. Could it be done? >>>Something like removing the from the e-mail, disabling >>>the fraud. Even warning my users, some of them open the link. Maybe >>>because they're curious about it... Is it possible? >>> >>> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 14:45:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] But the user's mail client will display the address as a link. So you haven't gained anything much. Roger Jochem wrote: >Even so, the link would disapear, but the address (the real one) don't. If >the user really wants to access it, it could be done simply by cutting and >pasting the address in the browser... > >And would be an option. "Disarm", "Allert", or "No" would be the options... > >No - Would not look for the frauds >Allert - Would work like today >Disarm - Would be the new option > > > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Tuesday, January 18, 2005 12:03 PM >Subject: Re: Feature Request: Phishing > > > > >>I purposely didn't do that as there is an inevitable false alarm rate. I >>don't even tag the Subject: line. Having a valid (false positive) link >>removed would annoy my users very quickly! >> >>Roger Jochem wrote: >> >> >> >>>I'd would like to have a way of "disarming" phishing frauds from the >>> >>> >e-mail > > >>>instead of warning the user about it. Could it be done? Something like >>>removing the from the e-mail, disabling the fraud. Even >>> >>> >warning > > >>>my users, some of them open the link. Maybe because they're curious about >>>it... Is it possible? >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 18 14:49:57 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] But thats the real link... If the e-mail says access www.linux.com and it's a fraud, the is www.windows.com . If www.windows.com is removed, the real address (www.linux.com) would be accessible... Or not? ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 18, 2005 12:45 PM Subject: Re: Feature Request: Phishing > But the user's mail client will display the address as a link. So you > haven't gained anything much. > > Roger Jochem wrote: > > >Even so, the link would disapear, but the address (the real one) don't. If > >the user really wants to access it, it could be done simply by cutting and > >pasting the address in the browser... > > > >And would be an option. "Disarm", "Allert", or "No" would be the options... > > > >No - Would not look for the frauds > >Allert - Would work like today > >Disarm - Would be the new option > > > > > > > >----- Original Message ----- > >From: "Julian Field" > >To: > >Sent: Tuesday, January 18, 2005 12:03 PM > >Subject: Re: Feature Request: Phishing > > > > > > > > > >>I purposely didn't do that as there is an inevitable false alarm rate. I > >>don't even tag the Subject: line. Having a valid (false positive) link > >>removed would annoy my users very quickly! > >> > >>Roger Jochem wrote: > >> > >> > >> > >>>I'd would like to have a way of "disarming" phishing frauds from the > >>> > >>> > >e-mail > > > > > >>>instead of warning the user about it. Could it be done? Something like > >>>removing the from the e-mail, disabling the fraud. Even > >>> > >>> > >warning > > > > > >>>my users, some of them open the link. Maybe because they're curious about > >>>it... Is it possible? > >>> > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 15:10:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm still wary, as you are teaching users it is always safe to click on a link in an email address. Short-term that's good, but I'm not so convinced about the long-term wisdom of this. But as an option (particularly as a "default") it would be okay I guess. How about we combine these 2 threads that really have the same subject as well as the same Subject: ? Roger Jochem wrote: >But thats the real link... > >If the e-mail says > >access www.linux.com and it's a fraud, the is www.windows.com . If >www.windows.com is removed, the real address (www.linux.com) would be >accessible... Or not? > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Tuesday, January 18, 2005 12:45 PM >Subject: Re: Feature Request: Phishing > > > > >>But the user's mail client will display the address as a link. So you >>haven't gained anything much. >> >>Roger Jochem wrote: >> >> >> >>>Even so, the link would disapear, but the address (the real one) don't. >>> >>> >If > > >>>the user really wants to access it, it could be done simply by cutting >>> >>> >and > > >>>pasting the address in the browser... >>> >>>And would be an option. "Disarm", "Allert", or "No" would be the >>> >>> >options... > > >>>No - Would not look for the frauds >>>Allert - Would work like today >>>Disarm - Would be the new option >>> >>> >>> >>>----- Original Message ----- >>>From: "Julian Field" >>>To: >>>Sent: Tuesday, January 18, 2005 12:03 PM >>>Subject: Re: Feature Request: Phishing >>> >>> >>> >>> >>> >>> >>>>I purposely didn't do that as there is an inevitable false alarm rate. I >>>>don't even tag the Subject: line. Having a valid (false positive) link >>>>removed would annoy my users very quickly! >>>> >>>>Roger Jochem wrote: >>>> >>>> >>>> >>>> >>>> >>>>>I'd would like to have a way of "disarming" phishing frauds from the >>>>> >>>>> >>>>> >>>>> >>>e-mail >>> >>> >>> >>> >>>>>instead of warning the user about it. Could it be done? Something like >>>>>removing the from the e-mail, disabling the fraud. Even >>>>> >>>>> >>>>> >>>>> >>>warning >>> >>> >>> >>> >>>>>my users, some of them open the link. Maybe because they're curious >>>>> >>>>> >about > > >>>>>it... Is it possible? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 15:13:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also, what happens when the real link is believable? There was one going around here for quite a while that actually went to www.ibarclays.co.uk which was actually a fake site. Without a dirty great warning, many people would have gone there anyway. Roger Jochem wrote: >But thats the real link... > >If the e-mail says > >access www.linux.com and it's a fraud, the is www.windows.com . If >www.windows.com is removed, the real address (www.linux.com) would be >accessible... Or not? > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Tuesday, January 18, 2005 12:45 PM >Subject: Re: Feature Request: Phishing > > > > >>But the user's mail client will display the address as a link. So you >>haven't gained anything much. >> >>Roger Jochem wrote: >> >> >> >>>Even so, the link would disapear, but the address (the real one) don't. >>> >>> >If > > >>>the user really wants to access it, it could be done simply by cutting >>> >>> >and > > >>>pasting the address in the browser... >>> >>>And would be an option. "Disarm", "Allert", or "No" would be the >>> >>> >options... > > >>>No - Would not look for the frauds >>>Allert - Would work like today >>>Disarm - Would be the new option >>> >>> >>> >>>----- Original Message ----- >>>From: "Julian Field" >>>To: >>>Sent: Tuesday, January 18, 2005 12:03 PM >>>Subject: Re: Feature Request: Phishing >>> >>> >>> >>> >>> >>> >>>>I purposely didn't do that as there is an inevitable false alarm rate. I >>>>don't even tag the Subject: line. Having a valid (false positive) link >>>>removed would annoy my users very quickly! >>>> >>>>Roger Jochem wrote: >>>> >>>> >>>> >>>> >>>> >>>>>I'd would like to have a way of "disarming" phishing frauds from the >>>>> >>>>> >>>>> >>>>> >>>e-mail >>> >>> >>> >>> >>>>>instead of warning the user about it. Could it be done? Something like >>>>>removing the from the e-mail, disabling the fraud. Even >>>>> >>>>> >>>>> >>>>> >>>warning >>> >>> >>> >>> >>>>>my users, some of them open the link. Maybe because they're curious >>>>> >>>>> >about > > >>>>>it... Is it possible? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jan 18 15:13:20 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:14 2006 Subject: Feature request: HTML Content Checks Message-ID: ulian Is it possible to add to the logged "Content Checks: Detected HTML-specific exploits in ..." messages the actual HTML exploit that caused the message? That is, I am asking for one of the strings "HTML-Iframe", "HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form" to be added as appropriate to the message. At present we only have info on IFrame exploits through the separate logging facility for that tag. I would like this additional info for the same reason you provided the IFrame logging - to identify the envelope-From address that may need to be added to the rules file to exempt that address from the actions normally applied to that exploit. Thanks Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 14:50:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would you need fancy things like regexp patterns and/or wildcards, or would simple website hostnames do? Website hostnames that I can look up in a hash will be *considerably* faster. Then the size of the list won't affect the time it takes to do a lookup. Checking everything like I do with a ruleset at the moment is very slow, especially if the list grew large. Do people want features or speed? Julian Field wrote: > You can already do this with a ruleset based on the sender's email > address. But the whitelist for this really needs to be URL-based, not > email address-based, agreed. > > I'll take a look into providing a whitelist for the URL's that are > checked in the phishing net. It would indeed come in very handy. I could > whitelist e-mail.egg.com! > > Pentland G. wrote: > >> Julian, >> >> I think a possible solution could be to include a "phishing whitelist", >> not quite sure how the concept would work yet as I'm thinking aloud a >> little. >> >> This would allow a disarm action to be used as I suspect if your users >> are broadly like mine, the complaints are likely to be from a small >> group of mailing list users and those mails could be whitelisted around >> the phishing code? >> >> Thoughts? >> >> Julian Field wrote: >> >> >>> I purposely didn't do that as there is an inevitable false alarm >>> rate. I don't even tag the Subject: line. Having a valid (false >>> positive) link removed would annoy my users very quickly! >>> >>> Roger Jochem wrote: >>> >>> >>> >>>> I'd would like to have a way of "disarming" phishing frauds from the >>>> e-mail instead of warning the user about it. Could it be done? >>>> Something like removing the from the e-mail, disabling >>>> the fraud. Even warning my users, some of them open the link. Maybe >>>> because they're curious about it... Is it possible? >>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 15:25:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature request: HTML Content Checks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is this okay? HTML-Object HTML-Script HTML-Form HTML-IFrame with the same log line format as the current log iframe tags gives you. I will remove the log iframe tags option and replace it with log html tags. Quentin Campbell wrote: >ulian > >Is it possible to add to the logged "Content Checks: Detected >HTML-specific exploits in ..." messages the actual HTML exploit that >caused the message? > >That is, I am asking for one of the strings "HTML-Iframe", >"HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form" to be added >as appropriate to the message. > >At present we only have info on IFrame exploits through the separate >logging facility for that tag. I would like this additional info for the >same reason you provided the IFrame logging - to identify the >envelope-From address that may need to be added to the rules file to >exempt that address from the actions normally applied to that exploit. > >Thanks > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Jan 18 15:38:49 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Would you need fancy things like regexp patterns and/or wildcards, or > would simple website hostnames do? Website hostnames that I can look up > in a hash will be *considerably* faster. Then the size of the list won't > affect the time it takes to do a lookup. Checking everything like I do > with a ruleset at the moment is very slow, especially if the list grew > large. I can't see a need for regexes. Simple wildcards (*.domain.com) would be more convenient but by no means essential, at least judging by the sample of phishing mail we get here. Or how about a wacky idea - an option to look the hostname up in a DNS-based whitelist, SURBL-style. For particularly large whitelists I expect the performance from a local rbldnsd server ought to be good enough. And to quote another message of yours: > How about we combine these 2 threads that really have the same subject > as well as the same Subject: ? How about it indeed - or rather how to go about it? Presumably we would need to append the References: from the other thread onto those from this one, but I can't see any way of doing that from within Thunderbird. John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 18 15:38:41 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't understand what you mean with: "How about we combine these 2 threads that really have the same subject as well as the same Subject: ?" ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 18, 2005 1:10 PM Subject: Re: Feature Request: Phishing > I'm still wary, as you are teaching users it is always safe to click on > a link in an email address. Short-term that's good, but I'm not so > convinced about the long-term wisdom of this. > > But as an option (particularly as a "default") it would be okay I guess. > > How about we combine these 2 threads that really have the same subject > as well as the same Subject: ? > > Roger Jochem wrote: > > >But thats the real link... > > > >If the e-mail says > > > >access www.linux.com and it's a fraud, the is www.windows.com . If > >www.windows.com is removed, the real address (www.linux.com) would be > >accessible... Or not? > > > >----- Original Message ----- > >From: "Julian Field" > >To: > >Sent: Tuesday, January 18, 2005 12:45 PM > >Subject: Re: Feature Request: Phishing > > > > > > > > > >>But the user's mail client will display the address as a link. So you > >>haven't gained anything much. > >> > >>Roger Jochem wrote: > >> > >> > >> > >>>Even so, the link would disapear, but the address (the real one) don't. > >>> > >>> > >If > > > > > >>>the user really wants to access it, it could be done simply by cutting > >>> > >>> > >and > > > > > >>>pasting the address in the browser... > >>> > >>>And would be an option. "Disarm", "Allert", or "No" would be the > >>> > >>> > >options... > > > > > >>>No - Would not look for the frauds > >>>Allert - Would work like today > >>>Disarm - Would be the new option > >>> > >>> > >>> > >>>----- Original Message ----- > >>>From: "Julian Field" > >>>To: > >>>Sent: Tuesday, January 18, 2005 12:03 PM > >>>Subject: Re: Feature Request: Phishing > >>> > >>> > >>> > >>> > >>> > >>> > >>>>I purposely didn't do that as there is an inevitable false alarm rate. I > >>>>don't even tag the Subject: line. Having a valid (false positive) link > >>>>removed would annoy my users very quickly! > >>>> > >>>>Roger Jochem wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>I'd would like to have a way of "disarming" phishing frauds from the > >>>>> > >>>>> > >>>>> > >>>>> > >>>e-mail > >>> > >>> > >>> > >>> > >>>>>instead of warning the user about it. Could it be done? Something like > >>>>>removing the from the e-mail, disabling the fraud. Even > >>>>> > >>>>> > >>>>> > >>>>> > >>>warning > >>> > >>> > >>> > >>> > >>>>>my users, some of them open the link. Maybe because they're curious > >>>>> > >>>>> > >about > > > > > >>>>>it... Is it possible? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 18 15:39:30 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Website hostnames would work fine for me... ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 18, 2005 12:50 PM Subject: Re: Feature Request: Phishing > Would you need fancy things like regexp patterns and/or wildcards, or > would simple website hostnames do? Website hostnames that I can look up > in a hash will be *considerably* faster. Then the size of the list won't > affect the time it takes to do a lookup. Checking everything like I do > with a ruleset at the moment is very slow, especially if the list grew > large. > > Do people want features or speed? > > Julian Field wrote: > > > You can already do this with a ruleset based on the sender's email > > address. But the whitelist for this really needs to be URL-based, not > > email address-based, agreed. > > > > I'll take a look into providing a whitelist for the URL's that are > > checked in the phishing net. It would indeed come in very handy. I could > > whitelist e-mail.egg.com! > > > > Pentland G. wrote: > > > >> Julian, > >> > >> I think a possible solution could be to include a "phishing whitelist", > >> not quite sure how the concept would work yet as I'm thinking aloud a > >> little. > >> > >> This would allow a disarm action to be used as I suspect if your users > >> are broadly like mine, the complaints are likely to be from a small > >> group of mailing list users and those mails could be whitelisted around > >> the phishing code? > >> > >> Thoughts? > >> > >> Julian Field wrote: > >> > >> > >>> I purposely didn't do that as there is an inevitable false alarm > >>> rate. I don't even tag the Subject: line. Having a valid (false > >>> positive) link removed would annoy my users very quickly! > >>> > >>> Roger Jochem wrote: > >>> > >>> > >>> > >>>> I'd would like to have a way of "disarming" phishing frauds from the > >>>> e-mail instead of warning the user about it. Could it be done? > >>>> Something like removing the from the e-mail, disabling > >>>> the fraud. Even warning my users, some of them open the link. Maybe > >>>> because they're curious about it... Is it possible? > >>> > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 18 15:50:35 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:14 2006 Subject: Mails do slip through MS.. Message-ID: hi there, > Check your file locking. What version of Sendmail are you using, and on > what version of what OS on what architecture? > file locking is posix, sendmail: Sendmail version 8.12.6, config V10/Berkeley OS: linux (suse 8.1) these things do only happen, when ms seems to restart itself.. as far as i could read out of the logs and looking for those message-ids. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Jan 18 15:52:00 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:14 2006 Subject: wee tweak for 4.38 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > > BTW, Happy Birthday from Maine, USA. I'll bet if you posted your > snail-mail address (work) to the list then grateful Mailscanner > users would send you cool postcards from all parts of the planet. > It would make a nice decoration in your office. > I found this on the net: Julian Field MEng MBCS School of Electronics and Computer Science University of Southampton SO17 1BJ United Kingdom I'll try to get a postcard from Sherbrooke QC Canada going in a couple of days. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Tue Jan 18 16:24:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature request: HTML Content Checks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The new logging configuration option is called Log Dangerous HTML Tags and has replaced the old Log IFrame Tags. When you run upgrade_MailScanner_conf, the old option will be removed and the new one inserted. To save on log output and because it is reasonable for production use, the new option is switched off by default. Quentin --- Sorry for not remembering to do this earlier! Julian Field wrote: > Is this okay? > > HTML-Object > HTML-Script > HTML-Form > HTML-IFrame > > with the same log line format as the current log iframe tags gives you. > I will remove the log iframe tags option and replace it with log html > tags. > > > Quentin Campbell wrote: > >> ulian >> >> Is it possible to add to the logged "Content Checks: Detected >> HTML-specific exploits in ..." messages the actual HTML exploit that >> caused the message? >> >> That is, I am asking for one of the strings "HTML-Iframe", >> "HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form" to be added >> as appropriate to the message. >> >> At present we only have info on IFrame exploits through the separate >> logging facility for that tag. I would like this additional info for the >> same reason you provided the IFrame logging - to identify the >> envelope-From address that may need to be added to the rules file to >> exempt that address from the actions normally applied to that exploit. >> >> Thanks >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> ------------------------------------------------------------------------ >> "Any opinion expressed above is mine. The University can get its own." >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 16:26:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Wilcock wrote: > Julian Field wrote: > >> Would you need fancy things like regexp patterns and/or wildcards, or >> would simple website hostnames do? Website hostnames that I can look up >> in a hash will be *considerably* faster. Then the size of the list won't >> affect the time it takes to do a lookup. Checking everything like I do >> with a ruleset at the moment is very slow, especially if the list grew >> large. > > > I can't see a need for regexes. Simple wildcards (*.domain.com) would be > more convenient but by no means essential, at least judging by the > sample of phishing mail we get here. Wildcards would be no better than allowing full regexps. It would need to be full hostnames of the website concerned. Is that okay? > Or how about a wacky idea - an option to look the hostname up in a > DNS-based whitelist, SURBL-style. For particularly large whitelists I > expect the performance from a local rbldnsd server ought to be good > enough. Eek! Sounds like a good idea, but I think very very few people would actually use it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jan 18 16:25:37 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:14 2006 Subject: Feature request: HTML Content Checks Message-ID: Julian Thanks. That would do the job. In fact your suggested way is better because the logged line will also include the envelope-sender address. Note though that if people chose "Log HTML Tags = yes" and if they also chose to strip HTML on, say, the occurrence of an IFrame tag in a message then three lines will be logged: Jan 18 04:03:29 cheviot4 MailScanner[29462]: HTML IFrame tag found in message j0I43C12031986 from boston@changing_boston.net Jan 18 04:03:29 cheviot4 MailScanner[29462]: Content Checks: Detected HTML-specific exploits in j0I43C12031986 Jan 18 04:03:29 cheviot4 MailScanner[29462]: Content Checks: Detected and will convert HTML message to plain text in j0I43C12031986 I am happy to live with that if it simplifies the additional coding you have to do! Regards Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 18 January 2005 15:25 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Feature request: HTML Content Checks > >Is this okay? > >HTML-Object >HTML-Script >HTML-Form >HTML-IFrame > >with the same log line format as the current log iframe tags gives you. >I will remove the log iframe tags option and replace it with >log html tags. > > >Quentin Campbell wrote: > >>ulian >> >>Is it possible to add to the logged "Content Checks: Detected >>HTML-specific exploits in ..." messages the actual HTML exploit that >>caused the message? >> >>That is, I am asking for one of the strings "HTML-Iframe", >>"HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form" >to be added >>as appropriate to the message. >> >>At present we only have info on IFrame exploits through the separate >>logging facility for that tag. I would like this additional >info for the >>same reason you provided the IFrame logging - to identify the >>envelope-From address that may need to be added to the rules file to >>exempt that address from the actions normally applied to that exploit. >> >>Thanks >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>-------------------------------------------------------------- >---------- >>"Any opinion expressed above is mine. The University can get its own." >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 16:28:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: wee tweak for 4.38 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Jeff A. Earickson wrote: > >> >> BTW, Happy Birthday from Maine, USA. I'll bet if you posted your >> snail-mail address (work) to the list then grateful Mailscanner >> users would send you cool postcards from all parts of the planet. >> It would make a nice decoration in your office. >> > > I found this on the net: > Julian Field MEng MBCS > School of Electronics and Computer Science > University of Southampton > SO17 1BJ > United Kingdom > > I'll try to get a postcard from Sherbrooke QC Canada going in a couple > of days. Cool :-) All postcards including their email address get a free email from me (and a copy of my advertising flyer ;-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 18 16:27:54 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:14 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For me the full hostname would work... ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 18, 2005 2:26 PM Subject: Re: Feature Request: Phishing > John Wilcock wrote: > > > Julian Field wrote: > > > >> Would you need fancy things like regexp patterns and/or wildcards, or > >> would simple website hostnames do? Website hostnames that I can look up > >> in a hash will be *considerably* faster. Then the size of the list won't > >> affect the time it takes to do a lookup. Checking everything like I do > >> with a ruleset at the moment is very slow, especially if the list grew > >> large. > > > > > > I can't see a need for regexes. Simple wildcards (*.domain.com) would be > > more convenient but by no means essential, at least judging by the > > sample of phishing mail we get here. > > Wildcards would be no better than allowing full regexps. It would need > to be full hostnames of the website concerned. Is that okay? > > > Or how about a wacky idea - an option to look the hostname up in a > > DNS-based whitelist, SURBL-style. For particularly large whitelists I > > expect the performance from a local rbldnsd server ought to be good > > enough. > > Eek! Sounds like a good idea, but I think very very few people would > actually use it. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 16:26:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:14 2006 Subject: Mails do slip through MS.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: >hi there, > > > > >>Check your file locking. What version of Sendmail are you using, and on >>what version of what OS on what architecture? >> >> >> >file locking is posix, >sendmail: Sendmail version 8.12.6, config V10/Berkeley >OS: linux (suse 8.1) > > Why not using flock? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jan 18 16:28:48 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:15 2006 Subject: Problem with Bayes DB lock files Message-ID: At 08:30 PM 1/17/2005, Chris Lyon wrote: >Here is an error that I found and it is also below: bayes: no dbs present, > >Here is the dump=magic: > >sa-learn --dump=magic -D If you are using the default mailscanner behavior of forcing the bayes db to a non-standard location you'll also need to pass sa-learn the --dbpath option. Otherwise it's going to look in the current user's (root) home directory for your bayes db. Depending on how your bayes_path is set you'll want something like this: sa-learn --dump magic -D --dbpath /var/spool/spamassassin/ However, from your previous posts it sounds like your bayes_path is /etc/MailScanner/bayes/bayes so you'd want: sa-learn --dump magic -D --dbpath /etc/MailScanner/bayes/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 16:29:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Feature request: HTML Content Checks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All the log entries will be of the form HTML-IFrame tag found in message %s from %s so you will get the sender's address in every log entry. Quentin Campbell wrote: >Julian > >Thanks. That would do the job. > >In fact your suggested way is better because the logged line will also >include the envelope-sender address. > >Note though that if people chose "Log HTML Tags = yes" and if they also >chose to strip HTML on, say, the occurrence of an IFrame tag in a >message then three lines will be logged: > >Jan 18 04:03:29 cheviot4 MailScanner[29462]: HTML IFrame tag found in >message >j0I43C12031986 from boston@changing_boston.net > >Jan 18 04:03:29 cheviot4 MailScanner[29462]: Content Checks: Detected >HTML-specific exploits in j0I43C12031986 > >Jan 18 04:03:29 cheviot4 MailScanner[29462]: Content Checks: Detected >and will convert HTML message to plain text in j0I43C12031986 > >I am happy to live with that if it simplifies the additional coding you >have to do! > >Regards > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 18 January 2005 15:25 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Feature request: HTML Content Checks >> >>Is this okay? >> >>HTML-Object >>HTML-Script >>HTML-Form >>HTML-IFrame >> >>with the same log line format as the current log iframe tags gives you. >>I will remove the log iframe tags option and replace it with >>log html tags. >> >> >>Quentin Campbell wrote: >> >> >> >>>ulian >>> >>>Is it possible to add to the logged "Content Checks: Detected >>>HTML-specific exploits in ..." messages the actual HTML exploit that >>>caused the message? >>> >>>That is, I am asking for one of the strings "HTML-Iframe", >>>"HTML-Codebase", "HTML Object", "HTML-Script" or "HTML-Form" >>> >>> >>to be added >> >> >>>as appropriate to the message. >>> >>>At present we only have info on IFrame exploits through the separate >>>logging facility for that tag. I would like this additional >>> >>> >>info for the >> >> >>>same reason you provided the IFrame logging - to identify the >>>envelope-From address that may need to be added to the rules file to >>>exempt that address from the actions normally applied to that exploit. >>> >>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 18 16:32:24 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:15 2006 Subject: Mails do slip through MS.. Message-ID: Hi Julian > >sendmail: Sendmail version 8.12.6, config V10/Berkeley > >OS: linux (suse 8.1) > > > > > Why not using flock? > sendmail and flock seems to be weird not only on my system. Mails will be received twice or maybe one mail of those 2 has all content, the second only the following "No data collected" Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 18 16:39:04 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:15 2006 Subject: wee tweak for 4.38 Message-ID: A postcard will be coming from Maine soon. Let's show Julian all of the nice places he could visit if he weren't working on MailScanner all the time! On Tue, 18 Jan 2005, Julian Field wrote: > Date: Tue, 18 Jan 2005 16:28:10 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: wee tweak for 4.38 > > Denis Beauchemin wrote: > >> Jeff A. Earickson wrote: >> >>> >>> BTW, Happy Birthday from Maine, USA. I'll bet if you posted your >>> snail-mail address (work) to the list then grateful Mailscanner >>> users would send you cool postcards from all parts of the planet. >>> It would make a nice decoration in your office. >>> >> >> I found this on the net: >> Julian Field MEng MBCS >> School of Electronics and Computer Science >> University of Southampton >> SO17 1BJ >> United Kingdom >> >> I'll try to get a postcard from Sherbrooke QC Canada going in a couple >> of days. > > Cool :-) > > All postcards including their email address get a free email from me > (and a copy of my advertising flyer ;-) > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Tue Jan 18 16:40:05 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > John Wilcock wrote: >> I can't see a need for regexes. Simple wildcards (*.domain.com) would be >> more convenient but by no means essential, at least judging by the >> sample of phishing mail we get here. > > Wildcards would be no better than allowing full regexps. It would need > to be full hostnames of the website concerned. Is that okay? I'll vote for that, yes. > >> Or how about a wacky idea - an option to look the hostname up in a >> DNS-based whitelist, SURBL-style. For particularly large whitelists I >> expect the performance from a local rbldnsd server ought to be good >> enough. > > > Eek! Sounds like a good idea, but I think very very few people would > actually use it. Probably true, unless of course someone with good connectivity were to set up a *publicly-available* DNS-based phishing URL whitelist that we could all contribute to. John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Tue Jan 18 17:15:27 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: On Mon, January 17, 2005 20:34, Rocky McCamey said: I tried to subscribe to the list, but it wouldnt let me post to it. Anyway if you could help me out with this one i would be forever greatful. I keep getting the error postfix: Process did not exit cleanly, returned 255 with signal 0 when i tail the messages log, it does not show up in the mailscanner log at all, I only noticed this error because i added a new filtering server, because we have a high volume of mail, and the new server runs much slower than the older one. I thought this was strange so i tailed the messages log and saw this. This does not happen on the older server, i tried to look the error up online, but it seems im the only person in the world having this issue. Could you post some logs around this exit error (Particularly before it). I'm sure that will give more clues. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! I would think so too, but it only shows that error over and over like so: Jan 18 08:32:01 filter5 postfix: Process did not exit cleanly, returned 9 with signal 0 Jan 18 08:32:11 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:32:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:32:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:32:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:32:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:33:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:33:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:33:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:33:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:33:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:33:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:34:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:34:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:34:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:34:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:34:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:34:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:35:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:35:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:35:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:35:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:35:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:35:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:36:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:36:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:36:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:36:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:36:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:36:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:37:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:37:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:37:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:37:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:37:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:37:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:38:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:38:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:38:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:38:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:38:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:38:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:39:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:39:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:39:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:39:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:39:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:39:52 filter5 postfix: Process did not exit cleanly, returned 2 with signal 0 Jan 18 08:40:01 filter5 /usr/sbin/cron[19359]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) Jan 18 08:40:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:40:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:40:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:40:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:40:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:40:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:41:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:41:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:41:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:41:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:41:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:41:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:42:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:42:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:42:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:42:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:42:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:42:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:43:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:43:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:43:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:43:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:43:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:43:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:44:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:44:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:44:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:44:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:44:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:44:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:45:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:45:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:45:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:45:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:45:42 filter5 postfix: Process did not exit cleanly, returned 9 with signal 0 Jan 18 08:45:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:46:02 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:46:12 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:46:22 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:46:32 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:46:42 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 08:46:52 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 it keeps going and going, it must be somthing new, because i have 3 other servers running and they dont get those errors, but i am building 3 more for a different domain and all those servers give the same error. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 17:17:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How about this? Anyone want to test it for me please? I'll put out a new beta if you want it. There is now a new configuration option: # There are some companies, such as banks, that insist on sending out # email messages with links in them that are caught by the "Find Phishing # Fraud" test described above. # This is the name of a file which contains a list of link destinations # which should be ignored in the test. This may, for example, contain # the known websites of some banks. # See the file itself for more information. # This can only be the name of the file containing the list, it *cannot* # be the filename of a ruleset. Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf The contents of the example file is this: # # This file contains the list of all the sites which can be safely # ignored in the "phishing fraud" checks. # The entries here are 1 per line, and are the full hostnames of # the *real* destinations of links which would be caught by the checks. # So if you had HTML that looked like this: # # Please tell us at Bank.com # # then you should add # email.bank.com # to this file. # # Note: Do not add any form of wildcard, regular expression or anything # other than a fully qualified hostname to this file. It won't work. www.example.com John Wilcock wrote: > Julian Field wrote: > >> John Wilcock wrote: >> >>> I can't see a need for regexes. Simple wildcards (*.domain.com) >>> would be >>> more convenient but by no means essential, at least judging by the >>> sample of phishing mail we get here. >> >> >> Wildcards would be no better than allowing full regexps. It would need >> to be full hostnames of the website concerned. Is that okay? > > > I'll vote for that, yes. > >> >>> Or how about a wacky idea - an option to look the hostname up in a >>> DNS-based whitelist, SURBL-style. For particularly large whitelists I >>> expect the performance from a local rbldnsd server ought to be good >>> enough. >> >> >> >> Eek! Sounds like a good idea, but I think very very few people would >> actually use it. > > > Probably true, unless of course someone with good connectivity were to > set up a *publicly-available* DNS-based phishing URL whitelist that we > could all contribute to. > > John. > > -- > -- Over 2500 webcams from ski resorts around the world - www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 18 17:23:42 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:15 2006 Subject: [Fwd: Postfix snapshot 20050117 available] Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian FYI. I would guess the only changes that will affect MailScanner will be the queue file hash changes? Obviously this is a 'non-stable' release... Drew ---------------------------- Original Message ---------------------------- Subject: Postfix snapshot 20050117 available From: "Wietse Venema" Date: Tue, January 18, 2005 16:04 To: "Postfix users" Cc: "Postfix announce" -------------------------------------------------------------------------- Postfix snapshot 20050117 is the first production release with IPv6 support. In order to accommodate Both IPv4 and IPv6 support, some low-level networking code had to be restructured. After extensive testing and cleanup, the code should now be safe to use. If the operation is successful, 99% of the people won't notice any difference, because they aren't on an IPv6 connected network. The only visible change is that some "host not found" related error messages have changed, because Postfix uses different system library routines for host lookup. This snapshot does not include TLS support. Once the TLS code audit is completed, TLS support will be merged from non-production snapshots into regular snapshots, and then we're getting ready for the official Postfix 2.2 release. The 20050117 snapshot is available from the mirrors listed at http://www.postfix.org/. Below are the relevant portions from the RELEASE_NOTES and from the HISTORY files, with omission of the material that is related only to the IPv6 port. Wietse RELEASE_NOTES: Incompatible changes with snapshot Postfix-2.2-20050117 ======================================================= Only the deferred and defer queue directories are hashed by default, instead of eight queue directories. With modern file systems, this speeds up Postfix boot time without compromising performance under high load too much. Hashing is now turned on only for the defer and deferred queue directories, because those contain lots of mail when undeliverable mail is backing up. In order to speed up start-up, some Postfix file permission checks are run in the background after Postfix is started. HISTORY file: 20041221-9 Infrastructure: unified IPv4/IPv6 name/address API so that Postfix can support IPv6 without #ifdef INET6 everywhere. In particular, we allow #ifdef in libraries but avoid it in applications. Files: util/myaddrinfo.[hc], util/sock_addr.[hc], dns/dns_rr_to_pa.c, dns/dns_sa_to_rr.c, dns/dns_rr_eq_sa.c, dns/dns_rr_to_sa.c, inet_proto.[hc]. 20050111 Feature: specify "inet_interfaces = loopback-only" for servers that must listen on local interfaces only, without having to specify IPv4 and/or IPv6 addresses in main.cf or master.cf. File: global/own_inet_addr.c. 20040513 Start-up performance: the hash_queue_names default setting is reduced from eight directories to just defer and deferred. This reduces time for checking the Postfix queue. Files: conf/post-install, global/mail_params.h. 20040514 Performance: reduced start-up delay by moving warning-only startup checks into the background. File: conf/postfix-script. 20050115 Further cleanup: RFC 2821 requires the IPv6: prefix with IPv6 address strings. The smtp and qmqp servers maintain separate address instances, the bare address and the RFC 2821 compatible form, and use each where appropriate. This strict separation simplifies address syntax checks as well as the implementation of XCLIENT and XFORWARD. 20050116 Infrastructure: new valid_mailhost_addr() routine to verify that an address literal satisfies RFC 2821. An IPv4 address is in dotted-quad decimal form, and an IPv6 address is in hexadecimal form, with the "IPv6:" prefix. Files: global/valid_mailhost_addr.[hc]. Further cleanup: valid_hostname() no longer allows network addresses or numerical domain names. While it made some sense with IPv4 dotted quad decimal forms, with IPv6 it just made no sense anymore. Again, being stricter actually simplifies code. Files: util/valid_hostname.c and a surprisingly small number of valid_hostname() callers that did not reject numerical forms. Bugfix: in the Postfix 2.2 SMTP client, the debug_peer_init() call was moved to the after-chroot initialization. 20050117 Performance: reduced start-up delay by moving warning-only startup checks into the background; they now start after one minute to allow the system to finish booting. File: conf/postfix-script. -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 18 17:42:41 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, January 18, 2005 17:15, Rocky McCamey said: > I would think so too, but it only shows that error over and over like so: > > Jan 18 08:32:01 filter5 postfix: Process did not exit cleanly, returned > 9 with signal 0 Can you 'postfix stop' then 'postfix start' from the command line and check any log entries or comments at the command line. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 17:49:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: [Fwd: Postfix snapshot 20050117 available] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It shouldn't cause any problems as far as I can see (apart from all the stuff they might have changed without telling the ChangeLog :-) Drew Marshall wrote: >Julian > >FYI. > >I would guess the only changes that will affect MailScanner will be the >queue file hash changes? Obviously this is a 'non-stable' release... > >Drew > >---------------------------- Original Message ---------------------------- >Subject: Postfix snapshot 20050117 available >From: "Wietse Venema" >Date: Tue, January 18, 2005 16:04 >To: "Postfix users" >Cc: "Postfix announce" >-------------------------------------------------------------------------- > >Postfix snapshot 20050117 is the first production release with IPv6 >support. In order to accommodate Both IPv4 and IPv6 support, some >low-level networking code had to be restructured. After extensive testing >and cleanup, the code should now be safe to use. > >If the operation is successful, 99% of the people won't notice any >difference, because they aren't on an IPv6 connected network. The only >visible change is that some "host not found" related error >messages have changed, because Postfix uses different system library >routines for host lookup. > >This snapshot does not include TLS support. Once the TLS code >audit is completed, TLS support will be merged from non-production >snapshots into regular snapshots, and then we're getting ready for the >official Postfix 2.2 release. > >The 20050117 snapshot is available from the mirrors listed at >http://www.postfix.org/. > >Below are the relevant portions from the RELEASE_NOTES and from >the HISTORY files, with omission of the material that is related >only to the IPv6 port. > > Wietse > >RELEASE_NOTES: > > Incompatible changes with snapshot Postfix-2.2-20050117 > ======================================================= > > Only the deferred and defer queue directories are hashed by default, >instead of eight queue directories. With modern file systems, this >speeds up Postfix boot time without compromising performance under >high load too much. Hashing is now turned on only for the defer and >deferred queue directories, because those contain lots of mail when >undeliverable mail is backing up. > > In order to speed up start-up, some Postfix file permission checks are >run in the background after Postfix is started. > >HISTORY file: > >20041221-9 > > Infrastructure: unified IPv4/IPv6 name/address API so that > Postfix can support IPv6 without #ifdef INET6 everywhere. > In particular, we allow #ifdef in libraries but avoid it > in applications. Files: util/myaddrinfo.[hc], > util/sock_addr.[hc], dns/dns_rr_to_pa.c, dns/dns_sa_to_rr.c, > dns/dns_rr_eq_sa.c, dns/dns_rr_to_sa.c, inet_proto.[hc]. > >20050111 > > Feature: specify "inet_interfaces = loopback-only" for > servers that must listen on local interfaces only, without > having to specify IPv4 and/or IPv6 addresses in main.cf or > master.cf. File: global/own_inet_addr.c. > >20040513 > > Start-up performance: the hash_queue_names default setting > is reduced from eight directories to just defer and deferred. > This reduces time for checking the Postfix queue. Files: > conf/post-install, global/mail_params.h. > >20040514 > > Performance: reduced start-up delay by moving warning-only > startup checks into the background. File: conf/postfix-script. > >20050115 > > Further cleanup: RFC 2821 requires the IPv6: prefix with > IPv6 address strings. The smtp and qmqp servers maintain > separate address instances, the bare address and the RFC > 2821 compatible form, and use each where appropriate. This > strict separation simplifies address syntax checks as well > as the implementation of XCLIENT and XFORWARD. > >20050116 > > Infrastructure: new valid_mailhost_addr() routine to verify > that an address literal satisfies RFC 2821. An IPv4 address > is in dotted-quad decimal form, and an IPv6 address is in > hexadecimal form, with the "IPv6:" prefix. Files: > global/valid_mailhost_addr.[hc]. > > Further cleanup: valid_hostname() no longer allows network > addresses or numerical domain names. While it made some > sense with IPv4 dotted quad decimal forms, with IPv6 it > just made no sense anymore. Again, being stricter actually > simplifies code. Files: util/valid_hostname.c and a > surprisingly small number of valid_hostname() callers that > did not reject numerical forms. > > Bugfix: in the Postfix 2.2 SMTP client, the debug_peer_init() > call was moved to the after-chroot initialization. > >20050117 > > Performance: reduced start-up delay by moving warning-only > startup checks into the background; they now start after > one minute to allow the system to finish booting. File: > conf/postfix-script. > > > > >-- >In line with our policy, this message has >been scanned for viruses and dangerous >content by MailScanner, and is believed to be clean. >www.themarshalls.co.uk/policy > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 17:49:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't all rush at once now.... :-) Julian Field wrote: > How about this? Anyone want to test it for me please? I'll put out a new > beta if you want it. > > There is now a new configuration option: > > # There are some companies, such as banks, that insist on sending out > # email messages with links in them that are caught by the "Find Phishing > # Fraud" test described above. > # This is the name of a file which contains a list of link destinations > # which should be ignored in the test. This may, for example, contain > # the known websites of some banks. > # See the file itself for more information. > # This can only be the name of the file containing the list, it *cannot* > # be the filename of a ruleset. > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > > The contents of the example file is this: > > # > # This file contains the list of all the sites which can be safely > # ignored in the "phishing fraud" checks. > # The entries here are 1 per line, and are the full hostnames of > # the *real* destinations of links which would be caught by the checks. > # So if you had HTML that looked like this: > # > # Please tell us at Bank.com > # > # then you should add > # email.bank.com > # to this file. > # > # Note: Do not add any form of wildcard, regular expression or anything > # other than a fully qualified hostname to this file. It won't > work. > > www.example.com -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jonas.back at pin.se Tue Jan 18 18:34:08 2005 From: jonas.back at pin.se (Jonas Back) Date: Thu Jan 12 21:28:15 2006 Subject: SV: Postfix & Virtual Users Auto Responder Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there Postfix lovers! One _very_ good software for administration of users and domains in a postfix world is Postfix Admin by Mischa Peters. Look at http://high5.net/postfixadmin It stores everything in MySQL ... even the vacation messages. I don't know how well it works an a server with postfix + postfix admin + mailscanner since my setup is a three layer setup but I think it will work. Cheers, Jonas Back -----Ursprungligt meddelande----- Från: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] För Wess Bechard Skickat: den 14 januari 2005 21:26 Till: MAILSCANNER@JISCMAIL.AC.UK Ämne: Postfix & Virtual Users Auto Responder Hello Folks. I have managed to get a working auto response system working for MailScanner users running Postfix with MySQL based virtual users. I may be slightly off topic with this post, but auto responders are difficult to come by for this virtual setup. Julian, I hope you don't mind me posting here to help our Postfix users. :) Here we go, with some formatting to make this readable. ________________________________________________________________________ --- Description --- I pieced together a system of old fixes, modified code, and put together a semi-simple way to use auto responders with MailScanner, Postfix, and Virtual Users. You will need to make a few database entrees and create a text file to use this system. --- Instructions --- 1. This perl script can be run from anywhere, but I chose to place it in my virtual mail directory. (/home/vmail/) I have set the ownership to my vmail user. --- autoreply code start ---- #!/usr/bin/perl -w # # Filename: autoreply # Updated By: Wess Bechard # Author: David Miller , based on a # script posted to the postfix-users maillist by # Gimbert Mario on 02 Dec 2002. # # use strict; package main; # location of sendmail binary my $SENDMAIL = "/usr/sbin/sendmail"; #---------------------------- # Main Thread of Execution #---------------------------- #my ($sender, $reciplist) = $ARGV; my ($sender, $reciplist) = @ARGV; # do not reply to mailing lists exit 0 if($sender=~/^(?i)owner-.*|^(?i)newsletter.*|(?i)listserver.*|^(?i)mailerdaemon.* ^(?i)mailer-daemon.*/); # break apart recipient list $reciplist=~s/,/ /g; #print "$reciplist\n"; my @recips = split(" ", $reciplist); # check each recipient and send mail foreach my $rec (@recips) { my ($user, $domain) = split("@", $rec); $domain =~ s/autoreply\.//; my $file = "/home/vmail/$domain/$user/autoreply.txt"; # print "$file\n"; if( -f $file) { # print "$file\n"; sendreplyto($sender, "$user\@$domain", $file); } } exit 0; sub sendreplyto { my ($sender, $recip, $replyfile); ($sender, $recip, $replyfile) = @_; #print "$replyfile"; open(MAIL, "|$SENDMAIL -f '' -t") || die "Cannot execute $SENDMAIL: $!\n"; print MAIL <) { print MAIL $_; } print MAIL "\n"; close REPLY || die "Close of $replyfile failed: $!\n"; close MAIL || die "$SENDMAIL failed: $!\n"; } --- autoreply code end ---- 2. Add the following transport to the end of your /etc/postfix/master.cf. autoreply unix - n n - - pipe flags=F user=vmail argv=/home/vmail/autoreply $sender $recipient Please change the user to match the permissions set to the perl script. 3. Please add the following data to the transport table if it does not exist. This step will need to be done once for every domain using auto responders. In Transport table: Domain: autoreply.domain.tld Destination: autoreply 4. Create a forward for the user that uses the new autoreply transport. In Virtual table: Create a forward to the user's usual inbox first. Email: user@domain.tld Destination: user@domain.tld Now create a forward to the autoreply. Email: user@domain.tld Destination: user@autoreply.domain.tld 5. Create the autoreply.txt in the user's maildir. /home/vmail/domain.tld/user/autoreply.txt Adjust directory path to taste. The autoreply.txt can contain any plain text email message. ------------------------------------------------------------------------------- ----------- I hope this help out a lot of people. Feel free to visit me on the MailScanner IRC chat room if you need any assistance. MailScanner on IRC Community Support irc.freenode.net #mailscanner -- Wess Bechard Systems Administrator eliquidMEDIA International Inc. wess@eliquid.com 519.973.1930 -1.800.561.7525 Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Tue Jan 18 18:48:57 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] *grin* I would like to test, can't wait for the beta :) Regards, Wietse On Tuesday, January 18, 2005 6:49 PM [GMT+1=CET], Julian Field wrote: > Don't all rush at once now.... :-) > > Julian Field wrote: > >> How about this? Anyone want to test it for me please? I'll put out a >> new beta if you want it. >> >> There is now a new configuration option: >> >> # There are some companies, such as banks, that insist on sending out >> # email messages with links in them that are caught by the "Find >> Phishing # Fraud" test described above. >> # This is the name of a file which contains a list of link >> destinations # which should be ignored in the test. This may, for >> example, contain # the known websites of some banks. >> # See the file itself for more information. >> # This can only be the name of the file containing the list, it >> *cannot* # be the filename of a ruleset. >> Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf >> >> The contents of the example file is this: >> >> # >> # This file contains the list of all the sites which can be safely >> # ignored in the "phishing fraud" checks. >> # The entries here are 1 per line, and are the full hostnames of >> # the *real* destinations of links which would be caught by the >> checks. # So if you had HTML that looked like this: >> # >> # Please tell us at Bank.com >> # >> # then you should add >> # email.bank.com >> # to this file. >> # >> # Note: Do not add any form of wildcard, regular expression or >> anything # other than a fully qualified hostname to this file. >> It won't work. >> >> www.example.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 19:02:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No problem. Coming right up... Wietse Muizelaar wrote: >*grin* > >I would like to test, can't wait for the beta :) > >Regards, >Wietse > >On Tuesday, January 18, 2005 6:49 PM [GMT+1=CET], >Julian Field wrote: > > > >>Don't all rush at once now.... :-) >> >>Julian Field wrote: >> >> >> >>>How about this? Anyone want to test it for me please? I'll put out a >>>new beta if you want it. >>> >>>There is now a new configuration option: >>> >>># There are some companies, such as banks, that insist on sending out >>># email messages with links in them that are caught by the "Find >>>Phishing # Fraud" test described above. >>># This is the name of a file which contains a list of link >>>destinations # which should be ignored in the test. This may, for >>>example, contain # the known websites of some banks. >>># See the file itself for more information. >>># This can only be the name of the file containing the list, it >>>*cannot* # be the filename of a ruleset. >>>Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf >>> >>>The contents of the example file is this: >>> >>># >>># This file contains the list of all the sites which can be safely >>># ignored in the "phishing fraud" checks. >>># The entries here are 1 per line, and are the full hostnames of >>># the *real* destinations of links which would be caught by the >>>checks. # So if you had HTML that looked like this: >>># >>># Please tell us at Bank.com >>># >>># then you should add >>># email.bank.com >>># to this file. >>># >>># Note: Do not add any form of wildcard, regular expression or >>>anything # other than a fully qualified hostname to this file. >>>It won't work. >>> >>>www.example.com >>> >>> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Jan 18 19:08:35 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:15 2006 Subject: How can I force to verify the whit list and keep " if on spam list" option off? Message-ID: Hi, Because RBL checks work fantastic for me I decided to turn off "Check Spam Assassin If On Spam List". However, the users start complaining now because the whitelist is not checked in the "spam.assassin.prefs.conf". How can I fix it? How can I force MailScanner to check the whitelist? If I turn back on the SpamAssasin we will get thousands spam per day. Looks like RBLs works much better these days thean spamassassin (3.0.2). If the message sender is on any of the Spam Lists, do you still want # to do the SpamAssassin checks? Setting this to "no" will reduce the load # on your server, but will stop the High Scoring Spam Actions from ever # happening. # This can also be the filename of a ruleset. # mnh CR15998 Check SpamAssassin If On Spam List = yes Check SpamAssassin If On Spam List = no Thanks, Magda ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Tue Jan 18 19:08:46 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:15 2006 Subject: Problem with Bayes DB lock files Message-ID: Matt, Here is the output.We are having the same issues here.Anything out of normal here ? ( i stopped MTA and MS while taking this output let me know if you need anything else) sa-learn --dump magic -D --dbpath /etc/MailScanner/bayes/ debug: SpamAssassin version 3.0.2 debug: Score set 0 chosen. debug: running in taint mode? no debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/11_gentoo.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/._cfg0000_local.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/subject.cf debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH (0x85221a0) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH (0x8a9a7b4) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8a77d3c) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x85221a0) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a9a7b4) implements 'parse_config' debug: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks debug: Score set 0 chosen. debug: bayes: 2587 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks debug: bayes: 2587 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen debug: bayes: found bayes db version 3 0.000 0 3 0 non-token data: bayes db version 0.000 0 78 0 non-token data: nspam 0.000 0 280 0 non-token data: nham 0.000 0 19742 0 non-token data: ntokens 0.000 0 1106008604 0 non-token data: oldest atime 0.000 0 1106011166 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count debug: bayes: 2587 untie-ing debug: bayes: 2587 untie-ing db_toks debug: bayes: 2587 untie-ing db_seen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 19:33:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: How can I force to verify the whit list and keep " if on spam list" option off? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can't use the SpamAssassin whitelist without using SpamAssassin. But if your whitelist is implemented as a MailScanner ruleset, just apply it to "Spam Checks". If you need to know more about rulesets, please consult the Book, the MAQ or the FAQ. I would of course prefer you to consult the Book :-) Magda Hewryk wrote: >Hi, >Because RBL checks work fantastic for me I decided to turn off "Check Spam >Assassin If On Spam List". >However, the users start complaining now because the whitelist is not >checked in the "spam.assassin.prefs.conf". How can I fix it? >How can I force MailScanner to check the whitelist? > >If I turn back on the SpamAssasin we will get thousands spam per day. >Looks like RBLs works much better these days thean spamassassin (3.0.2). > > If the message sender is on any of the Spam Lists, do you still want ># to do the SpamAssassin checks? Setting this to "no" will reduce the load ># on your server, but will stop the High Scoring Spam Actions from ever ># happening. ># This can also be the filename of a ruleset. ># mnh CR15998 Check SpamAssassin If On Spam List = yes >Check SpamAssassin If On Spam List = no > > >Thanks, > >Magda > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 19:39:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Evening all! I have just released beta version 4.38.3. Please don't run it on production systems for the next 24 hours or so, unless you know what you are doing and can retreat to your previous version easily. Any problems will probably appear in the first 24 hours of the release, due to the very kind testing done by many of you which all helps. The main new features are - Added "Phishing Safe Sites File" configuration setting to point to a file containing a list of fully-qualified hostnames which are ignored in the phishing detection tests. Any links to any of these hostnames are ignored in the phishing tests. - Added "Also Find Numeric Phishing" setting (on by default) so that all numeric IP addresses in links are flagged as being dangerous. - Any entry in the "Archive Mail" setting can contain _DATE_ which will be replaced with the current date in yyyymmdd form, so you can backup or move yesterday's archive safely knowing that it won't be written to today. - Postfix support added to "IPBlock" functionality for SMTP connection throttling. Many thanks to Rakesh for writing this. Download as usual from www.mailscanner.info The full Change Log is: * New Features and Improvements * - Upgraded to MIME-tools 5.416. - Added new filename restrictions using Microsoft vulnerability report from AUScert. - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work Dir and Incoming Queue Dir automatically from MailScanner.conf file. - Can now use $from, $id and $subject in inline signature for signing clean messages. - Any entry in the "Archive Mail" setting can contain _DATE_ which will be replaced with the current date in yyyymmdd form, so you can backup or move yesterday's archive safely knowing that it won't be written to today. - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to cause problems. - Added "Also Find Numeric Phishing" setting (on by default) so that all numeric IP addresses in links are flagged as being dangerous. - Added "$postmastername" to the list of variables available in many reports. - ClamAV -autoupdate script now logs all warnings and errors from freshclam. - Postfix support added to "IPBlock" functionality for SMTP connection throttling. Many thanks to Rakesh for writing this. - Updated German translations. Many thanks to Felix for doing this. - Added PDF version of new MailScanner advertising "flyer". - Added "Log Dangerous HTML Tags" configuration setting, and removed old "Log IFrame Tags" configuration setting, so that all potentially dangerous HTML tags are now logged. This helps when you are developing your white- list of safe sources of HTML tags, such as newsletters and daily cartoons. - Added "Phishing Safe Sites File" configuration setting to point to a file containing a list of fully-qualified hostnames which are ignored in the phishing detection tests. Any links to any of these hostnames are ignored in the phishing tests. * Fixes * - Fixed problem where some spam was delivered even if the Spam Actions was set to "store delete" if the messages were not to be virus-scanned. - Fixed harmless uninitialised variables in HTML disarming. - Removed 2nd copy of tnef sources from tar distribution. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Jan 18 20:18:58 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:15 2006 Subject: How can I force to verify the white list and keep the " if on spam list" option off? Message-ID: Hi Julian, "Spam Checks" is turn on. It's a first option I've modified when running MS. Spam Checks = /etc/MailScanner/rules/deliver.clean.rules #mnh T125 TAGS THE SUBJECT LINE I hope I can tune "Is Definitely Not Spam" to work for me. Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules What is the syntax? For some reason spamhause (sbl+xbl) marks ibm as spam .... Is the following syntax correct? From: whitelist_from *@isource.ibm.com yes From: whitelist_from *.isource.ibm.com yes FromOrTo: default no ~ Thanks, Magda Hewryk -------------------------------- Mid-Range Systems 905-273-1637 (Office) 416-554-0743 (Cell) Julian Field To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: How can I force to verify the whit list and keep " if on spam list" option off? 01/18/2005 02:33 PM Please respond to MailScanner mailing list You can't use the SpamAssassin whitelist without using SpamAssassin. But if your whitelist is implemented as a MailScanner ruleset, just apply it to "Spam Checks". If you need to know more about rulesets, please consult the Book, the MAQ or the FAQ. I would of course prefer you to consult the Book :-) Magda Hewryk wrote: >Hi, >Because RBL checks work fantastic for me I decided to turn off "Check Spam >Assassin If On Spam List". >However, the users start complaining now because the whitelist is not >checked in the "spam.assassin.prefs.conf". How can I fix it? >How can I force MailScanner to check the whitelist? > >If I turn back on the SpamAssasin we will get thousands spam per day. >Looks like RBLs works much better these days thean spamassassin (3.0.2). > > If the message sender is on any of the Spam Lists, do you still want ># to do the SpamAssassin checks? Setting this to "no" will reduce the load ># on your server, but will stop the High Scoring Spam Actions from ever ># happening. ># This can also be the filename of a ruleset. ># mnh CR15998 Check SpamAssassin If On Spam List = yes >Check SpamAssassin If On Spam List = no > > >Thanks, > >Magda > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 20:29:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: How can I force to verify the white list and keep the " if on spam list" option off? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From: *@isource.ibm.com yes From: *.isource.ibm.com yes FromOrTo: default no Magda Hewryk wrote: >Hi Julian, > >"Spam Checks" is turn on. It's a first option I've modified when running >MS. >Spam Checks = /etc/MailScanner/rules/deliver.clean.rules #mnh T125 TAGS >THE SUBJECT LINE > >I hope I can tune "Is Definitely Not Spam" to work for me. >Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > >What is the syntax? For some reason spamhause (sbl+xbl) marks ibm as spam >.... > >Is the following syntax correct? > >From: whitelist_from *@isource.ibm.com yes >From: whitelist_from *.isource.ibm.com yes >FromOrTo: default no > > >~ > >Thanks, > >Magda Hewryk >-------------------------------- >Mid-Range Systems >905-273-1637 (Office) >416-554-0743 (Cell) > > > > Julian Field > SOTON.AC.UK> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: How can I force to verify the > whit list and keep " if on spam > list" option off? > 01/18/2005 02:33 > PM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > >You can't use the SpamAssassin whitelist without using SpamAssassin. >But if your whitelist is implemented as a MailScanner ruleset, just >apply it to "Spam Checks". >If you need to know more about rulesets, please consult the Book, the >MAQ or the FAQ. >I would of course prefer you to consult the Book :-) > >Magda Hewryk wrote: > > > >>Hi, >>Because RBL checks work fantastic for me I decided to turn off "Check Spam >>Assassin If On Spam List". >>However, the users start complaining now because the whitelist is not >>checked in the "spam.assassin.prefs.conf". How can I fix it? >>How can I force MailScanner to check the whitelist? >> >>If I turn back on the SpamAssasin we will get thousands spam per day. >>Looks like RBLs works much better these days thean spamassassin (3.0.2). >> >>If the message sender is on any of the Spam Lists, do you still want >># to do the SpamAssassin checks? Setting this to "no" will reduce the load >># on your server, but will stop the High Scoring Spam Actions from ever >># happening. >># This can also be the filename of a ruleset. >># mnh CR15998 Check SpamAssassin If On Spam List = yes >>Check SpamAssassin If On Spam List = no >> >> >>Thanks, >> >>Magda >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 18 21:12:16 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:15 2006 Subject: [Fwd: Postfix snapshot 20050117 available] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > It shouldn't cause any problems as far as I can see (apart from all the > stuff they might have changed without telling the ChangeLog :-) True, so true :-\ -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 18 21:54:15 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:15 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: Julian, Also for ChangeLog file: - Added Eicar test virus to non-forging Virus list. Jeff Earickson Colby College On Tue, 18 Jan 2005, Julian Field wrote: > Date: Tue, 18 Jan 2005 19:39:52 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: ANNOUNCE: Beta 4.38.3 released > > Evening all! > > I have just released beta version 4.38.3. > > Please don't run it on production systems for the next 24 hours or so, > unless you know what you are doing and can retreat to your previous > version easily. Any problems will probably appear in the first 24 hours > of the release, due to the very kind testing done by many of you which > all helps. > > The main new features are > > - Added "Phishing Safe Sites File" configuration setting to point to a file > containing a list of fully-qualified hostnames which are ignored in the > phishing detection tests. Any links to any of these hostnames are ignored > in the phishing tests. > - Added "Also Find Numeric Phishing" setting (on by default) so that all > numeric IP addresses in links are flagged as being dangerous. > > - Any entry in the "Archive Mail" setting can contain _DATE_ which will be > replaced with the current date in yyyymmdd form, so you can backup or move > yesterday's archive safely knowing that it won't be written to today. > - Postfix support added to "IPBlock" functionality for SMTP connection > throttling. Many thanks to Rakesh for writing this. > > Download as usual from www.mailscanner.info > > The full Change Log is: > > * New Features and Improvements * > - Upgraded to MIME-tools 5.416. > - Added new filename restrictions using Microsoft vulnerability report > from AUScert. > - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work Dir and > Incoming Queue Dir automatically from MailScanner.conf file. > - Can now use $from, $id and $subject in inline signature for signing clean > messages. > - Any entry in the "Archive Mail" setting can contain _DATE_ which will be > replaced with the current date in yyyymmdd form, so you can backup or move > yesterday's archive safely knowing that it won't be written to today. > - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to > cause problems. > - Added "Also Find Numeric Phishing" setting (on by default) so that all > numeric IP addresses in links are flagged as being dangerous. > - Added "$postmastername" to the list of variables available in many > reports. > - ClamAV -autoupdate script now logs all warnings and errors from freshclam. > - Postfix support added to "IPBlock" functionality for SMTP connection > throttling. Many thanks to Rakesh for writing this. > - Updated German translations. Many thanks to Felix for doing this. > - Added PDF version of new MailScanner advertising "flyer". > - Added "Log Dangerous HTML Tags" configuration setting, and removed old > "Log IFrame Tags" configuration setting, so that all potentially dangerous > HTML tags are now logged. This helps when you are developing your white- > list of safe sources of HTML tags, such as newsletters and daily cartoons. > - Added "Phishing Safe Sites File" configuration setting to point to a file > containing a list of fully-qualified hostnames which are ignored in the > phishing detection tests. Any links to any of these hostnames are ignored > in the phishing tests. > > * Fixes * > - Fixed problem where some spam was delivered even if the Spam Actions > was set > to "store delete" if the messages were not to be virus-scanned. > - Fixed harmless uninitialised variables in HTML disarming. > - Removed 2nd copy of tnef sources from tar distribution. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 18 21:58:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Added. Jeff A. Earickson wrote: > Julian, > Also for ChangeLog file: > > - Added Eicar test virus to non-forging Virus list. > > Jeff Earickson > Colby College > > On Tue, 18 Jan 2005, Julian Field wrote: > >> Date: Tue, 18 Jan 2005 19:39:52 +0000 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: ANNOUNCE: Beta 4.38.3 released >> >> Evening all! >> >> I have just released beta version 4.38.3. >> >> Please don't run it on production systems for the next 24 hours or so, >> unless you know what you are doing and can retreat to your previous >> version easily. Any problems will probably appear in the first 24 hours >> of the release, due to the very kind testing done by many of you which >> all helps. >> >> The main new features are >> >> - Added "Phishing Safe Sites File" configuration setting to point to >> a file >> containing a list of fully-qualified hostnames which are ignored in the >> phishing detection tests. Any links to any of these hostnames are >> ignored >> in the phishing tests. >> - Added "Also Find Numeric Phishing" setting (on by default) so that all >> numeric IP addresses in links are flagged as being dangerous. >> >> - Any entry in the "Archive Mail" setting can contain _DATE_ which >> will be >> replaced with the current date in yyyymmdd form, so you can backup or >> move >> yesterday's archive safely knowing that it won't be written to today. >> - Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >> >> Download as usual from www.mailscanner.info >> >> The full Change Log is: >> >> * New Features and Improvements * >> - Upgraded to MIME-tools 5.416. >> - Added new filename restrictions using Microsoft vulnerability report >> from AUScert. >> - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work >> Dir and >> Incoming Queue Dir automatically from MailScanner.conf file. >> - Can now use $from, $id and $subject in inline signature for signing >> clean >> messages. >> - Any entry in the "Archive Mail" setting can contain _DATE_ which >> will be >> replaced with the current date in yyyymmdd form, so you can backup or >> move >> yesterday's archive safely knowing that it won't be written to today. >> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >> known to >> cause problems. >> - Added "Also Find Numeric Phishing" setting (on by default) so that all >> numeric IP addresses in links are flagged as being dangerous. >> - Added "$postmastername" to the list of variables available in many >> reports. >> - ClamAV -autoupdate script now logs all warnings and errors from >> freshclam. >> - Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >> - Updated German translations. Many thanks to Felix for doing this. >> - Added PDF version of new MailScanner advertising "flyer". >> - Added "Log Dangerous HTML Tags" configuration setting, and removed old >> "Log IFrame Tags" configuration setting, so that all potentially >> dangerous >> HTML tags are now logged. This helps when you are developing your white- >> list of safe sources of HTML tags, such as newsletters and daily >> cartoons. >> - Added "Phishing Safe Sites File" configuration setting to point to >> a file >> containing a list of fully-qualified hostnames which are ignored in the >> phishing detection tests. Any links to any of these hostnames are >> ignored >> in the phishing tests. >> >> * Fixes * >> - Fixed problem where some spam was delivered even if the Spam Actions >> was set >> to "store delete" if the messages were not to be virus-scanned. >> - Fixed harmless uninitialised variables in HTML disarming. >> - Removed 2nd copy of tnef sources from tar distribution. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MHewryk at SYMCOR.COM Tue Jan 18 22:08:45 2005 From: MHewryk at SYMCOR.COM (Magda Hewryk) Date: Thu Jan 12 21:28:15 2006 Subject: How can I force to verify the white list and keep the " if on spam list" option off? Message-ID: Thanks, the rule work. The maillog shows they are "whitelisted". Thanks, Magda Julian Field To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: How can I force to verify the white list and keep the " if on spam list" option off? 01/18/2005 03:29 PM Please respond to MailScanner mailing list From: *@isource.ibm.com yes From: *.isource.ibm.com yes FromOrTo: default no Magda Hewryk wrote: >Hi Julian, > >"Spam Checks" is turn on. It's a first option I've modified when running >MS. >Spam Checks = /etc/MailScanner/rules/deliver.clean.rules #mnh T125 TAGS >THE SUBJECT LINE > >I hope I can tune "Is Definitely Not Spam" to work for me. >Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules > >What is the syntax? For some reason spamhause (sbl+xbl) marks ibm as spam >.... > >Is the following syntax correct? > >From: whitelist_from *@isource.ibm.com yes >From: whitelist_from *.isource.ibm.com yes >FromOrTo: default no > > >~ > >Thanks, > >Magda Hewryk >-------------------------------- >Mid-Range Systems >905-273-1637 (Office) >416-554-0743 (Cell) > > > > Julian Field > SOTON.AC.UK> To > Sent by: MAILSCANNER@JISCMAIL.AC.UK > MailScanner cc > mailing list > MAIL.AC.UK> Re: How can I force to verify the > whit list and keep " if on spam > list" option off? > 01/18/2005 02:33 > PM > > > Please respond to > MailScanner > mailing list > MAIL.AC.UK> > > > > > > >You can't use the SpamAssassin whitelist without using SpamAssassin. >But if your whitelist is implemented as a MailScanner ruleset, just >apply it to "Spam Checks". >If you need to know more about rulesets, please consult the Book, the >MAQ or the FAQ. >I would of course prefer you to consult the Book :-) > >Magda Hewryk wrote: > > > >>Hi, >>Because RBL checks work fantastic for me I decided to turn off "Check Spam >>Assassin If On Spam List". >>However, the users start complaining now because the whitelist is not >>checked in the "spam.assassin.prefs.conf". How can I fix it? >>How can I force MailScanner to check the whitelist? >> >>If I turn back on the SpamAssasin we will get thousands spam per day. >>Looks like RBLs works much better these days thean spamassassin (3.0.2). >> >>If the message sender is on any of the Spam Lists, do you still want >># to do the SpamAssassin checks? Setting this to "no" will reduce the load >># on your server, but will stop the High Scoring Spam Actions from ever >># happening. >># This can also be the filename of a ruleset. >># mnh CR15998 Check SpamAssassin If On Spam List = yes >>Check SpamAssassin If On Spam List = no >> >> >>Thanks, >> >>Magda >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at GRAYONLINE.ID.AU Tue Jan 18 21:04:27 2005 From: james at GRAYONLINE.ID.AU (James Gray) Date: Thu Jan 12 21:28:15 2006 Subject: OT: Happy Birthday to Julian!!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 17 Jan 2005 08:10 pm, Martin Hepworth wrote: > Julian > > from the UK user....happy nth birthday > > James - hope you don't have to support the hardware! (I did have user in > Japan, now localsupport thank goodness, but I still got users in LA that > require a 10 hour flight..) Touch wood, sacrifice a chicken and check my karma quota.... yeh gotta maintain the hardware too :-/ It's our equipment but in a hosting facility with reasonably clued-in on-site ops. No problems with the hardware for the last 2 years. So far so good. (I've just jinxed myself haven't I?!) James -- Newton's Little-Known Seventh Law: A bird in the hand is safer than one overhead. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Tue Jan 18 23:20:19 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: On Tue, January 18, 2005 17:15, Rocky McCamey said: I would think so too, but it only shows that error over and over like so: Jan 18 08:32:01 filter5 postfix: Process did not exit cleanly, returned 9 with signal 0 Can you 'postfix stop' then 'postfix start' from the command line and check any log entries or comments at the command line. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! this is the postfix and mailscanner being stopped and restarted, well it shows it being started but it doesnt show it stopping. i dont know if it should, when i do stop it i can tell you there arent any postfix or mailscanner processes running when i do a ps aux. Jan 18 15:17:58 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:08 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:18 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:28 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:38 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:48 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:58 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:19:38 filter5 root: MailScanner setting GID to postfix (207) Jan 18 15:19:38 filter5 root: MailScanner setting UID to postfix (207) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From holger.banko at PGAM.COM Wed Jan 19 08:40:38 2005 From: holger.banko at PGAM.COM (Holger Banko) Date: Thu Jan 12 21:28:15 2006 Subject: Number of Messages waiting is growing and growing... Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My Problem ist, that the number of messages waiting is growing. Yesterday i cleaned the mqueue.in folder with more than 1300 messages and then it was zero. Today I see in my /var/log/mail Jan 19 09:59:28 linux MailScanner[15674]: New Batch: Found 35 messages waiting So at the end of the day we will be at 70 or more. I use Mailscanner since february last year and as far as I remeber I have this problem with all versions I installed. Actually a MailScanner-4.35.11-1 is running on a SuSE 9.0. Anybody an idea how can I fix this? Holger ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jan 19 08:48:51 2005 From: dh at UPTIME.AT ([UTF-8] David Höhn) Date: Thu Jan 12 21:28:15 2006 Subject: Bug with Split Sendmail queue ? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Greetings. I installed the latest beta. I am getting now: Jan 19 09:45:28 backend MailScanner[19993]: /var/spool/mqueue.in/xf & /var/spool/mqueue must be on the same filesystem/partition! The setup is as follows: tpmfs on /var/spool/mqueue.in/xf and /var/spool/mqueue as well as /var/spool/mqueue.in/{df,cf} live on /dev/sda2 MailScanner.conf reads: Incoming Queue Dir = /var/spool/mqueue.in/* Since I was the one that sked for the split queue feature so I could have the xf files in memory, I am wondering what I am doing wrong :) Thank you - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFB7h7zPMoaMn4kKR4RA8/ZAJ0SKpryFvhzPqni8HwfftjcPtbaQgCeMuSQ fROB0/FD2MfgmlW5P16ZDLU= =VbUA -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Wed Jan 19 09:06:10 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:28:15 2006 Subject: OT: Regarding mailshell plugin for exchange Message-ID: Hi I did a test with the mailshell plugin for exchange but I got stuck on this when I tried to do the setup. 2005-01-11 17:24:50 : EventRegFoldURL: file://./backofficestorage/lkl.ltkalmar.se/MBX/SystemMailbox{118FE8E4-2A 91-4B68-9077-552D8D45810C}/StoreEvents/GlobalEvents/ 2005-01-11 17:24:50 : RegisterSink 2005-01-11 17:24:50 : RegisterSink 1 2005-01-11 17:24:50 : RegisterSink 2 2005-01-11 17:24:50 : RegisterSink 3 2005-01-11 17:24:50 : Error -2147217895 : Object or data matching the name, range, or selection criteria was not found within the scope of this operation. I tried to figure out where to change according to http://support.microsoft.com/default.aspx?scid=kb;en-us;286336 according to the info from microsoft but I got lost. Anyone got this to work that can give me a hint on how to solve it? /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 19 09:14:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Bug with Split Sendmail queue ? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please check the documentation in the MailScanner.conf file. Just above the mqueue.in setting, the MailScanner.conf file clearly says # If you are using sendmail and have your queues split into qf, df, xf # directories, then just specify the main directory, do not give me the # directory names of the qf,df,xf directories. # Example: if you have /var/spool/mqueue.in/qf # /var/spool/mqueue.in/df # /var/spool/mqueue.in/xf # then just tell me /var/spool/mqueue.in. I will find the subdirectories # automatically. David Höhn wrote: > Greetings. > > I installed the latest beta. > > I am getting now: > > Jan 19 09:45:28 backend MailScanner[19993]: /var/spool/mqueue.in/xf & > /var/spool/mqueue must be on the same filesystem/partition! > > The setup is as follows: > > tpmfs on /var/spool/mqueue.in/xf > and /var/spool/mqueue as well as > /var/spool/mqueue.in/{df,cf} live on /dev/sda2 > > MailScanner.conf reads: > Incoming Queue Dir = /var/spool/mqueue.in/* > > Since I was the one that sked for the split queue feature so I could > have the xf files in memory, I am wondering what I am doing wrong :) > > Thank you > > -d > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jan 19 09:35:31 2005 From: dh at UPTIME.AT ([UTF-8] David Höhn) Date: Thu Jan 12 21:28:15 2006 Subject: Bug with Split Sendmail queue ? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | Please check the documentation in the MailScanner.conf file. | Just above the mqueue.in setting, the MailScanner.conf file clearly says | | # If you are using sendmail and have your queues split into qf, df, xf | # directories, then just specify the main directory, do not give me the | # directory names of the qf,df,xf directories. | # Example: if you have /var/spool/mqueue.in/qf | # /var/spool/mqueue.in/df | # /var/spool/mqueue.in/xf | # then just tell me /var/spool/mqueue.in. I will find the subdirectories | # automatically. | Soory about that, obviouly I either overread that. Serves me right :) Thank you Julian PS: maybe a int to that in the error m,essages might save you further stupid questions like mine - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFB7injPMoaMn4kKR4RA21sAJ9iI+zMK3UTAWNBSeflE9eN4pnd/ACfYivw UkKN3Ancs4rBF6RckkhC6KI= =C+Q7 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 19 11:25:10 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: Do you have a separate error and warning log? If so, do they contain any clues? I have a vague recollection of seeing this last time I set up a new server, but for the life of me, I can't remember what it was... More than it being something entirely silly, like needing to build the alias db or somesuch... Or some silly typo in main.cf... Sorry I can't be more specific (I've got RALM == Random Agedecrepit Lossy Memory:) -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rocky McCamey Sent: den 19 januari 2005 00:20 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: postfix: Process did not exit cleanly Drew Marshall wrote: On Tue, January 18, 2005 17:15, Rocky McCamey said: I would think so too, but it only shows that error over and over like so: Jan 18 08:32:01 filter5 postfix: Process did not exit cleanly, returned 9 with signal 0 Can you 'postfix stop' then 'postfix start' from the command line and check any log entries or comments at the command line. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! this is the postfix and mailscanner being stopped and restarted, well it shows it being started but it doesnt show it stopping. i dont know if it should, when i do stop it i can tell you there arent any postfix or mailscanner processes running when i do a ps aux. Jan 18 15:17:58 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:08 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:18 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:28 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:38 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:48 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:18:58 filter5 postfix: Process did not exit cleanly, returned 255 with signal 0 Jan 18 15:19:38 filter5 root: MailScanner setting GID to postfix (207) Jan 18 15:19:38 filter5 root: MailScanner setting UID to postfix (207) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jan 19 11:35:15 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, January 18, 2005 23:20, Rocky McCamey said: > Drew Marshall wrote: >>Can you 'postfix stop' then 'postfix start' from the command line and >>check any log entries or comments at the command line. >> >>Drew > > this is the postfix and mailscanner being stopped and restarted, well it > shows it being started but it doesnt show it stopping. i dont know if > it should, when i do stop it i can tell you there arent any postfix or > mailscanner processes running when i do a ps aux. Which OS are you using? I assume one based on RPM using the 'service' command? If so can you stop MailScanner and Postfix using 'service' then start just Postfix using the commands above from the command line and check the logs. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Wed Jan 19 12:20:15 2005 From: dannyh at aac-services.co.uk (Dan Haris) Date: Thu Jan 12 21:28:15 2006 Subject: Blacklist To: not working Message-ID: Hi, We get a lot of spam sent to specific non-existent users, which I'm trying to block. We use what I believe is the latest stable MailScanner (4.37.7) along with Exim 4.32, as a gateway server. I've seen some discussion in the mailing list archives about blocking non-existent users at the mta level, but this seems to have only been on sendmail. For various reasons (mainly paranoid management) we don't want to go this route at the moment, but if anyone can point me in the right direction for this I'd appreciate it as it may be of use as a last resort. Our main mail servers (E-Smith/SME server) run QMail I think authenticating against an LDAP user database (although I may be talking rubbish there!). Anyhow, here's the question: I'm trying to blacklist a To: address in my /etc/MailScanner/rules/spam.blacklist.rules file with an entry like this: To: user@domain.co.uk yes Unfortunately this does not seem to be behaving as expected. Since I added this rule, I've had several spam emails get through to this address. Looking at the relevant headers from one of them below, the address seems to have been recognised as blacklisted, but assigned a HIGH SPAM SCORE of zero and says "Found to be clean": Subject: {Spam? High Score 0} Downl0ad National Treasure Movie To: xxx@yyyy.co.uk X-yyyy-MailScanner-Information: Please contact the IT Dept for more information X-yyyy-MailScanner: Found to be clean X-yyyy-MailScanner-SpamCheck: spam (blacklisted) There is no entry in the log for this spam (presumably as I don't bother logging non-spam). However there is an entry like this: Jan 18 03:29:35 mailscan MailScanner[7058]: Message 1Cqk3g-0001vb-Ep from 218.232.191.173 (livptxxxx@yyyy.co.uk) to yyyy.co.uk is spam (blacklisted) This email did not get through. My MailScanner.conf contains the following: Definite Spam Is High Scoring = yes Required SpamAssassin Score = 5 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes Check SpamAssassin If On Spam List = yes Spam Actions = forward spamtrap@yyyy.co.uk High Scoring Spam Actions = delete Non Spam Actions = deliver Any ideas anyone? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Wed Jan 19 12:52:55 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:28:15 2006 Subject: Blacklist To: not working Message-ID: Dan Haris wrote: >Hi, > >We get a lot of spam sent to specific non-existent users, which I'm trying >to block. We use what I believe is the latest stable MailScanner (4.37.7) >along with Exim 4.32, as a gateway server. I've seen some discussion in the >mailing list archives about blocking non-existent users at the mta level, >but this seems to have only been on sendmail. For various reasons (mainly >paranoid management) we don't want to go this route at the moment, but if >anyone can point me in the right direction for this I'd appreciate it as it >may be of use as a last resort. > You'll want to use Exim's callout fuction: http://www.exim.org/exim-html-4.40/doc/html/spec.html A far better solution is to "block" at the MTA level IMHO. regards Dan > Our main mail servers (E-Smith/SME server) >run QMail I think authenticating against an LDAP user database (although I >may be talking rubbish there!). > >Anyhow, here's the question: > >I'm trying to blacklist a To: address in my >/etc/MailScanner/rules/spam.blacklist.rules file with an entry like this: > >To: user@domain.co.uk yes > >Unfortunately this does not seem to be behaving as expected. Since I added >this rule, I've had several spam emails get through to this address. Looking >at the relevant headers from one of them below, the address seems to have >been recognised as blacklisted, but assigned a HIGH SPAM SCORE of zero and >says "Found to be clean": > >Subject: {Spam? High Score 0} Downl0ad National Treasure Movie >To: xxx@yyyy.co.uk >X-yyyy-MailScanner-Information: Please contact the IT Dept for more >information >X-yyyy-MailScanner: Found to be clean >X-yyyy-MailScanner-SpamCheck: spam (blacklisted) > >There is no entry in the log for this spam (presumably as I don't bother >logging non-spam). However there is an entry like this: > >Jan 18 03:29:35 mailscan MailScanner[7058]: Message 1Cqk3g-0001vb-Ep from >218.232.191.173 (livptxxxx@yyyy.co.uk) to yyyy.co.uk is spam (blacklisted) > >This email did not get through. > >My MailScanner.conf contains the following: > >Definite Spam Is High Scoring = yes >Required SpamAssassin Score = 5 >High SpamAssassin Score = 10 >SpamAssassin Auto Whitelist = yes >Check SpamAssassin If On Spam List = yes >Spam Actions = forward spamtrap@yyyy.co.uk >High Scoring Spam Actions = delete >Non Spam Actions = deliver > >Any ideas anyone? > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's Hospital Medical School Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sghms.ac.uk ____________________________________ Computing Services Homepage: http://www.intranet.sghms.ac.uk/depts/is/cu/ The Computing Services Handbook: http://www.intranet.sghms.ac.uk/depts/is/cu/handbook2003-4.pdf Everything is possible....except skiing through a revolving door. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jan 19 15:53:39 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:15 2006 Subject: OT - MailScanner MRTG Message-ID: Hello! I know this isn't a MailScanner problem per-se, but ... I just had to activate eth1 (so now I have eth0 and eth1) in my MailScanner machine and now some of my Mailscanner MRTG graphs are all confused. Like the Quarantine graph shows wrong, even though there really are lots of files in there. Any thoughts as to what I did or didn't do right ? Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 19 16:01:42 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:15 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: Julian So far, so good. Installed 4.38.3-1 on one of our 8 production mail gateways this afternoon. Running OK and as expected. System is RH AS 3 running on a Compaq DL380. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 18 January 2005 19:40 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: ANNOUNCE: Beta 4.38.3 released > >Evening all! > >I have just released beta version 4.38.3. > >Please don't run it on production systems for the next 24 hours or so, >unless you know what you are doing and can retreat to your previous >version easily. Any problems will probably appear in the first 24 hours >of the release, due to the very kind testing done by many of you which >all helps. > >The main new features are > >- Added "Phishing Safe Sites File" configuration setting to >point to a file > containing a list of fully-qualified hostnames which are >ignored in the > phishing detection tests. Any links to any of these >hostnames are ignored > in the phishing tests. >- Added "Also Find Numeric Phishing" setting (on by default) >so that all > numeric IP addresses in links are flagged as being dangerous. > >- Any entry in the "Archive Mail" setting can contain _DATE_ >which will be > replaced with the current date in yyyymmdd form, so you can >backup or move > yesterday's archive safely knowing that it won't be written to today. >- Postfix support added to "IPBlock" functionality for SMTP connection > throttling. Many thanks to Rakesh for writing this. > >Download as usual from www.mailscanner.info > >The full Change Log is: > >* New Features and Improvements * >- Upgraded to MIME-tools 5.416. >- Added new filename restrictions using Microsoft vulnerability report >from AUScert. >- Improved /etc/sysconfig/MailScanner so that it finds >Incoming Work Dir and > Incoming Queue Dir automatically from MailScanner.conf file. >- Can now use $from, $id and $subject in inline signature for >signing clean > messages. >- Any entry in the "Archive Mail" setting can contain _DATE_ >which will be > replaced with the current date in yyyymmdd form, so you can >backup or move > yesterday's archive safely knowing that it won't be written to today. >- Added zero score for ALL_TRUSTED rule in SpamAssassin as it >is known to > cause problems. >- Added "Also Find Numeric Phishing" setting (on by default) >so that all > numeric IP addresses in links are flagged as being dangerous. >- Added "$postmastername" to the list of variables available in many >reports. >- ClamAV -autoupdate script now logs all warnings and errors >from freshclam. >- Postfix support added to "IPBlock" functionality for SMTP connection > throttling. Many thanks to Rakesh for writing this. >- Updated German translations. Many thanks to Felix for doing this. >- Added PDF version of new MailScanner advertising "flyer". >- Added "Log Dangerous HTML Tags" configuration setting, and >removed old > "Log IFrame Tags" configuration setting, so that all >potentially dangerous > HTML tags are now logged. This helps when you are developing >your white- > list of safe sources of HTML tags, such as newsletters and >daily cartoons. >- Added "Phishing Safe Sites File" configuration setting to >point to a file > containing a list of fully-qualified hostnames which are >ignored in the > phishing detection tests. Any links to any of these >hostnames are ignored > in the phishing tests. > >* Fixes * >- Fixed problem where some spam was delivered even if the Spam Actions >was set > to "store delete" if the messages were not to be virus-scanned. >- Fixed harmless uninitialised variables in HTML disarming. >- Removed 2nd copy of tnef sources from tar distribution. > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Wed Jan 19 16:04:05 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:15 2006 Subject: OT - MailScanner MRTG Message-ID: --On Wednesday, January 19, 2005 10:53 AM -0500 "Michael H. Martel" wrote: > Any thoughts as to what I did or didn't do right ? Never mind ... It's working fine and I was just confused. :-) Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bart at TEXAN.NET Wed Jan 19 16:21:29 2005 From: bart at TEXAN.NET (Bart E. Hawley Sr.) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > How about this? Anyone want to test it for me please? I'll put out a new > beta if you want it. > > There is now a new configuration option: > > I am willing to test it on my site. I have a couple of mailing lists that keep getting tagged for phishing, but I know they are legit links through a click-through type setup. > > > Support MailScanner development - buy the book off the website! > > I did :) -- Bart E. Hawley Sr. SysAdmin BNet, Inc. 713-926-2209 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Wed Jan 19 16:16:21 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:15 2006 Subject: OT: Configuring sendmail not to reveal internal hostnames Message-ID: As the subject says, this is OT. I apologize. I'm searching for a means by which I can tell sendmail to expose the host names of local computers on our network. The computers are named after the users they are associated with so that reveals a lot to folks in the outside world. Anyone know of a means to disable this? I just want to disable the reverse lookup. Thanks! Errol Neal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Wed Jan 19 16:19:57 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:15 2006 Subject: Configuring sendmail not to reveal internal hostnames Message-ID: Excuse me, I mean *not* to expose. Sorry -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Errol Neal Sent: Wednesday, January 19, 2005 11:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Configuring sendmail not to reveal internal hostnames As the subject says, this is OT. I apologize. I'm searching for a means by which I can tell sendmail to expose the host names of local computers on our network. The computers are named after the users they are associated with so that reveals a lot to folks in the outside world. Anyone know of a means to disable this? I just want to disable the reverse lookup. Thanks! Errol Neal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Wed Jan 19 16:29:41 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:15 2006 Subject: Configuring sendmail not to reveal internal hostnames Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >As the subject says, this is OT. I apologize. > >I'm searching for a means by which I can tell sendmail to expose the >host names of local computers on our network. The computers are named >after the users they are associated with so that reveals a lot to folks >in the outside world. Anyone know of a means to disable this? I just >want to disable the reverse lookup. I'm doing something similar. I do not want e-mails destined for the outside world to contain any information of the internal infrastructure. What I do is simple, I remove the "Received:" header from all e-mails coming from the LAN on the e-mail gateway(s). You can use the "Remove These Headers" option to point to a file (make sure it ends with ".rules") which contains something like this: From: 10. Received: X-Mozilla-Status: X-Mozilla-Status2: FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: This way all internal routing information is removed for outgoing e-mails. >Thanks! > >Errol Neal Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 19 16:41:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The only problem found so far is with the new IPBlock code in CustomConfig.pm which stops "MailScanner -v" working. I've fixed that. Quentin Campbell wrote: >Julian > >So far, so good. > >Installed 4.38.3-1 on one of our 8 production mail gateways this >afternoon. > >Running OK and as expected. > >System is RH AS 3 running on a Compaq DL380. > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 18 January 2005 19:40 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: ANNOUNCE: Beta 4.38.3 released >> >>Evening all! >> >>I have just released beta version 4.38.3. >> >>Please don't run it on production systems for the next 24 hours or so, >>unless you know what you are doing and can retreat to your previous >>version easily. Any problems will probably appear in the first 24 hours >>of the release, due to the very kind testing done by many of you which >>all helps. >> >>The main new features are >> >>- Added "Phishing Safe Sites File" configuration setting to >>point to a file >> containing a list of fully-qualified hostnames which are >>ignored in the >> phishing detection tests. Any links to any of these >>hostnames are ignored >> in the phishing tests. >>- Added "Also Find Numeric Phishing" setting (on by default) >>so that all >> numeric IP addresses in links are flagged as being dangerous. >> >>- Any entry in the "Archive Mail" setting can contain _DATE_ >>which will be >> replaced with the current date in yyyymmdd form, so you can >>backup or move >> yesterday's archive safely knowing that it won't be written to today. >>- Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >> >>Download as usual from www.mailscanner.info >> >>The full Change Log is: >> >>* New Features and Improvements * >>- Upgraded to MIME-tools 5.416. >>- Added new filename restrictions using Microsoft vulnerability report >> >> >>from AUScert. > > >>- Improved /etc/sysconfig/MailScanner so that it finds >>Incoming Work Dir and >> Incoming Queue Dir automatically from MailScanner.conf file. >>- Can now use $from, $id and $subject in inline signature for >>signing clean >> messages. >>- Any entry in the "Archive Mail" setting can contain _DATE_ >>which will be >> replaced with the current date in yyyymmdd form, so you can >>backup or move >> yesterday's archive safely knowing that it won't be written to today. >>- Added zero score for ALL_TRUSTED rule in SpamAssassin as it >>is known to >> cause problems. >>- Added "Also Find Numeric Phishing" setting (on by default) >>so that all >> numeric IP addresses in links are flagged as being dangerous. >>- Added "$postmastername" to the list of variables available in many >>reports. >>- ClamAV -autoupdate script now logs all warnings and errors >> >> >>from freshclam. > > >>- Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >>- Updated German translations. Many thanks to Felix for doing this. >>- Added PDF version of new MailScanner advertising "flyer". >>- Added "Log Dangerous HTML Tags" configuration setting, and >>removed old >> "Log IFrame Tags" configuration setting, so that all >>potentially dangerous >> HTML tags are now logged. This helps when you are developing >>your white- >> list of safe sources of HTML tags, such as newsletters and >>daily cartoons. >>- Added "Phishing Safe Sites File" configuration setting to >>point to a file >> containing a list of fully-qualified hostnames which are >>ignored in the >> phishing detection tests. Any links to any of these >>hostnames are ignored >> in the phishing tests. >> >>* Fixes * >>- Fixed problem where some spam was delivered even if the Spam Actions >>was set >> to "store delete" if the messages were not to be virus-scanned. >>- Fixed harmless uninitialised variables in HTML disarming. >>- Removed 2nd copy of tnef sources from tar distribution. >> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 19 16:43:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Configuring sendmail not to reveal internal hostnames Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Put this in your sendmail.mc file and rebuild the sendmail.cf file MASQUERADE_AS(`ecs.soton.ac.uk') FEATURE(masquerade_envelope) FEATURE(allmasquerade) Obviously you will want to change ecs.soton.ac.uk to your domain name. Errol Neal wrote: >Excuse me, I mean *not* to expose. Sorry > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Errol Neal >Sent: Wednesday, January 19, 2005 11:16 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: OT: Configuring sendmail not to reveal internal hostnames > >As the subject says, this is OT. I apologize. > >I'm searching for a means by which I can tell sendmail to expose the >host names of local computers on our network. The computers are named >after the users they are associated with so that reveals a lot to folks >in the outside world. Anyone know of a means to disable this? I just >want to disable the reverse lookup. > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 19 16:44:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's already posted on the website, version 4.38.3. Let us know if you have any problems. Bart E. Hawley Sr. wrote: > Julian Field wrote: > >> How about this? Anyone want to test it for me please? I'll put out a new >> beta if you want it. >> >> There is now a new configuration option: >> >> > I am willing to test it on my site. I have a couple of mailing lists > that keep getting tagged for phishing, but I know they are legit links > through a click-through type setup. > >> >> >> Support MailScanner development - buy the book off the website! >> >> > I did :) > > -- > > Bart E. Hawley Sr. > SysAdmin > BNet, Inc. > 713-926-2209 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Wed Jan 19 16:52:51 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, This one works good on our site. But, I've got additional questions/feature-requests ;)) The mailing why I would like to use the 'phishing whitelist'-thing, also contains a mailto-link, which is detected as 'phishing'. Also the tag, and wrote: > It's already posted on the website, version 4.38.3. > Let us know if you have any problems. > > Bart E. Hawley Sr. wrote: > >> Julian Field wrote: >> >>> How about this? Anyone want to test it for me please? I'll put out >>> a new beta if you want it. >>> >>> There is now a new configuration option: >>> >>> >> I am willing to test it on my site. I have a couple of mailing lists >> that keep getting tagged for phishing, but I know they are legit >> links through a click-through type setup. >> >>> >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> I did :) >> >> -- >> >> Bart E. Hawley Sr. >> SysAdmin >> BNet, Inc. >> 713-926-2209 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! -- Met vriendelijke groet, Wietse Muizelaar ------------------------------------------- W.G. Muizelaar Boudisque Webmaster / ICT Haringpakkerssteeg 10-18, 1012 LR Amsterdam Telefoon: +31 (0)20 - 6232603 E-mail: wietse@boudisque.nl Website: www.boudisque.nl ------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 19 17:12:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It should ignore mailto: links (and does on my test systems). I guess I could also ignore links in the messages. Is that what you meant? Wietse Muizelaar wrote: > Hi, > > This one works good on our site. But, I've got additional > questions/feature-requests ;)) > The mailing why I would like to use the 'phishing whitelist'-thing, also > contains a mailto-link, which is detected as 'phishing'. Also the name= > > tag, and think > of a way to ' whitelist' this behaviour also? Or, since it's a link to > another part of the mail, should it be considered as phishing? > > Thanks for the thought; and of course for your great support! > > Regards, > Wietse > > > On Wednesday, January 19, 2005 5:44 PM, > Julian Field wrote: > >> It's already posted on the website, version 4.38.3. >> Let us know if you have any problems. >> >> Bart E. Hawley Sr. wrote: >> >>> Julian Field wrote: >>> >>>> How about this? Anyone want to test it for me please? I'll put out >>>> a new beta if you want it. >>>> >>>> There is now a new configuration option: >>>> >>>> >>> I am willing to test it on my site. I have a couple of mailing lists >>> that keep getting tagged for phishing, but I know they are legit >>> links through a click-through type setup. >>> >>>> >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> I did :) >>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Wed Jan 19 17:29:05 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:15 2006 Subject: Configuring sendmail not to reveal internal hostnames Message-ID: Thanks everyone. I just decided to modify sendmail/conf.c. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 19, 2005 11:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Configuring sendmail not to reveal internal hostnames Put this in your sendmail.mc file and rebuild the sendmail.cf file MASQUERADE_AS(`ecs.soton.ac.uk') FEATURE(masquerade_envelope) FEATURE(allmasquerade) Obviously you will want to change ecs.soton.ac.uk to your domain name. Errol Neal wrote: >Excuse me, I mean *not* to expose. Sorry > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Errol Neal >Sent: Wednesday, January 19, 2005 11:16 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: OT: Configuring sendmail not to reveal internal hostnames > >As the subject says, this is OT. I apologize. > >I'm searching for a means by which I can tell sendmail to expose the >host names of local computers on our network. The computers are named >after the users they are associated with so that reveals a lot to folks >in the outside world. Anyone know of a means to disable this? I just >want to disable the reverse lookup. > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 19 17:35:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Configuring sendmail not to reveal internal hostnames Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Eek! You really don't need to (or want to) modify the source just for a configuration setting. Maintenance nightmare :-( Errol Neal wrote: >Thanks everyone. I just decided to modify sendmail/conf.c. > > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Wednesday, January 19, 2005 11:44 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Configuring sendmail not to reveal internal hostnames > >Put this in your sendmail.mc file and rebuild the sendmail.cf file > >MASQUERADE_AS(`ecs.soton.ac.uk') >FEATURE(masquerade_envelope) >FEATURE(allmasquerade) > >Obviously you will want to change ecs.soton.ac.uk to your domain name. > >Errol Neal wrote: > > > >>Excuse me, I mean *not* to expose. Sorry >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Errol Neal >>Sent: Wednesday, January 19, 2005 11:16 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: OT: Configuring sendmail not to reveal internal hostnames >> >>As the subject says, this is OT. I apologize. >> >>I'm searching for a means by which I can tell sendmail to expose the >>host names of local computers on our network. The computers are named >>after the users they are associated with so that reveals a lot to folks >> >> > > > >>in the outside world. Anyone know of a means to disable this? I just >>want to disable the reverse lookup. >> >> >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Felix.Schwarz at WEB.DE Wed Jan 19 18:04:23 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:15 2006 Subject: German court rules e-mail blocking 'illegal'. Message-ID: Hi, in addition to the things Christoph Peter mentioned I want to say that the whole point is that every user must agree that you may block some of his mails because MailScanner or any other filtering software think that they are spam or are infected. You are not allowed to suppress mails if the user doesn't want this and he must have the option to stop the filtering. If your users are employees everything should be fine because it may be a coporate wide policy. I think this decision doesn't create a new situation at all. A analysis of the court ruling is available at: http://www.heise.de/ct/03/26/186/ (sorry, only in german) -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 19 18:18:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you try upgrading to HTML-Parser-3.45 please? There have been loads of bugfixes since the version 3.26 which I still ship with MailScanner. Preliminary testing has not shown any problems. Quentin Campbell wrote: >Julian > >So far, so good. > >Installed 4.38.3-1 on one of our 8 production mail gateways this >afternoon. > >Running OK and as expected. > >System is RH AS 3 running on a Compaq DL380. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 18 January 2005 19:40 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: ANNOUNCE: Beta 4.38.3 released >> >>Evening all! >> >>I have just released beta version 4.38.3. >> >>Please don't run it on production systems for the next 24 hours or so, >>unless you know what you are doing and can retreat to your previous >>version easily. Any problems will probably appear in the first 24 hours >>of the release, due to the very kind testing done by many of you which >>all helps. >> >>The main new features are >> >>- Added "Phishing Safe Sites File" configuration setting to >>point to a file >> containing a list of fully-qualified hostnames which are >>ignored in the >> phishing detection tests. Any links to any of these >>hostnames are ignored >> in the phishing tests. >>- Added "Also Find Numeric Phishing" setting (on by default) >>so that all >> numeric IP addresses in links are flagged as being dangerous. >> >>- Any entry in the "Archive Mail" setting can contain _DATE_ >>which will be >> replaced with the current date in yyyymmdd form, so you can >>backup or move >> yesterday's archive safely knowing that it won't be written to today. >>- Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >> >>Download as usual from www.mailscanner.info >> >>The full Change Log is: >> >>* New Features and Improvements * >>- Upgraded to MIME-tools 5.416. >>- Added new filename restrictions using Microsoft vulnerability report >> >> >>from AUScert. > > >>- Improved /etc/sysconfig/MailScanner so that it finds >>Incoming Work Dir and >> Incoming Queue Dir automatically from MailScanner.conf file. >>- Can now use $from, $id and $subject in inline signature for >>signing clean >> messages. >>- Any entry in the "Archive Mail" setting can contain _DATE_ >>which will be >> replaced with the current date in yyyymmdd form, so you can >>backup or move >> yesterday's archive safely knowing that it won't be written to today. >>- Added zero score for ALL_TRUSTED rule in SpamAssassin as it >>is known to >> cause problems. >>- Added "Also Find Numeric Phishing" setting (on by default) >>so that all >> numeric IP addresses in links are flagged as being dangerous. >>- Added "$postmastername" to the list of variables available in many >>reports. >>- ClamAV -autoupdate script now logs all warnings and errors >> >> >>from freshclam. > > >>- Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >>- Updated German translations. Many thanks to Felix for doing this. >>- Added PDF version of new MailScanner advertising "flyer". >>- Added "Log Dangerous HTML Tags" configuration setting, and >>removed old >> "Log IFrame Tags" configuration setting, so that all >>potentially dangerous >> HTML tags are now logged. This helps when you are developing >>your white- >> list of safe sources of HTML tags, such as newsletters and >>daily cartoons. >>- Added "Phishing Safe Sites File" configuration setting to >>point to a file >> containing a list of fully-qualified hostnames which are >>ignored in the >> phishing detection tests. Any links to any of these >>hostnames are ignored >> in the phishing tests. >> >>* Fixes * >>- Fixed problem where some spam was delivered even if the Spam Actions >>was set >> to "store delete" if the messages were not to be virus-scanned. >>- Fixed harmless uninitialised variables in HTML disarming. >>- Removed 2nd copy of tnef sources from tar distribution. >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Wed Jan 19 19:28:15 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: On Tue, January 18, 2005 23:20, Rocky McCamey said: Drew Marshall wrote: Can you 'postfix stop' then 'postfix start' from the command line and check any log entries or comments at the command line. Drew this is the postfix and mailscanner being stopped and restarted, well it shows it being started but it doesnt show it stopping. i dont know if it should, when i do stop it i can tell you there arent any postfix or mailscanner processes running when i do a ps aux. Which OS are you using? I assume one based on RPM using the 'service' command? If so can you stop MailScanner and Postfix using 'service' then start just Postfix using the commands above from the command line and check the logs. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! I am using gentoo as my os, running the 2.6 kernel. When I start postfix by itself, I get no errors, but as soon as I start MailScanner I start to get that error agian. So im guessing that it would be somthing with MailScanner?? I am at my wits end here i have tried remerging postfix, my MailScanner ebuild, even tried on a different server, and i get the same error. -Rocky ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jan 19 19:54:35 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rocky McCamey wrote: > Drew Marshall wrote: > >>On Tue, January 18, 2005 23:20, Rocky McCamey said: >> >> >>>Drew Marshall wrote: >>> >>> >>>>Can you 'postfix stop' then 'postfix start' from the command line and >>>>check any log entries or comments at the command line. >>>> >>>>Drew >>>> >>>> >>>this is the postfix and mailscanner being stopped and restarted, well it >>>shows it being started but it doesnt show it stopping. i dont know if >>>it should, when i do stop it i can tell you there arent any postfix or >>>mailscanner processes running when i do a ps aux. >>> >>> >> >>Which OS are you using? I assume one based on RPM using the 'service' >>command? If so can you stop MailScanner and Postfix using 'service' then >>start just Postfix using the commands above from the command line and >>check the logs. >> >>Drew >> >> >>-- >>In line with our policy, this message has >>been scanned for viruses and dangerous >>content by MailScanner, and is believed to be clean. >>www.themarshalls.co.uk/policy >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > I am using gentoo as my os, running the 2.6 kernel. When I start > postfix by itself, I get no errors, but as soon as I start MailScanner I > start to get that error agian. So im guessing that it would be somthing > with MailScanner?? I am at my wits end here i have tried remerging > postfix, my MailScanner ebuild, even tried on a different server, and i > get the same error. Is the following set properly in mailscanner.conf file; # User to run as (not normally used for sendmail) # If you want to change the ownership or permissions of the quarantine or # temporary files created by MailScanner, please see the "Incoming Work" # settings later in this file. #Run As User = mail #Run As User = postfix Run As User = # Group to run as (not normally used for sendmail) #Run As Group = mail #Run As Group = postfix Run As Group = -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 19 20:38:08 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:15 2006 Subject: [Mailwatch-users] Mailwatch and quarantine release. Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On a terminal, try playing MTA with "telnet localhost 25" ... I'm sure it doesn't work either;-). Simply put: you need amend your MTA, possible local firewalling, MailScanner etc so that it'll allow (or "whitelist" the loopback address 127.0.0.1 ... then MW will work OK too. -- Glenn -----Original Message----- From: mailwatch-users-admin@lists.sourceforge.net on behalf of Mathew Davies Sent: Thu 1/13/2005 4:47 PM To: mailwatch-users@lists.sourceforge.net Cc: mailscanner@jiscmail.ac.uk Subject: [Mailwatch-users] Mailwatch and quarantine release. I've spent a while searching through the list archive and so far all I have found is this message on the list but no resolution http://sourceforge.net/mailarchive/message.php?msg_id=9495585 Mailwatch does not seem to be able to release a quarantined message I can sa-learn it, delete it, etc. When I try to release, it comes back and says: Release: error I've checked the permissions /var/spool/MailScanner/quarantine) I am running debian sarge package mailscanner 4.36.4-1 and src MailWatch 0.51 Does anyone know the resolution to this? thanks mat ---------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by IPT MailScanner, and is believed to be clean. Interactive Prospect Targeting http://www.ipt-ltd.co.uk/ ---------------------------------------------------------------------- ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Mailwatch-users mailing list Mailwatch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mailwatch-users ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Wed Jan 19 20:44:09 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Rocky McCamey wrote: > >> Drew Marshall wrote: >> >>> On Tue, January 18, 2005 23:20, Rocky McCamey said: >>> >>> >>>> Drew Marshall wrote: >>>> >>>> >>>>> Can you 'postfix stop' then 'postfix start' from the command line and >>>>> check any log entries or comments at the command line. >>>>> >>>>> Drew >>>>> >>>>> >>>> this is the postfix and mailscanner being stopped and restarted, >>>> well it >>>> shows it being started but it doesnt show it stopping. i dont know if >>>> it should, when i do stop it i can tell you there arent any postfix or >>>> mailscanner processes running when i do a ps aux. >>>> >>>> >>> >>> Which OS are you using? I assume one based on RPM using the 'service' >>> command? If so can you stop MailScanner and Postfix using 'service' >>> then >>> start just Postfix using the commands above from the command line and >>> check the logs. >>> >>> Drew >>> >>> >>> -- >>> In line with our policy, this message has >>> been scanned for viruses and dangerous >>> content by MailScanner, and is believed to be clean. >>> www.themarshalls.co.uk/policy >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> I am using gentoo as my os, running the 2.6 kernel. When I start >> postfix by itself, I get no errors, but as soon as I start MailScanner I >> start to get that error agian. So im guessing that it would be somthing >> with MailScanner?? I am at my wits end here i have tried remerging >> postfix, my MailScanner ebuild, even tried on a different server, and i >> get the same error. > > Is the following set properly in mailscanner.conf file; > > # User to run as (not normally used for sendmail) > # If you want to change the ownership or permissions of the quarantine or > # temporary files created by MailScanner, please see the "Incoming Work" > # settings later in this file. > #Run As User = mail > #Run As User = postfix > Run As User = > > # Group to run as (not normally used for sendmail) > #Run As Group = mail > #Run As Group = postfix > Run As Group = > > > -- > "If you have ever eaten crow, > It don't taste like chicken!!" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > user and group are set to postfix in the mailscanenr.conf -Rocky ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Thu Jan 20 05:18:55 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:15 2006 Subject: Temp file full?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, Can anyone give me an opinion on the following? I am getting an error in my logs and no mail is being delivered or processed. It appears to be a drive full error, however the drive does not look to be full. Jan 19 10:18:03 rosewood sendmail[5314]: j0JFELu1005314: SYSERR(root): Out of disk space for temp file Here is what my disk usage looks like: Filesystem Size Used Avail Use% Mounted on /dev/hda2 572M 376M 167M 70% / /dev/hda1 122M 24M 92M 21% /boot /dev/hda3 5.4G 2.1G 3.1G 41% /home none 496M 0 496M 0% /dev/shm /dev/hda7 28G 17G 11G 62% /usr /dev/hda5 2.0G 1009M 861M 54% /var Any ideas where I can start with this? Thanks Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Thu Jan 20 06:19:56 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:15 2006 Subject: Temp file full?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just an update. I restarted MailScanner and I restarted syslogd as well because the logs did not seem to be updating. The mailserver started working again but the server seemed to be down from just after 10:00 PM last night to about 1:00 AM today. I would like to know what this was so if anyone has any ideas about what this was and how to prevent it from happening again, I would sure like to hear it. Dave Dave Filchak wrote: > Hi all, > > Can anyone give me an opinion on the following? > > I am getting an error in my logs and no mail is being delivered or > processed. It appears to be a drive full error, however the drive does > not look to be full. > > Jan 19 10:18:03 rosewood sendmail[5314]: j0JFELu1005314: SYSERR(root): > Out of disk space for temp file > > Here is what my disk usage looks like: > > Filesystem Size Used Avail Use% Mounted on > /dev/hda2 572M 376M 167M 70% / > /dev/hda1 122M 24M 92M 21% /boot > /dev/hda3 5.4G 2.1G 3.1G 41% /home > none 496M 0 496M 0% /dev/shm > /dev/hda7 28G 17G 11G 62% /usr > /dev/hda5 2.0G 1009M 861M 54% /var > > Any ideas where I can start with this? > > Thanks > > Dave > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 20 08:51:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:15 2006 Subject: Temp file full?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What does "df -i" say? Dave Filchak wrote: > Just an update. I restarted MailScanner and I restarted syslogd as well > because the logs did not seem to be updating. The mailserver started > working again but the server seemed to be down from just after 10:00 PM > last night to about 1:00 AM today. I would like to know what this was so > if anyone has any ideas about what this was and how to prevent it from > happening again, I would sure like to hear it. > > Dave > > Dave Filchak wrote: > >> Hi all, >> >> Can anyone give me an opinion on the following? >> >> I am getting an error in my logs and no mail is being delivered or >> processed. It appears to be a drive full error, however the drive does >> not look to be full. >> >> Jan 19 10:18:03 rosewood sendmail[5314]: j0JFELu1005314: SYSERR(root): >> Out of disk space for temp file >> >> Here is what my disk usage looks like: >> >> Filesystem Size Used Avail Use% Mounted on >> /dev/hda2 572M 376M 167M 70% / >> /dev/hda1 122M 24M 92M 21% /boot >> /dev/hda3 5.4G 2.1G 3.1G 41% /home >> none 496M 0 496M 0% /dev/shm >> /dev/hda7 28G 17G 11G 62% /usr >> /dev/hda5 2.0G 1009M 861M 54% /var >> >> Any ideas where I can start with this? >> >> Thanks >> >> Dave > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jan 20 08:56:51 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:15 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rocky McCamey wrote: >> > user and group are set to postfix in the mailscanenr.conf Can you try unemerging MailScanner and installing from the tarball on the MS site? I'm just wondering if the emerge package is broken. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Thu Jan 20 09:13:09 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:28:15 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > It should ignore mailto: links (and does on my test systems). > I guess I could also ignore links in the messages. > Is that what you meant? It is! (And also please :)) I will test further with the mailto-links, then. Thnks! Regards, Wietse ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Thu Jan 20 09:39:33 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:15 2006 Subject: Temp file full?? Message-ID: > > Here is what my disk usage looks like: > > Filesystem Size Used Avail Use% Mounted on > /dev/hda2 572M 376M 167M 70% / > /dev/hda1 122M 24M 92M 21% /boot > /dev/hda3 5.4G 2.1G 3.1G 41% /home > none 496M 0 496M 0% /dev/shm > /dev/hda7 28G 17G 11G 62% /usr > /dev/hda5 2.0G 1009M 861M 54% /var > Where is /tmp ? Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 20 09:42:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:15 2006 Subject: Rise in Phishing attacks Message-ID: All Anyone noted a massive rise in phishing emails over the last couple of weeks? ClamAV is catching the vast majority (MS spots the others). But to me it looks like virus/trojan attacks have gone down and the phishing emails have filled in the gaps. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Thu Jan 20 09:46:17 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:28:16 2006 Subject: Temp file full?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >>Here is what my disk usage looks like: >> >>Filesystem Size Used Avail Use% Mounted on >>/dev/hda2 572M 376M 167M 70% / >>/dev/hda1 122M 24M 92M 21% /boot >>/dev/hda3 5.4G 2.1G 3.1G 41% /home >>none 496M 0 496M 0% /dev/shm >>/dev/hda7 28G 17G 11G 62% /usr >>/dev/hda5 2.0G 1009M 861M 54% /var >> >> >> This sounds suspiciously similar to the problem I was having where /tmp was running out of i-nodes due to an excess of creation of spamassassin temp files. What versions of MailScanner, SA? What OS? Julian suggested to me that our problem was a SpamAssassin problem and that updating the perl modules MIME::Tools and File::Temp was a good idea, and I have done this. Also getting SpamAssassin up to the latest 3.0.2. However, I cannot say for sure whether it has fixed the problem as our mail servers have not come under the same influx of mail since that previously caused them to exhibit this problem. Cheers Ade ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 20 10:06:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin, I have a new Message.pm file for you. I have found a couple of problems and corrected them. I will be interested to hear if this helps. Quentin Campbell wrote: >Julian > >So far, so good. > >Installed 4.38.3-1 on one of our 8 production mail gateways this >afternoon. > >Running OK and as expected. > >System is RH AS 3 running on a Compaq DL380. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 18 January 2005 19:40 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: ANNOUNCE: Beta 4.38.3 released >> >>Evening all! >> >>I have just released beta version 4.38.3. >> >>Please don't run it on production systems for the next 24 hours or so, >>unless you know what you are doing and can retreat to your previous >>version easily. Any problems will probably appear in the first 24 hours >>of the release, due to the very kind testing done by many of you which >>all helps. >> >>The main new features are >> >>- Added "Phishing Safe Sites File" configuration setting to >>point to a file >> containing a list of fully-qualified hostnames which are >>ignored in the >> phishing detection tests. Any links to any of these >>hostnames are ignored >> in the phishing tests. >>- Added "Also Find Numeric Phishing" setting (on by default) >>so that all >> numeric IP addresses in links are flagged as being dangerous. >> >>- Any entry in the "Archive Mail" setting can contain _DATE_ >>which will be >> replaced with the current date in yyyymmdd form, so you can >>backup or move >> yesterday's archive safely knowing that it won't be written to today. >>- Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >> >>Download as usual from www.mailscanner.info >> >>The full Change Log is: >> >>* New Features and Improvements * >>- Upgraded to MIME-tools 5.416. >>- Added new filename restrictions using Microsoft vulnerability report >> >> >>from AUScert. > > >>- Improved /etc/sysconfig/MailScanner so that it finds >>Incoming Work Dir and >> Incoming Queue Dir automatically from MailScanner.conf file. >>- Can now use $from, $id and $subject in inline signature for >>signing clean >> messages. >>- Any entry in the "Archive Mail" setting can contain _DATE_ >>which will be >> replaced with the current date in yyyymmdd form, so you can >>backup or move >> yesterday's archive safely knowing that it won't be written to today. >>- Added zero score for ALL_TRUSTED rule in SpamAssassin as it >>is known to >> cause problems. >>- Added "Also Find Numeric Phishing" setting (on by default) >>so that all >> numeric IP addresses in links are flagged as being dangerous. >>- Added "$postmastername" to the list of variables available in many >>reports. >>- ClamAV -autoupdate script now logs all warnings and errors >> >> >>from freshclam. > > >>- Postfix support added to "IPBlock" functionality for SMTP connection >> throttling. Many thanks to Rakesh for writing this. >>- Updated German translations. Many thanks to Felix for doing this. >>- Added PDF version of new MailScanner advertising "flyer". >>- Added "Log Dangerous HTML Tags" configuration setting, and >>removed old >> "Log IFrame Tags" configuration setting, so that all >>potentially dangerous >> HTML tags are now logged. This helps when you are developing >>your white- >> list of safe sources of HTML tags, such as newsletters and >>daily cartoons. >>- Added "Phishing Safe Sites File" configuration setting to >>point to a file >> containing a list of fully-qualified hostnames which are >>ignored in the >> phishing detection tests. Any links to any of these >>hostnames are ignored >> in the phishing tests. >> >>* Fixes * >>- Fixed problem where some spam was delivered even if the Spam Actions >>was set >> to "store delete" if the messages were not to be virus-scanned. >>- Fixed harmless uninitialised variables in HTML disarming. >>- Removed 2nd copy of tnef sources from tar distribution. >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 57KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Jan 20 10:07:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] See the Message.pm.gz I just posted in the thread Re: ANNOUNCE: Beta 4.38.3 released as this should provide the functionality you want. Wietse Muizelaar wrote: >Julian Field wrote: > > >>It should ignore mailto: links (and does on my test systems). >>I guess I could also ignore links in the messages. >>Is that what you meant? >> >> > >It is! (And also please :)) >I will test further with the mailto-links, then. > >Thnks! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jan 20 10:46:46 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:16 2006 Subject: ANNOUNCE: Beta 4.38.3 released Message-ID: Julian Have installed HTML-Parser-3.45 and the Message.pm you sent me. Hope that it fixes a curious set of "phishing" log entries I have seen this morning similar to: Jan 20 09:08:56 cheviot7 MailScanner[2891]: Found phishing fraud from #6 claiming to be www.northernireland in j0K98THm023525. Even with 4.38.3-1 with all the latest fixes, etc, am still getting what I think are spurious "Content Checks: Detected and will diasrm..." messages. Will send you off-line a 32 line Sendmail log extract with just the MailScanner records for a small batch of messages exbibiting this behaviour. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 20 January 2005 10:07 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: ANNOUNCE: Beta 4.38.3 released > >Quentin, > >I have a new Message.pm file for you. I have found a couple of problems >and corrected them. I will be interested to hear if this helps. > > > >Quentin Campbell wrote: > >>Julian >> >>So far, so good. >> >>Installed 4.38.3-1 on one of our 8 production mail gateways this >>afternoon. >> >>Running OK and as expected. >> >>System is RH AS 3 running on a Compaq DL380. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>-------------------------------------------------------------- >---------- >>"Any opinion expressed above is mine. The University can get its own." >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 18 January 2005 19:40 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: ANNOUNCE: Beta 4.38.3 released >>> >>>Evening all! >>> >>>I have just released beta version 4.38.3. >>> >>>Please don't run it on production systems for the next 24 >hours or so, >>>unless you know what you are doing and can retreat to your previous >>>version easily. Any problems will probably appear in the >first 24 hours >>>of the release, due to the very kind testing done by many of >you which >>>all helps. >>> >>>The main new features are >>> >>>- Added "Phishing Safe Sites File" configuration setting to >>>point to a file >>> containing a list of fully-qualified hostnames which are >>>ignored in the >>> phishing detection tests. Any links to any of these >>>hostnames are ignored >>> in the phishing tests. >>>- Added "Also Find Numeric Phishing" setting (on by default) >>>so that all >>> numeric IP addresses in links are flagged as being dangerous. >>> >>>- Any entry in the "Archive Mail" setting can contain _DATE_ >>>which will be >>> replaced with the current date in yyyymmdd form, so you can >>>backup or move >>> yesterday's archive safely knowing that it won't be written >to today. >>>- Postfix support added to "IPBlock" functionality for SMTP >connection >>> throttling. Many thanks to Rakesh for writing this. >>> >>>Download as usual from www.mailscanner.info >>> >>>The full Change Log is: >>> >>>* New Features and Improvements * >>>- Upgraded to MIME-tools 5.416. >>>- Added new filename restrictions using Microsoft >vulnerability report >>> >>> >>>from AUScert. >> >> >>>- Improved /etc/sysconfig/MailScanner so that it finds >>>Incoming Work Dir and >>> Incoming Queue Dir automatically from MailScanner.conf file. >>>- Can now use $from, $id and $subject in inline signature for >>>signing clean >>> messages. >>>- Any entry in the "Archive Mail" setting can contain _DATE_ >>>which will be >>> replaced with the current date in yyyymmdd form, so you can >>>backup or move >>> yesterday's archive safely knowing that it won't be written >to today. >>>- Added zero score for ALL_TRUSTED rule in SpamAssassin as it >>>is known to >>> cause problems. >>>- Added "Also Find Numeric Phishing" setting (on by default) >>>so that all >>> numeric IP addresses in links are flagged as being dangerous. >>>- Added "$postmastername" to the list of variables available in many >>>reports. >>>- ClamAV -autoupdate script now logs all warnings and errors >>> >>> >>>from freshclam. >> >> >>>- Postfix support added to "IPBlock" functionality for SMTP >connection >>> throttling. Many thanks to Rakesh for writing this. >>>- Updated German translations. Many thanks to Felix for doing this. >>>- Added PDF version of new MailScanner advertising "flyer". >>>- Added "Log Dangerous HTML Tags" configuration setting, and >>>removed old >>> "Log IFrame Tags" configuration setting, so that all >>>potentially dangerous >>> HTML tags are now logged. This helps when you are developing >>>your white- >>> list of safe sources of HTML tags, such as newsletters and >>>daily cartoons. >>>- Added "Phishing Safe Sites File" configuration setting to >>>point to a file >>> containing a list of fully-qualified hostnames which are >>>ignored in the >>> phishing detection tests. Any links to any of these >>>hostnames are ignored >>> in the phishing tests. >>> >>>* Fixes * >>>- Fixed problem where some spam was delivered even if the >Spam Actions >>>was set >>> to "store delete" if the messages were not to be virus-scanned. >>>- Fixed harmless uninitialised variables in HTML disarming. >>>- Removed 2nd copy of tnef sources from tar distribution. >>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Thu Jan 20 11:16:32 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:16 2006 Subject: Temp file full?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Morning all ... I will respond to a few of the people who responded to me in this one reply: df -i produces this: Filesystem Inodes IUsed IFree IUse% Mounted on /dev/hda2 74400 29982 44418 41% / /dev/hda1 32128 59 32069 1% /boot /dev/hda3 719488 6798 712690 1% /home none 126839 1 126838 1% /dev/shm /dev/hda7 3695552 183558 3511994 5% /usr /dev/hda5 256512 9861 246651 4% /var My info is as follows: MailScanner -V Running on Linux rosewood.zuka.net 2.4.20-31.9 #1 Tue Apr 13 18:04:23 EDT 2004 i686 i686 i386 GNU/Linux This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.35.11 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.00 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.01 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000000 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.31 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.21 URI I was planning to update to all the latest with the release of the next stable MailScanner but perhaps I should not wait? Where is /tmp? Michael ... you asked that? Well, it does not show up when you do a df but when you go ls /tmp --- there she be. It is under /. Thanks Dave Julian Field wrote: > What does "df -i" say? > > Dave Filchak wrote: > >> Just an update. I restarted MailScanner and I restarted syslogd as well >> because the logs did not seem to be updating. The mailserver started >> working again but the server seemed to be down from just after 10:00 PM >> last night to about 1:00 AM today. I would like to know what this was so >> if anyone has any ideas about what this was and how to prevent it from >> happening again, I would sure like to hear it. >> >> Dave >> >> Dave Filchak wrote: >> >>> Hi all, >>> >>> Can anyone give me an opinion on the following? >>> >>> I am getting an error in my logs and no mail is being delivered or >>> processed. It appears to be a drive full error, however the drive does >>> not look to be full. >>> >>> Jan 19 10:18:03 rosewood sendmail[5314]: j0JFELu1005314: SYSERR(root): >>> Out of disk space for temp file >>> >>> Here is what my disk usage looks like: >>> >>> Filesystem Size Used Avail Use% Mounted on >>> /dev/hda2 572M 376M 167M 70% / >>> /dev/hda1 122M 24M 92M 21% /boot >>> /dev/hda3 5.4G 2.1G 3.1G 41% /home >>> none 496M 0 496M 0% /dev/shm >>> /dev/hda7 28G 17G 11G 62% /usr >>> /dev/hda5 2.0G 1009M 861M 54% /var >>> >>> Any ideas where I can start with this? >>> >>> Thanks >>> >>> Dave >> >> > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jan 20 12:03:34 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:16 2006 Subject: postfix: Process did not exit cleanly Message-ID: (Finally accessed that bit of (bad) memory...) Is it perhaps possible that Sendmail = Sendmail = isn't correct? Check that it's really pointing to an existing executable (and preferably the one expected:-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall > Sent: den 20 januari 2005 09:57 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: postfix: Process did not exit cleanly > > > Rocky McCamey wrote: > > >> > > user and group are set to postfix in the mailscanenr.conf > > Can you try unemerging MailScanner and installing from the tarball on > the MS site? I'm just wondering if the emerge package is broken. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jan 20 12:05:36 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:16 2006 Subject: postfix: Process did not exit cleanly Message-ID: Argh... Sendmail & Sendmail2 (of course) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 20 januari 2005 13:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: postfix: Process did not exit cleanly > > > (Finally accessed that bit of (bad) memory...) Is it perhaps possible > that > Sendmail = > Sendmail = > isn't correct? Check that it's really pointing to an existing > executable > (and preferably the one expected:-). > > -- Glenn > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall > > Sent: den 20 januari 2005 09:57 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: postfix: Process did not exit cleanly > > > > > > Rocky McCamey wrote: > > > > >> > > > user and group are set to postfix in the mailscanenr.conf > > > > Can you try unemerging MailScanner and installing from the > tarball on > > the MS site? I'm just wondering if the emerge package is broken. > > > > Drew > > > > -- > > In line with our policy, this message has > > been scanned for viruses and dangerous > > content by MailScanner, and is believed to be clean. > > www.themarshalls.co.uk/policy > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Thu Jan 20 12:14:42 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:16 2006 Subject: Blacklist To: not working Message-ID: >From: Daniel Bird >Subject: Re: Blacklist To: not working >Dan Haris wrote: > >>I'm trying to blacklist a To: address in my >>/etc/MailScanner/rules/spam.blacklist.rules file with an >>entry like this: >> >>To: user@domain.co.uk yes >> >You'll want to use Exim's callout fuction: >http://www.exim.org/exim-html-4.40/doc/html/spec.html > >A far better solution is to "block" at the MTA level IMHO. > >regards >Dan > Ok I understand how callouts work, but management insist that we accept inbound mail to any address@ourdomain.co.uk so that we can catch simple typos and forward the mail on. Unfortunately the destination for these non-existent addressees is me, which is why I would like to block some of the biggest spam destination addresses somehow. Hence the question about the To: entry in the blacklist. Is there any good reason why the To: entry in my spam.blacklist.rules wouldn't work? If so is there a "Better Way (TM)" to block just a few destination addresses in MailScanner/SA/Exim4? Best regards, Dan Harris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From oliverr at TRAYPORT.COM Thu Jan 20 12:11:12 2005 From: oliverr at TRAYPORT.COM (Oliver Rooney) Date: Thu Jan 12 21:28:16 2006 Subject: Problem with archive.rules Message-ID: Hello All, I am running MailScanner on a sendmail relay and I am having some trouble with archiving email. I have successfully been archiving all emails sent throught the relay to a directory, but now I am trying to archive emails to mail boxes based on the domain of the sender/recipient. This itself is not the problem, I also need to exclude some emails based on the username of the sender/recipient. I have tried the following %rules_dir%/archive.rules setup: Fromorto: exclude@mydomain.com /var/mailarchive Fromorto: *@external_domain.com /var/mailarchive external_domain@mydomain.com Fromorto: default /var/mailarchive And had no joy as emails match both rules. I have also tried separate to: and from: lines for both, also withou joy. I have also tried (longshot) recursive rulsets Fromorto: *@external_domain.com %rules_dir%/external.rules But that gets interpreted as an mbox file. Is there anyway to achieve this? Thanks in advance. Regards, Oliver Rooney Trayport Ltd ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 20 12:30:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:16 2006 Subject: Problem with archive.rules Message-ID: Oliver Rooney wrote: > Hello All, > > I am running MailScanner on a sendmail relay and I am having some > trouble with archiving email. I have successfully been archiving all > emails sent throught the relay to a directory, but now I am trying to > archive emails to mail boxes based on the domain of the > sender/recipient. This itself is not the problem, I also need to exclude > some emails based on the username of the sender/recipient. I have tried > the following %rules_dir%/archive.rules setup: > > Fromorto: exclude@mydomain.com /var/mailarchive > Fromorto: *@external_domain.com /var/mailarchive > external_domain@mydomain.com > Fromorto: default /var/mailarchive > > And had no joy as emails match both rules. I have also tried separate > to: and from: lines for both, also withou joy. I have also tried > (longshot) recursive rulsets > > Fromorto: *@external_domain.com %rules_dir%/external.rules > > But that gets interpreted as an mbox file. > > Is there anyway to achieve this? Thanks in advance. > > Regards, > > Oliver Rooney > Trayport Ltd > > Oliver FromOrTO:*@external_domain.com/var/archive/external_domain.com should work, extrapolating from my rules and the examples.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jan 20 12:35:46 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:16 2006 Subject: Blacklist To: not working Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dan Harris > Sent: den 20 januari 2005 13:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Blacklist To: not working > >From: Daniel Bird > >Subject: Re: Blacklist To: not working (snip) > Ok I understand how callouts work, but management insist that > we accept > inbound mail to any address@ourdomain.co.uk so that we can > catch simple > typos and forward the mail on. Why would your management want you to play MTA? Rejecting at the MTA or generating NDNs would make it _their_ problem... Which it really is anyway. If some users (in a not-to-large "userbase") have addresses that often get "common" typos, you'd be far better off adding relevant aliases... Oh well, PHBs... > Unfortunately the destination for these > non-existent addressees is me, which is why I would like to > block some of > the biggest spam destination addresses somehow. Hence the > question about the > To: entry in the blacklist. Is there any good reason why the > To: entry in my > spam.blacklist.rules wouldn't work? Do you perhaps whitelist it too? -- Glenn > If so is there a "Better > Way (TM)" to > block just a few destination addresses in MailScanner/SA/Exim4? > > Best regards, > > Dan Harris. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 20 14:35:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Problem with archive.rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Oliver Rooney wrote: > >> Hello All, >> >> I am running MailScanner on a sendmail relay and I am having some >> trouble with archiving email. I have successfully been archiving all >> emails sent throught the relay to a directory, but now I am trying to >> archive emails to mail boxes based on the domain of the >> sender/recipient. This itself is not the problem, I also need to exclude >> some emails based on the username of the sender/recipient. I have tried >> the following %rules_dir%/archive.rules setup: >> >> Fromorto: exclude@mydomain.com /var/mailarchive >> Fromorto: *@external_domain.com /var/mailarchive >> external_domain@mydomain.com >> Fromorto: default /var/mailarchive >> >> And had no joy as emails match both rules. I have also tried separate >> to: and from: lines for both, also withou joy. I have also tried >> (longshot) recursive rulsets >> >> Fromorto: *@external_domain.com %rules_dir%/external.rules >> >> But that gets interpreted as an mbox file. >> >> Is there anyway to achieve this? Thanks in advance. >> >> Regards, >> >> Oliver Rooney >> Trayport Ltd >> >> > Oliver > > FromOrTO:*@external_domain.com/var/archive/external_domain.com > > should work, extrapolating from my rules and the examples.. > Just a minor point, they don't have to be characters, any whitespace will do. The only times tab characters are required are in filename.rules.conf and filetype.rules.conf. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 20 14:39:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:16 2006 Subject: Problem with archive.rules Message-ID: Julian noted.. ta -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > Just a minor point, they don't have to be characters, any > whitespace will do. The only times tab characters are required are in > filename.rules.conf and filetype.rules.conf. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From oliverr at TRAYPORT.COM Thu Jan 20 15:02:26 2005 From: oliverr at TRAYPORT.COM (Oliver Rooney) Date: Thu Jan 12 21:28:16 2006 Subject: Problem with archive.rules Message-ID: Martin, Thank you for the promptness or your reply, but wont: >FromOrTO:*@external_domain.com/var/archive/external_domain.com cause all email to/from external_domain.com to be logged to a file? I am trying to have all mail to/from external_domain.com be logged to a file AND to be logged to a mail address BUT to exclude certain emails from logging to the mail address based on the username of the sender/recipient in my domain. Thanks again, Oliver ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Thu Jan 20 15:03:02 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:28:16 2006 Subject: Feature Request: Phishing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, On Thursday, January 20, 2005 11:07 AM, Julian Field wrote: > See the Message.pm.gz I just posted in the thread > Re: ANNOUNCE: Beta 4.38.3 released > as this should provide the functionality you want. Works great, thanks a lot!! -- Regards, Wietse Muizelaar ------------------------------------------- W.G. Muizelaar Boudisque Webmaster / ICT Haringpakkerssteeg 10-18, 1012 LR Amsterdam Telefoon: +31 (0)20 - 6232603 E-mail: wietse@boudisque.nl Website: www.boudisque.nl ------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 20 15:16:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Problem with archive.rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oliver Rooney wrote: >Martin, > >Thank you for the promptness or your reply, but wont: > > > >>FromOrTO:*@external_domain.com/var/archive/external_domain.com >> >> > >cause all email to/from external_domain.com to be logged to a file? > >I am trying to have all mail to/from external_domain.com be logged to a file >AND to be logged to a mail address BUT to exclude certain emails from >logging to the mail address based on the username of the sender/recipient in >my domain. > > There is no "not" operator. Sorry. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Danny_Beland at PCH.GC.CA Thu Jan 20 16:24:24 2005 From: Danny_Beland at PCH.GC.CA (Danny Beland) Date: Thu Jan 12 21:28:16 2006 Subject: Doesn't scan for virus on spam forwarded to an email address Message-ID: Here is a description of our system. MailScanner 4.28.6 SpamAssassin 2.64 McAfee virus scanner The way were are setup is that all spam is forwarded to an email account. The problem we have is that if the email is detected as spam, the email is forwarded to the spam email account without being scanned for viruses. Some emails are detected as spam and contain a virus. Is there a way to scan for viruses before scanning for spam? Maybe there is other ways to deal with this problem, but that is the only solution I found. Thanks in advance, Danny ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 20 16:44:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Doesn't scan for virus on spam forwarded to an email address Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Upgrade to the latest version and see if it still a problem. I can't remember from that long ago (10 months). Danny Beland wrote: >Here is a description of our system. > >MailScanner 4.28.6 >SpamAssassin 2.64 >McAfee virus scanner > >The way were are setup is that all spam is forwarded to an email account. >The problem we have is that if the email is detected as spam, the email is >forwarded to the spam email account without being scanned for viruses. Some >emails are detected as spam and contain a virus. >Is there a way to scan for viruses before scanning for spam? >Maybe there is other ways to deal with this problem, but that is the only >solution I found. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Thu Jan 20 16:55:50 2005 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:28:16 2006 Subject: Blacklist To: not working Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Harris wrote: >>From: Daniel Bird >>Subject: Re: Blacklist To: not working >>Dan Haris wrote: >> >> >> >>>I'm trying to blacklist a To: address in my >>>/etc/MailScanner/rules/spam.blacklist.rules file with an >>>entry like this: >>> >>>To: user@domain.co.uk yes >>> >>> >>> >>You'll want to use Exim's callout fuction: >>http://www.exim.org/exim-html-4.40/doc/html/spec.html >> >>A far better solution is to "block" at the MTA level IMHO. >> >>regards >>Dan >> >> >> > >Ok I understand how callouts work, but management insist that we accept >inbound mail to any address@ourdomain.co.uk so that we can catch simple >typos and forward the mail on. Unfortunately the destination for these >non-existent addressees is me, which is why I would like to block some of >the biggest spam destination addresses somehow. Hence the question about the >To: entry in the blacklist. Is there any good reason why the To: entry in my >spam.blacklist.rules wouldn't work? If so is there a "Better Way (TM)" to >block just a few destination addresses in MailScanner/SA/Exim4? > > If you really want to accept all, and block just a few, I'd suggest an Exim4 ACL (possibly also using the lsearch fuction), which would allow you to have an MTA blacklist, and keep any unneeded load off MailScanner Just off the top of my head and *UNTESTED* acl_check_rcpt: deny message = delivery blocked because of too much spam to this address recipients = /path/to/file/containing/email-addresses Redards Dan >Best regards, > >Dan Harris. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin.Spicer at BMRB.CO.UK Thu Jan 20 17:11:52 2005 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin (MBLEA it)) Date: Thu Jan 12 21:28:16 2006 Subject: Blacklist To: not working Message-ID: > Ok I understand how callouts work, but management insist that we accept inbound mail to any address@ourdomain.co.uk so > that we can catch simple typos and forward the mail on. Unfortunately the destination for these non-existent > addressees is me, which is why I would like to block some of the biggest spam destination addresses somehow. Hence > the question about the > To: entry in the blacklist. Then why don't you just block those specific recipient addresses at the MTA? I understand your reasons for not blocking all invalid addresses, but surely even dumb management would appeciate the benefit of blocking addresses which are dissimilar to your genuine addresses and are increasing your workload (and I would suggest increasing the chance of you accidentally missing a genuinely misaddressed email amongst a large amount of dictionary attack spam) BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Thu Jan 20 18:44:06 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: I just implmented MailScanner a few days ago... It is awsome! I've been watching the messages and am getting a feel for what is going on. I have not customized too much yet. So I was curious to see a message go through with the following Spam Report: 0.00 AWL 0.82 NO_REAL_NAME From: does not include a real name 0.50 RCVD_IN_ORBS Received via a relay in orbs.dorkslayers.com -100.00 USER_IN_WHITELIST From: address is in the user's white-list Especially from service@paypal.com which always makes me cautious. Where is this being checked? Thanks!, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Jan 20 19:20:18 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >So I was curious to see a message go through with the following Spam >Report: > >0.00 AWL >0.82 NO_REAL_NAME From: does not include a real name >0.50 RCVD_IN_ORBS Received via a relay in orbs.dorkslayers.com >-100.00 USER_IN_WHITELIST From: address is in the user's white-list > >Especially from service@paypal.com which always makes me cautious. > >Where is this being checked? > > > Diane, The auto whitelist is not to be used with MS. You should turn it off in spam.assassin.prefs.conf with: use_auto_whitelist 0 Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From michele at BLACKNIGHTSOLUTIONS.COM Thu Jan 20 19:28:05 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:16 2006 Subject: Temp file full?? Message-ID: > Where is /tmp? Michael ... you asked that? Well, it does not > show up when you do a df but when you go ls /tmp --- there > she be. It is under /. It's Michele :) We generally mount /tmp as a separate partition. We have had issues in the past with /tmp filling up with rubbish, or simply being too small, which is why I asked. If /tmp is filling up you will get problems Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jan 20 19:37:01 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin writes: > Diane, > > The auto whitelist is not to be used with MS. You should turn it off in > spam.assassin.prefs.conf with: > use_auto_whitelist 0 > > Denis > Umm no.. actually just 'grep -il' for paypal in /usr/share/spamassassin/* or where you have the .cf files for spamassassin. Go through that .cf file, that will explain you with relevant comments why this happened. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Thu Jan 20 19:38:38 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy > Sent: Thursday, January 20, 2005 1:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Curious about USER_IN_WHITELIST > > Umm no.. actually just 'grep -il' for paypal in > /usr/share/spamassassin/* or where you have the .cf files for > spamassassin. Go through that .cf file, that will explain you > with relevant comments why this happened. > > - dhawal Exactly what I was looking for! Thanks, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 20 19:54:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: At 02:20 PM 1/20/2005, Denis Beauchemin wrote: > >0.00 AWL > >0.82 NO_REAL_NAME From: does not include a real name > >0.50 RCVD_IN_ORBS Received via a relay in orbs.dorkslayers.com > >-100.00 USER_IN_WHITELIST From: address is in the user's white-list > > > >Especially from service@paypal.com which always makes me cautious. > > > >Where is this being checked? > > > > > > >Diane, > >The auto whitelist is not to be used with MS. You should turn it off in >spam.assassin.prefs.conf with: >use_auto_whitelist 0 While this is more-or-less true this is a side issue from the USER_IN_WHITELIST problem. The AWL does not cause USER_IN_WHITELIST hits. Dhawal Doshy wrote: >Umm no.. actually just 'grep -il' for paypal in /usr/share/spamassassin/* or I'd also point out that it's not likely due to anything in /usr/share/spamassassin either, unless you've added rules there which you should not. All of the default whitelist entries should show up as USER_IN_DEF_WHITELIST in modern versions of SA (2.6x and 3.0). USER_IN_WHITELIST will ONLY result from matching a whitelist_from or whitelist_from_rcvd command. SpamAssassin, as shipped in 2.60 and higher, contains none of these and they must be added by the end user. You'll need to check /etc/mail/spamassasin/*.cf and /etc/MailScanner/spam.assassin.prefs.conf Also bear in mind that SA evaluates ALL sender based addresses, not just the From: header. You need to look at the Return-Path, Sender, Resent-From and other address bearing headers. So double-check. The message might be "From: service@paypal.com" but might also have "Return-Path: Denis.Beauchemin@USHERBROOKE.CA". If that's the case, the message will correctly match "whitelist_from *@userbrooke.ca". ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Thu Jan 20 20:09:21 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler > Sent: Thursday, January 20, 2005 1:55 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Curious about USER_IN_WHITELIST > > I'd also point out that it's not likely due to anything in > /usr/share/spamassassin either, unless you've added rules > there which you should not. All of the default whitelist > entries should show up as USER_IN_DEF_WHITELIST in modern > versions of SA (2.6x and 3.0). > > > USER_IN_WHITELIST will ONLY result from matching a > whitelist_from or whitelist_from_rcvd command. SpamAssassin, > as shipped in 2.60 and higher, contains none of these and > they must be added by the end user. You'll need to check > /etc/mail/spamassasin/*.cf and > /etc/MailScanner/spam.assassin.prefs.conf > I have SA 2.55 (as pre-installed on my RedHat Enterprise 3). I'll probably need to update that sometime.... I have not added any rules to SA. The message was actually genuine; I just wanted to understand it, because it raised a big Red Flag for me. Thanks for the info!, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jan 20 20:14:02 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler writes: > > I'd also point out that it's not likely due to anything in > /usr/share/spamassassin either, unless you've added rules there which you > should not. All of the default whitelist entries should show up as > USER_IN_DEF_WHITELIST in modern versions of SA (2.6x and 3.0). > > > USER_IN_WHITELIST will ONLY result from matching a whitelist_from or > whitelist_from_rcvd command. SpamAssassin, as shipped in 2.60 and higher, > contains none of these and they must be added by the end user. You'll need > to check /etc/mail/spamassasin/*.cf and > /etc/MailScanner/spam.assassin.prefs.conf > > Also bear in mind that SA evaluates ALL sender based addresses, not just > the From: header. You need to look at the Return-Path, Sender, Resent-From > and other address bearing headers. So double-check. The message might be > "From: service@paypal.com" but might also have "Return-Path: > Denis.Beauchemin@USHERBROOKE.CA". > > If that's the case, the message will correctly match "whitelist_from > *@userbrooke.ca". > While I do agree to the rest of your explanation.. paypal is there by default as a "def_whitelist_from_rcvd" rule in SA 3.0.2 (atleast) [root@myhost root]# grep -i paypal /usr/share/spamassassin/60_whitelist.cf def_whitelist_from_rcvd *@paypal.com paypal.com [root@myhost root]# rpm -qf /usr/share/spamassassin/60_whitelist.cf perl-Mail-SpamAssassin-3.0.2-1 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Thu Jan 20 20:23:43 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:28:16 2006 Subject: Remove These Headers Message-ID: Hi Julian, think this is for you. I've used "Remove These Headers" parameter, and found out that sometimes it doesn't remove them. Look in the source, and it's called in: DeliverModifiedBody DeliverUnmodifiedBody But why isn't in DeliverUnscanned? Is it a feature or a bug? Is it something ovbious that I have overlooked? too many hours in front of a crt? Saludos -- Leonardo Helman Pert Consultores Argentina ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 20 20:34:08 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: At 03:14 PM 1/20/2005, Dhawal Doshy wrote: >Matt Kettler writes: > > USER_IN_WHITELIST will ONLY result from matching a whitelist_from or > > whitelist_from_rcvd command. SpamAssassin, as shipped in 2.60 and higher, > > contains none of these and they must be added by the end user. You'll need > > to check /etc/mail/spamassasin/*.cf and > > /etc/MailScanner/spam.assassin.prefs.conf > >While I do agree to the rest of your explanation.. paypal is there by >default as a "def_whitelist_from_rcvd" rule in SA 3.0.2 (atleast) That is true, SA 2.60 and higher do include def_whitelist_from_rcvd statements in the default rules. However, that's not relevant, as those will not generate USER_IN_WHITELIST> Perhaps I was not sufficiently specific in my original statement... I said that USER_IN_WHITELIST will ONLY result from matching a whitelist_from or whitelist_from_rcvd command. I meant that as a complete, exact list of the only two commands which may result in this rule match. This explicitly excludes any def_whitelist_from_rcvd rules. Any def_whitelist_from_rcvd matches will show up as USER_IN_DEF_WHITELIST. They will not show up as USER_IN_WHITELIST. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 20 20:38:00 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:16 2006 Subject: Curious about USER_IN_WHITELIST Message-ID: At 03:09 PM 1/20/2005, Diane Rolland wrote: >I have SA 2.55 (as pre-installed on my RedHat Enterprise 3). I'll probably >need to update that sometime.... Ouch.. Ok, 2.55 still used whitelist_from_rcvd in the default rules. If I recall correctly, it's also vulnerable to Received: path spoofing, so whitelist_from_rcvd doesn't work properly in the 2.5x series. It didn't work correctly until 2.6x added trusted_networks. Since all whitelist statements are inherently broken in 2.5x, you'll probably want to outright remove /usr/share/spamassassin/60_whitelist.cf until you have a chance to upgrade. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 20 20:52:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Remove These Headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Absolutely correct, it's a bug. Fixed. Many thanks for reporting it. Leonardo Helman wrote: >Hi Julian, think this is for you. > >I've used "Remove These Headers" parameter, and >found out that sometimes it doesn't remove them. > >Look in the source, and it's called in: > DeliverModifiedBody > DeliverUnmodifiedBody > >But why isn't in DeliverUnscanned? > >Is it a feature or a bug? > > >Is it something ovbious that I have overlooked? >too many hours in front of a crt? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Fri Jan 21 00:54:35 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:28:16 2006 Subject: ClamAV perl module not found! Message-ID: Hi, When i do MailScanner -v | grep ClamAV, it says that it is missing, but i do have install Mail::ClamAV by installing it via cpan, and it says that Mail::ClamAV is up to date. I dont get it, pls help. I have perl version 5.8.5 Thanks -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Raymond Dijkxhoorn Sent: Monday, January 17, 2005 4:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV perl module not found! Hi! > I juat installed the latest version of clamav to be used with mailscanner, > sad to say that it didnt find the the clamav perl module, i already looked > at /etc/MailScanner/virus.scanners.conf and i saw it was using /bin/false > and i saw clamav-wrapper having a directory of /usr/lib/MailScanner/ and > with /usr/local/bin/ > > How can i go around with this problem? And besides the clamav package you also installed the perl module for it? Just checking.... Mail::ClamAV Can you run: MailScanner -v | grep ClamAV Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Fri Jan 21 01:05:49 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:28:16 2006 Subject: Reject emails to nonexistent addresses? Message-ID: I agreed to Steve Swaney, milters for sendmail are very handy tools. I have it running for a year now, and it works like a charm together with MailScanner and Sendmail. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Steve Swaney Sent: Tuesday, January 18, 2005 12:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Reject emails to nonexistent addresses? > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Kercher > Sent: Monday, January 17, 2005 10:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > There are a couple of milters. The one I use is milter-sender. There is > another called milter-ahead that does the call ahead to your Exchange > server > or other final destination. milter-sender also does the call ahead. > > Mike > Milter-ahead checks to see if the email can be delivered to the recipient before sendmail accepts the message for delivery. Not normally needed on a mailhub but very useful on a pass-through gateway. Milter-sender attempts to verify that the sender's email address is in good standing by performing an SMTP callback to the MX server responsible for the sender's domain. Both are handy tools. There are many more useful milters available at http://www.milter.info/ Another one I'm about to test is milter-limit limits the number of messages by connecting client IP, from a sender, or to a recipient over a given time period. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Fri Jan 21 01:25:26 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: I know this is off-topic, but, perhaps someone can point me in the right direction. This has been a very helpful place for me :) I am using MailScanner and my MTA is sendmail. I am currently using the imap-2002d-9 rpm that was installed on my RHE 3. The clients are mostly using Outlook, and with this version of imap they cannot create subfolders (or more precise mix message folders and subfolders). They are migrating away from .pst files and would like to be able to copy the subdirecory structures into the imap folders. I've been looking at Courier-imap, and am wondering if anyone has any exerience migrating from imap-2002d to Courier-imap. And if is possible to so with sendmail. Thanks in advance, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jan 21 06:52:30 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:16 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > I agreed to Steve Swaney, milters for sendmail are very handy > tools. I have it running for a year now, and it works like a > charm together with MailScanner and Sendmail. Well of course there are always MTAs that have this and lots of other very handy features out of the box. Just one word: Exim... :-) Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Jan 21 08:38:50 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:16 2006 Subject: ClamAV perl module not found! Message-ID: Hi! > When i do MailScanner -v | grep ClamAV, it says that it is missing, but i do > have install Mail::ClamAV by installing it via cpan, and it says that > Mail::ClamAV is up to date. I dont get it, pls help. I have perl version > 5.8.5 > Mail::ClamAV > > Can you run: MailScanner -v | grep ClamAV Most likely you have multiple perl instances on your box? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 21 08:58:26 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: Diane Outlook doesn't play very well with imap email servers (esp the last 2 versions of Outlook). It doesn't pick up the Imap namespaces very well and esp doesn't seem to like it when all users folders are subfolders of INBOX. I'd look at Thunderbird as an alternative to Outleek. the calendar support is a weaker than Outlook, but there is one. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I know this is off-topic, but, perhaps someone can point me in the right > direction. This has been a very helpful place for me :) > > I am using MailScanner and my MTA is sendmail. I am currently using the > imap-2002d-9 rpm that was installed on my RHE 3. > > The clients are mostly using Outlook, and with this version of imap they > cannot create subfolders (or more precise mix message folders and > subfolders). They are migrating away from .pst files and would like to be > able to copy the subdirecory structures into the imap folders. > > I've been looking at Courier-imap, and am wondering if anyone has any > exerience migrating from imap-2002d to Courier-imap. And if is possible > to so with sendmail. > > Thanks in advance, > Diane > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Fri Jan 21 09:01:41 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Martin Hepworth wrote: | Diane | | Outlook doesn't play very well with imap email servers (esp the last 2 | versions of Outlook). It doesn't pick up the Imap namespaces very well | and esp doesn't seem to like it when all users folders are subfolders of | INBOX. | | I'd look at Thunderbird as an alternative to Outleek. the calendar | support is a weaker than Outlook, but there is one. | | -- And there is the "Sunbird" plugin for Thunderbird which is a full fledged suite to handle your Calendaring needs :) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFB8MT1PMoaMn4kKR4RAxICAKCNgg97GDiLy++87DbRaj/hlzAL9QCeIbFv TUN6ZRd8UebvqZGgls3Ttoc= =G7B/ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 21 09:05:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:16 2006 Subject: Reject emails to nonexistent addresses? Message-ID: I note that verizon are a milter-ahead style sender verification and its causing quite a few problems.. > I was _hammered_ all throughout last year by messages to unknown accounts from machines in the sc0pub.verizon.net segment (nn = 01 - 99). Eventually I had to blacklist anything matching that pattern. Seems to be a lot more quiet now though. Actually, I suspect those are (misguided?) attempts at sender verification*. We get hammered by those too, and they're always** from <> or antispam[0-9]+@west.verizon.net. We know spammers are forging our domain name in the return address, using randomly-generated addresses which look just like the unknown users Verizon is trying to reach. * Since so many admins disable VRFY to guard against dictionary attacks, the new tactic is to try to send mail to an address, but then drop the connection before sending an actual message. It can be used to make dictionary attacks, or it can be used on the purported sender of a message to make sure the return address exists. ** I've only done spot checks, but every time I have, they've fit this pattern. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 nats wrote: > I agreed to Steve Swaney, milters for sendmail are very handy tools. I have > it running for a year now, and it works like a charm together with > MailScanner and Sendmail. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Steve Swaney > Sent: Tuesday, January 18, 2005 12:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Mike Kercher >>Sent: Monday, January 17, 2005 10:56 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Reject emails to nonexistent addresses? >> >>There are a couple of milters. The one I use is milter-sender. There is >>another called milter-ahead that does the call ahead to your Exchange >>server >>or other final destination. milter-sender also does the call ahead. >> >>Mike >> > > > Milter-ahead checks to see if the email can be delivered to the recipient > before sendmail accepts the message for delivery. Not normally needed on a > mailhub but very useful on a pass-through gateway. > > Milter-sender attempts to verify that the sender's email address is in good > standing by performing an SMTP callback to the MX server responsible for the > sender's domain. > > Both are handy tools. > > There are many more useful milters available at > > http://www.milter.info/ > > Another one I'm about to test is > > milter-limit limits the number of messages by connecting client IP, from a > sender, or to a recipient over a given time period. > > Steve > Steve Swaney > President > Fortress Systems Ltd. > www.fsl.com > steve.swaney@fsl.com > > > -- > This message has been scanned for viruses and dangerous content by The > MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be > clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > All messages that are coming from this domain > is certified to be virus and spam free. If > ever you have received any virus infected > content or spam, please report it to the > internet administrator of this domain > nats@sscrmnl.edu.ph > > > -- > All messages that are coming from this domain > is certified to be virus and spam free. If > ever you have received any virus infected > content or spam, please report it to the > internet administrator of this domain > nats@sscrmnl.edu.ph > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.g.m.peters at utwente.nl Fri Jan 21 10:31:53 2005 From: p.g.m.peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:28:16 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: On Mon, 17 Jan 2005 22:04:03 +0000, you wrote: >I did have to change the functionality of the checks for the "Actions" >keywords in order to provide support for the "add arbitrary headers" >functionality. This affects how it can work out what you meant in the >Actions list, and so it can't deduce that you meant a rules file unless >you end it in .rule or .rules. >After all, what's the difference between >Spam Actions = header X-spam.actions.conf >and >Spam Actions = X-spam.actions.conf >It's hard to separate these automatically. >So you now have to put .rule or .rules on the end of the rules filename >so it can work out what is going on. Perhaps you can change the comments in MailScanner.conf to have a text like "if pointing to a ruleset the filename has to end in .rule or .rules". -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 21 11:07:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Loosing mail after upgrading from 4.35 to 4.37.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Very good idea. Done (for the Spam Actions and its friends) as it doesn't apply to most things. Peter Peters wrote: >On Mon, 17 Jan 2005 22:04:03 +0000, you wrote: > > > >>I did have to change the functionality of the checks for the "Actions" >>keywords in order to provide support for the "add arbitrary headers" >>functionality. This affects how it can work out what you meant in the >>Actions list, and so it can't deduce that you meant a rules file unless >>you end it in .rule or .rules. >>After all, what's the difference between >>Spam Actions = header X-spam.actions.conf >>and >>Spam Actions = X-spam.actions.conf >>It's hard to separate these automatically. >>So you now have to put .rule or .rules on the end of the rules filename >>so it can work out what is going on. >> >> > >Perhaps you can change the comments in MailScanner.conf to have a text >like "if pointing to a ruleset the filename has to end in .rule or >.rules". > >-- >Peter Peters, senior netwerkbeheerder >Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) >Universiteit Twente, Postbus 217, 7500 AE Enschede >telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Fri Jan 21 11:54:29 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:16 2006 Subject: Blacklist To: not working Message-ID: >> Ok I understand how callouts work, but management insist that we accept >> inbound mail to any address@ourdomain.co.uk so that we can catch simple >> typos and forward the mail on. Unfortunately the destination for these >> non-existent addressees is me, which is why I would like to block some of >> the biggest spam destination addresses somehow. Hence the question about the >> To: entry in the blacklist. Is there any good reason why the To: entry in my >> spam.blacklist.rules wouldn't work? If so is there a "Better Way (TM)" to >> block just a few destination addresses in MailScanner/SA/Exim4? >> > >I reject inbound to non-existant email addresses with a 550 no >such user (again using exim). > >that way any 'real' from: user at with a type in the address will get a >proper bounce message. Spammers etc will just not get through. This >system blocks about 66% of my inbound email!!! > >BUT you can not deliver high scoring spam using the rule sets. > >If you want to setup blacklists you'll need something lthe same so the >rule looks like.. > >FromOrTo: baduser@solid-state-logic.com delete > >on the Spam Actions, etc rules.. > Thanks Martin, I totally agree that setting up aliases and rejecting at the MTA is the best way to deal with this, but while my management disagree it's unfortunately just not an option. Fortunately I've discovered why some spam messages were still creeping through: Some silly person had white listed the whole of btinternet.com! So it may be worth noting that a To: address in the spam.blacklist.rules does now work, despite what Julian may or may not have said previously. Sorry for wasting everyone's time on that, and thanks for all of the advice given. You never know it may just help me persuade the powers that be that blocking non-existing users at the MTA is a good idea after all! Thanks again, Dan. PS. Thanks to Julian for creating such a great product. We now get less than 10% of the volume of spam landing in users mailboxes than with our previous mail filter, RAV! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jan 21 12:17:20 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:16 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, January 21, 2005 6:52, Jan-Peter Koopmann said: > Hi, > >> I agreed to Steve Swaney, milters for sendmail are very handy >> tools. I have it running for a year now, and it works like a >> charm together with MailScanner and Sendmail. > > Well of course there are always MTAs that have this and lots of other very > handy features out of the box. Just one word: Exim... :-) > Well, actually two. Postfix does all that 'out of the box' also (And one or two other clever filter options against the header, mime or body) ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jan 21 12:33:23 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, January 21, 2005 1:25, Diane Rolland said: > I've been looking at Courier-imap, and am wondering if anyone has any > exerience migrating from imap-2002d to Courier-imap. And if is possible > to so with sendmail. > I use Courier-IMAP with out problem and it works very well (Particularly with a MySQL backend that is shared between MTA and Courier-IMAP. Handles unknown users very well and allows, with a bit of tweeking, authenticated SMTP relay). The only challenge I can see is that Courier-IMAP works with Maildir and Sendmail/ procmail with flat file mail directories only (AFAIK, it's been a while) so you may need to consider that (Unless Procmail now handles Maildir). However Postfix and Exim handle both formats natively so all is not lost ;-) HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Fri Jan 21 12:40:39 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:16 2006 Subject: Feature Request Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there anyway I could forward phishing frauds to one e-mail account? I already do this with spam, and would like to do the same with phishing frauds... I tried to make a rule using the words of the phishing detection treating it at spam, but It didn't worked, I assume the spam scanning is made before the phishing detection... Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Fri Jan 21 12:46:34 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, On Friday, January 21, 2005 1:33 PM, Drew Marshall wrote: > On Fri, January 21, 2005 1:25, Diane Rolland said: >> I've been looking at Courier-imap, and am wondering if anyone has any >> exerience migrating from imap-2002d to Courier-imap. And if is >> possible to so with sendmail. >> > I use Courier-IMAP with out problem and it works very well > (Particularly with a MySQL backend that is shared between MTA and > Courier-IMAP. Handles unknown users very well and allows, with a bit > of tweeking, authenticated SMTP relay). > > The only challenge I can see is that Courier-IMAP works with Maildir > and Sendmail/ procmail with flat file mail directories only (AFAIK, > it's been a while) so you may need to consider that (Unless Procmail > now handles Maildir). However Postfix and Exim handle both formats > natively so all is not lost ;-) Procmail -does- handle Maildir, at least, the version i'm using :) (procmail v3.22 2001/09/10 on a Debian woody-system) I'm using it also with Courier-IMAP, and the global procmailrc on my system starts with this one: DEFAULT=$HOME/Maildir/ When a '/' is put at the end of a folder-name, procmail assumes it's in Maildir-format. -- Regards, Wietse Muizelaar ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 21 13:55:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Feature Request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, sorry. Roger Jochem wrote: > Is there anyway I could forward phishing frauds to one e-mail account? > I already do this with spam, and would like to do the same with > phishing frauds... I tried to make a rule using the words of the > phishing detection treating it at spam, but It didn't worked, I assume > the spam scanning is made before the phishing detection... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Fri Jan 21 13:58:01 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:28:16 2006 Subject: SV: Regarding mailshell plugin for exchange Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No one tried it or....? /Anders > -----Ursprungligt meddelande----- > Från: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] För Anders Andersson, IT > Skickat: den 19 januari 2005 10:06 > Till: MAILSCANNER@JISCMAIL.AC.UK > Ämne: OT: Regarding mailshell plugin for exchange > > Hi > I did a test with the mailshell plugin for exchange but I got > stuck on this when I tried to do the setup. > > 2005-01-11 17:24:50 : EventRegFoldURL: > file://./backofficestorage/lkl.ltkalmar.se/MBX/SystemMailbox{1 > 18FE8E4-2A > 91-4B68-9077-552D8D45810C}/StoreEvents/GlobalEvents/ > 2005-01-11 17:24:50 : RegisterSink > 2005-01-11 17:24:50 : RegisterSink 1 > 2005-01-11 17:24:50 : RegisterSink 2 > 2005-01-11 17:24:50 : RegisterSink 3 > 2005-01-11 17:24:50 : Error -2147217895 : Object or data > matching the name, range, or selection criteria was not found > within the scope of this operation. > > > I tried to figure out where to change according to > http://support.microsoft.com/default.aspx?scid=kb;en-us;286336 > according to the info from microsoft but I got lost. > > Anyone got this to work that can give me a hint on how to solve it? > > /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Fri Jan 21 14:59:54 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:16 2006 Subject: Reject emails to nonexistent addresses? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Friday, January 21, 2005 4:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > I note that verizon are a milter-ahead style sender verification and its > causing quite a few problems.. This looks like milter-sender not milter-ahead. Milter-sender attempts to use various tactics to verify the address of the sender exists and is in good standing before accepting an email. I quote from the milter-sender web site: Start quote " Sendmail milter (Sendmail's term for a mail filter) attempts to address a small subset of the problem by verifying that the sender's email address is in good standing by performing an SMTP callback to the MX server responsible for the sender's domain. This milter is not intended to be a complete solution to spam and so it should be used in conjunction with other tools such as DNS blacklists and content filters. To be in good standing, the MX server of the sender must be reachable and willing to accept email for the sender from the Delivery Status Notification (DSN) address, which is the null address <> used for error reporting. This particular requirement is similar to using the RFC-Ignorant DSN Blacklist. During the callback, any failure in establishing an SMTP connection such as no DNS entry or the primary MX server is unreachable, or during the SMTP dialogue such as not accepting the DSN, user unknown, or mail box is full, etc. will result in the incoming mail in question being rejected. In the case of a temporary error during the SMTP dialogue with the sender's MX server, milter-sender will reject the current message with a temporary error code, which the sender is then free to retry again later. DNS lookup and connection problems are treated as temporary errors. The milter will check secondary MX mail servers, though this does weaken the test somewhat. In order to compensate and without having to resort to sending a challenge message, a grey listing technique is applied to servers that appear to blindly accept everything. "End quote This is quite a bit different than milter-ahead which we use on our gateways to verify that the recipient exists on our backend mailhub. We do not use milter-ahead to reject email. I can see too many possibilities for error and have not tested. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Jan 21 16:21:24 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:16 2006 Subject: Handling phishing false positives Message-ID: Just over two weeks ago, we installed MS 4.37.7 and kept its new: Find Phishing Fraud = yes We have had very little adverse criticism in that time, but there has been one user asking about a false positive. I realise the setting can be a ruleset. So theoretically, we could begin to use that as users request that certain external sources be, in effect, whitelisted. But I see this as a potentially long piece of string (we have a local user population of around 20,000) and some maintenance issues lurking. (How long do we keep things? Who authorises what should be cleaned out (and when)?) I recall that in the early days of MS's anti-phishing, there was a significant number of false positives, and that Julian tightened up the code to try to address many of these. (I recall that Quentin Campbell of Newcastle provided input to this reduction process.) Nevertheless (and probably inevitably) the possibility of f.p.s will remain. 1. Julian: Do you have a mechanism by wish we can report "false positives" to you so that you can see whether there are other criteria that might help you reduce even further the f.p. rate in MS? 2. Most of us probably regard the technique of: http://looks.nice.com/ as undesirable (even if technically legal) and that there is a case for trying to educate the creators of many (most?) such things. Might is be worth us (the MailScanner community) developing a simple, short paragraph or text that we can hand to our local users who receive such things, for them to pass on to the external people who sent them? (This could be included in ths MS distribution.) -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 21 16:31:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Handling phishing false positives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The latest beta includes a "phishing whitelist" so that in your example below you would add ugly.thing to the whitelist file and it would not be caught by the phishing net. This means you can pretty much eliminate false positives altogether after a while. David Lee wrote: > Just over two weeks ago, we installed MS 4.37.7 and kept its new: > Find Phishing Fraud = yes > > We have had very little adverse criticism in that time, but there has > been > one user asking about a false positive. > > I realise the setting can be a ruleset. So theoretically, we could begin > to use that as users request that certain external sources be, in effect, > whitelisted. But I see this as a potentially long piece of string (we > have a local user population of around 20,000) and some maintenance > issues > lurking. (How long do we keep things? Who authorises what should be > cleaned out (and when)?) > > I recall that in the early days of MS's anti-phishing, there was a > significant number of false positives, and that Julian tightened up the > code to try to address many of these. (I recall that Quentin Campbell of > Newcastle provided input to this reduction process.) Nevertheless (and > probably inevitably) the possibility of f.p.s will remain. > > 1. Julian: Do you have a mechanism by wish we can report "false > positives" > to you so that you can see whether there are other criteria that might > help you reduce even further the f.p. rate in MS? > > 2. Most of us probably regard the technique of: > http://looks.nice.com/ > as undesirable (even if technically legal) and that there is a case > for trying to educate the creators of many (most?) such things. > > Might is be worth us (the MailScanner community) developing a simple, > short paragraph or text that we can hand to our local users who > receive > such things, for them to pass on to the external people who sent them? > (This could be included in ths MS distribution.) > > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jan 21 16:41:23 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > And there is the "Sunbird" plugin for Thunderbird which is a full > fledged suite to handle your Calendaring needs :) > I googled and I couldn't find the plugin... Do you have an URL? Thanks, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 21 16:55:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: Ugo http://www.mozilla.org/projects/calendar/ -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Ugo Bellavance wrote: >> >> And there is the "Sunbird" plugin for Thunderbird which is a full >> fledged suite to handle your Calendaring needs :) >> > > I googled and I couldn't find the plugin... Do you have an URL? > > Thanks, > > Ugo > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Fri Jan 21 16:56:04 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:28:16 2006 Subject: OT: IMAP and subfolders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: >> >> And there is the "Sunbird" plugin for Thunderbird which is a full >> fledged suite to handle your Calendaring needs :) >> > > I googled and I couldn't find the plugin... Do you have an URL? > > Thanks, > > Ugo Mozilla SunBird is a standalone product. Mozilla Calendar is the extension for Firefox and Thunderbird. http://www.mozilla.org/projects/calendar/ -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Fri Jan 21 17:04:50 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:16 2006 Subject: Spamassassin time outs Message-ID: Ever since we upgraded to spamassassin 3.02 in the maillog we are getting a lot of "Spamassassin timed out and was killed, failure " There does not seem to be any reason for this that I can find anyone got any idea's ??? Thank you. Philip Parsons Team Leader, IT Columbia Fuels Inc. 2669 Wilfert Rd., Victoria BC, V9B 5Z3 Phone: (250) 391-3638 Cell: (250) 883-5972 http://www.columbiafuels.com http://www.columbiaenergy.com http://www.columbiaice.com pparsons@columbiafuels.com E-mail protection by Mailscanner/SA Virus protection by Bitdefender/ClamAv ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 21 17:08:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:16 2006 Subject: Spamassassin time outs Message-ID: Philip are you running ALL the RBL's included with SA 3.02?? that could do it.. alternatively increase the timeout in MailScanner.conf to at least 100. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Philip Parsons wrote: > Ever since we upgraded to spamassassin 3.02 in the maillog we are > getting a lot of > > "Spamassassin timed out and was killed, failure " > > There does not seem to be any reason for this that I can find anyone got > any idea's ??? > > Thank you. > Philip Parsons > Team Leader, IT > > Columbia Fuels Inc. > 2669 Wilfert Rd., Victoria BC, V9B 5Z3 > Phone: (250) 391-3638 > Cell: (250) 883-5972 > _http://www.columbiafuels.com_ _ > > __http://www.columbiaenergy.com_ _ > > __http://www.columbiaice.com_ _ > pparsons@columbiafuels.com > E-mail protection by Mailscanner/SA > Virus protection by Bitdefender/ClamAv _ > > _------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* _ ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Jan 21 17:21:32 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:16 2006 Subject: Handling phishing false positives Message-ID: On Fri, 21 Jan 2005, Julian Field wrote: > The latest beta includes a "phishing whitelist" so that in your example > below you would add > ugly.thing > to the whitelist file and it would not be caught by the phishing net. > > This means you can pretty much eliminate false positives altogether > after a while. Thanks. That's useful and helpful to know. My main questions, which I think are still valid, are from a wider perspective than simply "me at my site for my users' sake": >> 1. Julian: Do you have a mechanism by wish we can report "false >> positives" >> to you so that you can see whether there are other criteria that might >> help you reduce even further the f.p. rate in MS? [ Clarification: might there be any systematic f.p. symptoms which the current code (4.37.7 etc.) is missing? ] >> 2. Most of us probably regard the technique of: >> http://looks.nice.com/ >> as undesirable (even if technically legal) and that there is a case >> for trying to educate the creators of many (most?) such things. >> >> Might is be worth us (the MailScanner community) developing a simple, >> short paragraph or text that we can hand to our local users who >> receive >> such things, for them to pass on to the external people who sent them? >> (This could be included in ths MS distribution.) [ Clarification: helping _all_ MS sites to act in a _coordinated_ manner to try to correct the undesirable practices at their many sources. ] -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jan 21 17:31:32 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:16 2006 Subject: Spamassassin time outs Message-ID: At 12:04 PM 1/21/2005, Philip Parsons wrote: >Ever since we upgraded to spamassassin 3.02 in the maillog we are getting >a lot of > >"Spamassassin timed out and was killed, failure " > >There does not seem to be any reason for this that I can find anyone got >any idea's ??? 1) make sure the AWL is off.. you need to do this at the spamassassin level, as SA 3.0's API does not respond to MailScanner's attempts to disable it. The extra DB overhead here can be substantial. 2) Are you using bayes? Check for "expire" files next to your bayes database files.. If you have those piling up, MS is timing out SA while it's doing bayes database expiry. Either disable bayes_auto_expire and run sa-learn --force-expire from a cronjob, or extend your spamassassin timeout to a really large value. 3) SA 3.0 queries a lot more RBLs.. run spamassassin --lint -D and see if it's getting hung up there. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andy at TIRESWING.NET Fri Jan 21 17:47:28 2005 From: andy at TIRESWING.NET (Andy Norris) Date: Thu Jan 12 21:28:16 2006 Subject: not scanning? Message-ID: Have a look at these headers. Looks like this wasn't scanned by SpamAssassin? Seems like every time we take a couple steps forward with getting everything configured, we take at least as many backwards. X-Persona: Return-Path: Received: from tireswing.arsalon.net (root@localhost) by tireswing.net (8.12.10/8.12.10) with ESMTP id j0LHp4sS000423; Fri, 21 Jan 2005 11:51:04 -0600 X-ClientAddr: 218.152.144.118 Received: from 206.113.206.225 ([218.152.144.118]) by tireswing.arsalon.net (8.12.10/8.12.10) with SMTP id j0LHoFVl032717; Fri, 21 Jan 2005 11:50:17 -0600 Received: from smolder519.dogtrot.CorneliaB@hisword.com (middleweight098.CorneliaB@hisword.com [218.152.144.118]) by smtp-abalone.coin.CorneliaB@hisword.com (Postfix) with SMTP id 34DM27BJ18D for ; Fri, 21 Jan 2005 18:40:23 +0100 Date: Fri, 21 Jan 2005 11:37:23 -0600 Message-Id: <43823570899.84962@CorneliaB@hisword.com> From: Carla Mendez To: Andynorris Subject: Harder means happier! tips and tricks inside MIME-Version: 1.0 (produced by bespokebordello 1.9) Content-Type: multipart/alternative; boundary="--4amoebae:136god?64crater+5gibbs_" X-TireSwing-MailScanner-Information: Please contact the ISP for more information X-TireSwing-MailScanner: Found to be clean X-TireSwing-MailScanner-SpamScore: ssss X-MailScanner-From: corneliab@hisword.com Status: ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 21 17:53:45 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:16 2006 Subject: not scanning? Message-ID: Andy yes it was.. X-TireSwing-MailScanner-SpamScore: ssss spam score of 4... if you change settings in MailScanner.conf to the folowing you'll see more detail in the headers about what rules hit. SpamScore Number Instead Of Stars = yes Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Spam Score Number Format = %5.2f -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Andy Norris wrote: > Have a look at these headers. Looks like this wasn't scanned by > SpamAssassin? > > Seems like every time we take a couple steps forward with getting > everything configured, we take at least as many backwards. > > > > X-Persona: > Return-Path: > Received: from tireswing.arsalon.net (root@localhost) > by tireswing.net (8.12.10/8.12.10) with ESMTP id j0LHp4sS000423; > Fri, 21 Jan 2005 11:51:04 -0600 > X-ClientAddr: 218.152.144.118 > Received: from 206.113.206.225 ([218.152.144.118]) > by tireswing.arsalon.net (8.12.10/8.12.10) with SMTP id > j0LHoFVl032717; > Fri, 21 Jan 2005 11:50:17 -0600 > Received: from smolder519.dogtrot.CorneliaB@hisword.com > (middleweight098.CorneliaB@hisword.com [218.152.144.118]) > by smtp-abalone.coin.CorneliaB@hisword.com (Postfix) with SMTP id > 34DM27BJ18D > for ; Fri, 21 Jan 2005 18:40:23 +0100 > Date: Fri, 21 Jan 2005 11:37:23 -0600 > Message-Id: <43823570899.84962@CorneliaB@hisword.com> > From: Carla Mendez > To: Andynorris > Subject: Harder means happier! tips and tricks inside > MIME-Version: 1.0 (produced by bespokebordello 1.9) > Content-Type: multipart/alternative; > boundary="--4amoebae:136god?64crater+5gibbs_" > X-TireSwing-MailScanner-Information: Please contact the ISP for more > information > X-TireSwing-MailScanner: Found to be clean > X-TireSwing-MailScanner-SpamScore: ssss > X-MailScanner-From: corneliab@hisword.com > Status: > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Fri Jan 21 18:02:12 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:16 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Rocky McCamey wrote: > >>> >> user and group are set to postfix in the mailscanenr.conf > > > Can you try unemerging MailScanner and installing from the tarball on > the MS site? I'm just wondering if the emerge package is broken. > > Drew > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > I installed from the tar on the website, and I still get that same error. I have also gone ahead and unmerged postfix and then merged it back again, and still the same thing. -Rocky ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andy at TIRESWING.NET Fri Jan 21 18:01:47 2005 From: andy at TIRESWING.NET (Andy Norris) Date: Thu Jan 12 21:28:16 2006 Subject: not scanning? Message-ID: Thanks, Martin. We had our host update some DNS stuff on our box (I'm not a DNS expert by any means), and we have trusted networks now. But when I looked in there on the chkconfig, spamassassin had been turned back ON somehow, so spamd was running on its own. I needed a second pair of eyes there to let me know we weren't back in our come-one, come-all approach to receiving spam into our fold. Thank you much, Andy At 11:53 am 2005-01-21, you wrote: >Andy > >yes it was.. > >X-TireSwing-MailScanner-SpamScore: ssss > >spam score of 4... > >if you change settings in MailScanner.conf to the folowing you'll see >more detail in the headers about what rules hit. > >SpamScore Number Instead Of Stars = yes >Detailed Spam Report = yes >Include Scores In SpamAssassin Report = yes >Spam Score Number Format = %5.2f > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > >Andy Norris wrote: >>Have a look at these headers. Looks like this wasn't scanned by >>SpamAssassin? >> >>Seems like every time we take a couple steps forward with getting >>everything configured, we take at least as many backwards. >> >> >> >>X-Persona: >>Return-Path: >>Received: from tireswing.arsalon.net (root@localhost) >> by tireswing.net (8.12.10/8.12.10) with ESMTP id j0LHp4sS000423; >> Fri, 21 Jan 2005 11:51:04 -0600 >>X-ClientAddr: 218.152.144.118 >>Received: from 206.113.206.225 ([218.152.144.118]) >> by tireswing.arsalon.net (8.12.10/8.12.10) with SMTP id >>j0LHoFVl032717; >> Fri, 21 Jan 2005 11:50:17 -0600 >>Received: from smolder519.dogtrot.CorneliaB@hisword.com >>(middleweight098.CorneliaB@hisword.com [218.152.144.118]) >> by smtp-abalone.coin.CorneliaB@hisword.com (Postfix) with SMTP id >>34DM27BJ18D >> for ; Fri, 21 Jan 2005 18:40:23 +0100 >>Date: Fri, 21 Jan 2005 11:37:23 -0600 >>Message-Id: <43823570899.84962@CorneliaB@hisword.com> >>From: Carla Mendez >>To: Andynorris >>Subject: Harder means happier! tips and tricks inside >>MIME-Version: 1.0 (produced by bespokebordello 1.9) >>Content-Type: multipart/alternative; >> boundary="--4amoebae:136god?64crater+5gibbs_" >>X-TireSwing-MailScanner-Information: Please contact the ISP for more >>information >>X-TireSwing-MailScanner: Found to be clean >>X-TireSwing-MailScanner-SpamScore: ssss >>X-MailScanner-From: corneliab@hisword.com >>Status: >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Fri Jan 21 19:55:32 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:16 2006 Subject: relaying denied Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] when sending email im getting a 550 5.7.1 relaying denied IP name lookup failed [xxx.xxx.x.x] any ideas? -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jan 21 19:55:09 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:16 2006 Subject: relaying denied Message-ID: At 02:55 PM 1/21/2005, JD wrote: >when sending email im getting a 550 5.7.1 relaying denied IP name lookup >failed [xxx.xxx.x.x] > >any ideas? Does xxx.xxx.x.x have a PTR record (ie: can you do a reverse DNS lookup on it at your mailserver?). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Fri Jan 21 20:07:33 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:16 2006 Subject: relaying denied Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First make sure you have commented out DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl in your sendmail.mc Also make sure you have the domain name listed in your etc/mail/access. if its in there. Then determine where you are. If you are outside of the network where the mail server is based. You have to allow relaying for the ip address of the computer that you are sending email from. If you don't want to that. You can use smtp auth. Matt Kettler wrote: > At 02:55 PM 1/21/2005, JD wrote: > >> when sending email im getting a 550 5.7.1 relaying denied IP name lookup >> failed [xxx.xxx.x.x] >> >> any ideas? > > > Does xxx.xxx.x.x have a PTR record (ie: can you do a reverse DNS > lookup on > it at your mailserver?). > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Fri Jan 21 20:59:16 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:16 2006 Subject: Spamassassin time outs Message-ID: Were would I be able to do this ???? 1) make sure the AWL is off.. you need to do this at the spamassassin level, -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Friday, January 21, 2005 9:32 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin time outs At 12:04 PM 1/21/2005, Philip Parsons wrote: >Ever since we upgraded to spamassassin 3.02 in the maillog we are >getting a lot of > >"Spamassassin timed out and was killed, failure " > >There does not seem to be any reason for this that I can find anyone >got any idea's ??? 1) make sure the AWL is off.. you need to do this at the spamassassin level, as SA 3.0's API does not respond to MailScanner's attempts to disable it. The extra DB overhead here can be substantial. 2) Are you using bayes? Check for "expire" files next to your bayes database files.. If you have those piling up, MS is timing out SA while it's doing bayes database expiry. Either disable bayes_auto_expire and run sa-learn --force-expire from a cronjob, or extend your spamassassin timeout to a really large value. 3) SA 3.0 queries a lot more RBLs.. run spamassassin --lint -D and see if it's getting hung up there. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jan 21 21:29:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:16 2006 Subject: Spamassassin time outs Message-ID: At 03:59 PM 1/21/2005, Philip Parsons wrote: > Were would I be able to do this ???? > >1) make sure the AWL is off.. you need to do this at the spamassassin >level, My recommendation would be to add this to /etc/mail/spamassassin/local.cf: use_auto_whitelist 0 Note: you'll need to do a "service MailScanner reload" in order to reprocess the new local.cf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 21 21:40:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:16 2006 Subject: Handling phishing false positives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The code has changed a bit since 4.37, so hopefully the FP rate has dropped. Other than that, report FP's to me and I'll see what I can do. David Lee wrote: > On Fri, 21 Jan 2005, Julian Field wrote: > >> The latest beta includes a "phishing whitelist" so that in your example >> below you would add >> ugly.thing >> to the whitelist file and it would not be caught by the phishing net. >> >> This means you can pretty much eliminate false positives altogether >> after a while. > > > Thanks. That's useful and helpful to know. > > My main questions, which I think are still valid, are from a wider > perspective than simply "me at my site for my users' sake": > >>> 1. Julian: Do you have a mechanism by wish we can report "false >>> positives" >>> to you so that you can see whether there are other criteria that >>> might >>> help you reduce even further the f.p. rate in MS? >> > [ Clarification: might there be any systematic f.p. symptoms which the > current code (4.37.7 etc.) is missing? ] > > >>> 2. Most of us probably regard the technique of: >>> http://looks.nice.com/ >>> as undesirable (even if technically legal) and that there is a case >>> for trying to educate the creators of many (most?) such things. >>> >>> Might is be worth us (the MailScanner community) developing a >>> simple, >>> short paragraph or text that we can hand to our local users who >>> receive >>> such things, for them to pass on to the external people who sent >>> them? >>> (This could be included in ths MS distribution.) >> > [ Clarification: helping _all_ MS sites to act in a _coordinated_ manner > to try to correct the undesirable practices at their many sources. ] > > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Fri Jan 21 22:12:01 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:16 2006 Subject: relaying denied Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks guys, it was listed in the access, but wasn't made into the access.db file. Now the only problem im having is it won't forward to my win-mail box. mailertable is specifying mydomain.com [X.X.X.X] and its accepting my telnetted mail. but it won't show up in my mailbox. -JD -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of David Ballengee Sent: Friday, January 21, 2005 12:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: relaying denied First make sure you have commented out DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl in your sendmail.mc Also make sure you have the domain name listed in your etc/mail/access. if its in there. Then determine where you are. If you are outside of the network where the mail server is based. You have to allow relaying for the ip address of the computer that you are sending email from. If you don't want to that. You can use smtp auth. Matt Kettler wrote: > At 02:55 PM 1/21/2005, JD wrote: > >> when sending email im getting a 550 5.7.1 relaying denied IP name lookup >> failed [xxx.xxx.x.x] >> >> any ideas? > > > Does xxx.xxx.x.x have a PTR record (ie: can you do a reverse DNS > lookup on > it at your mailserver?). > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Fri Jan 21 22:14:56 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:16 2006 Subject: relaying denied Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey sorry all, Im the idiot, it really was forwarding, i was just checking the wrong address. Im sorry for bothering you guys about this. I hope this doesn't kill my alotted questions. -JD -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of David Ballengee Sent: Friday, January 21, 2005 12:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: relaying denied First make sure you have commented out DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl in your sendmail.mc Also make sure you have the domain name listed in your etc/mail/access. if its in there. Then determine where you are. If you are outside of the network where the mail server is based. You have to allow relaying for the ip address of the computer that you are sending email from. If you don't want to that. You can use smtp auth. Matt Kettler wrote: > At 02:55 PM 1/21/2005, JD wrote: > >> when sending email im getting a 550 5.7.1 relaying denied IP name lookup >> failed [xxx.xxx.x.x] >> >> any ideas? > > > Does xxx.xxx.x.x have a PTR record (ie: can you do a reverse DNS > lookup on > it at your mailserver?). > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin at MICA.NET Fri Jan 21 22:58:15 2005 From: Kevin at MICA.NET (Kevin Hanser) Date: Thu Jan 12 21:28:17 2006 Subject: MailScanner not processing mail, appears to keep dying... Message-ID: I am having a strange problem w/a new MailScanner installation... I had MailScanner installed on this machine previously, but have recently reloaded it. Strange thing is, it was working @ one time, and I'm not sure why it's not now... As far as I can tell, MailScanner keeps dying when it starts up. I see logs like this: Jan 21 17:54:11 opti MailScanner[32496]: Enabling SpamAssassin auto-whitelist functionality... Jan 21 17:54:20 opti MailScanner[32499]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 21 17:54:21 opti MailScanner[32499]: Enabling SpamAssassin auto-whitelist functionality... Jan 21 17:54:36 opti MailScanner[32600]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 21 17:54:38 opti MailScanner[32600]: Enabling SpamAssassin auto-whitelist functionality... Jan 21 17:54:46 opti MailScanner[32610]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 21 17:54:47 opti MailScanner[32610]: Enabling SpamAssassin auto-whitelist functionality... (over and over and over again) I know mail is coming in, but MailScanner just isn't processing it: Jan 21 17:55:01 opti sendmail[32616]: j0LMt1UN032616: from=root, size=334, class=0, nrcpts=1, msgid=<200501212255.j0LMt1UN032616@opti.hanser.org>, relay=root@localhost Jan 21 17:55:01 opti sm-mta[32617]: j0LMt1rd032617: from=, size=591, class=0, nrcpts=1, msgid=<200501212255.j0LMt1UN032616@opti.hanser.org>, proto=ESMTP, daemon=MTA, relay=opti.hanser.org [127.0.0.1] Jan 21 17:55:02 opti sendmail[32616]: j0LMt1UN032616: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30334, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j0LMt1rd032617 Message accepted for delivery) Jan 21 17:55:06 opti MailScanner[32618]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 21 17:55:07 opti MailScanner[32618]: Enabling SpamAssassin auto-whitelist functionality... And my processes look like this: j@opti j $ ps -ef | grep Mail root 31736 1 0 17:50 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf root 32138 31736 6 17:52 ? 00:00:02 [MailScanner] root 32140 31736 8 17:52 ? 00:00:02 [MailScanner] root 32142 31736 11 17:52 ? 00:00:02 [MailScanner] root 32144 31736 20 17:52 ? 00:00:02 [MailScanner] root 32356 31736 67 17:52 ? 00:00:02 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf j 32421 28542 0 17:53 pts/0 00:00:00 grep Mail And then if I wait a few seconds and look @ the processes again, I have: j@opti j $ ps -ef | grep Mail root 31736 1 0 17:50 ? 00:00:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf root 32138 31736 6 17:52 ? 00:00:02 [MailScanner] root 32140 31736 8 17:52 ? 00:00:02 [MailScanner] root 32142 31736 11 17:52 ? 00:00:02 [MailScanner] root 32144 31736 20 17:52 ? 00:00:02 [MailScanner] root 32356 31736 71 17:53 ? 00:00:02 [MailScanner] j 32443 28542 0 17:53 pts/0 00:00:00 grep Mail Which seems to indicate the process that was starting up @ the bottom of the list (32356), is now defunct. Any ideas on what's going on here...? Thx! k ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 21 23:02:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: MailScanner not processing mail, appears to keep dying... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you remembered to install SpamAssassin? Otherwise, in your MailScanner.conf set Debug = yes and Debug SpamAssassin = yes, then get a couple of messages in your incoming mail queue and then run "check_MailScanner". It should print out an error message that says what is going wrong. Kevin Hanser wrote: >I am having a strange problem w/a new MailScanner installation... I had >MailScanner installed on this machine previously, but have recently >reloaded it. Strange thing is, it was working @ one time, and I'm not >sure why it's not now... > > >As far as I can tell, MailScanner keeps dying when it starts up. I see >logs like this: > >Jan 21 17:54:11 opti MailScanner[32496]: Enabling SpamAssassin >auto-whitelist functionality... >Jan 21 17:54:20 opti MailScanner[32499]: MailScanner E-Mail Virus >Scanner version 4.37.7 starting... >Jan 21 17:54:21 opti MailScanner[32499]: Enabling SpamAssassin >auto-whitelist functionality... >Jan 21 17:54:36 opti MailScanner[32600]: MailScanner E-Mail Virus >Scanner version 4.37.7 starting... >Jan 21 17:54:38 opti MailScanner[32600]: Enabling SpamAssassin >auto-whitelist functionality... >Jan 21 17:54:46 opti MailScanner[32610]: MailScanner E-Mail Virus >Scanner version 4.37.7 starting... >Jan 21 17:54:47 opti MailScanner[32610]: Enabling SpamAssassin >auto-whitelist functionality... > >(over and over and over again) > > >I know mail is coming in, but MailScanner just isn't processing it: > >Jan 21 17:55:01 opti sendmail[32616]: j0LMt1UN032616: from=root, >size=334, class=0, nrcpts=1, >msgid=<200501212255.j0LMt1UN032616@opti.hanser.org>, >relay=root@localhost >Jan 21 17:55:01 opti sm-mta[32617]: j0LMt1rd032617: >from=, size=591, class=0, nrcpts=1, >msgid=<200501212255.j0LMt1UN032616@opti.hanser.org>, proto=ESMTP, >daemon=MTA, relay=opti.hanser.org [127.0.0.1] >Jan 21 17:55:02 opti sendmail[32616]: j0LMt1UN032616: to=root, >ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, >pri=30334, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent >(j0LMt1rd032617 Message accepted for delivery) >Jan 21 17:55:06 opti MailScanner[32618]: MailScanner E-Mail Virus >Scanner version 4.37.7 starting... >Jan 21 17:55:07 opti MailScanner[32618]: Enabling SpamAssassin >auto-whitelist functionality... > > >And my processes look like this: > >j@opti j $ ps -ef | grep Mail >root 31736 1 0 17:50 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner >/opt/MailScanner/etc/MailScanner.conf >root 32138 31736 6 17:52 ? 00:00:02 [MailScanner] >root 32140 31736 8 17:52 ? 00:00:02 [MailScanner] >root 32142 31736 11 17:52 ? 00:00:02 [MailScanner] >root 32144 31736 20 17:52 ? 00:00:02 [MailScanner] >root 32356 31736 67 17:52 ? 00:00:02 /usr/bin/perl >-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner >/opt/MailScanner/etc/MailScanner.conf >j 32421 28542 0 17:53 pts/0 00:00:00 grep Mail > > >And then if I wait a few seconds and look @ the processes again, I have: > >j@opti j $ ps -ef | grep Mail >root 31736 1 0 17:50 ? 00:00:00 /usr/bin/perl >-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner >/opt/MailScanner/etc/MailScanner.conf >root 32138 31736 6 17:52 ? 00:00:02 [MailScanner] >root 32140 31736 8 17:52 ? 00:00:02 [MailScanner] >root 32142 31736 11 17:52 ? 00:00:02 [MailScanner] >root 32144 31736 20 17:52 ? 00:00:02 [MailScanner] >root 32356 31736 71 17:53 ? 00:00:02 [MailScanner] >j 32443 28542 0 17:53 pts/0 00:00:00 grep Mail > > >Which seems to indicate the process that was starting up @ the bottom of >the list (32356), is now defunct. > >Any ideas on what's going on here...? > >Thx! > >k > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Jan 22 00:07:12 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:17 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rocky McCamey wrote: I installed from the tar on the website, and I still get that same error. I have also gone ahead and unmerged postfix and then merged it back again, and still the same thing. -Rocky So to re-cap 1. With out MailScanner Postfix runs fine? 2. You install MS and Postfix complains with exit errors? 3. You checked that the sendmail binary is pointing to the correct Postfix equivalent and not an 'old' Sendmail one? 4. Are all your spool directory paths in MailScanner.conf true paths with no sym links? 5. Have you any mail in the mail queue (mailq will do it)? 6. Does Postfix complain if you just start it with out MailScanner (postfix start)? 7. With Postfix stopped, set the debug options on in MailScanner.conf and the start just MailScanner and check the output (Just in case). I'll go with just the luck 7 for now! ;-) Let me know how you get on. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Sat Jan 22 00:41:09 2005 From: nats at SSCRMNL.EDU.PH (nats) Date: Thu Jan 12 21:28:17 2006 Subject: ClamAV perl module not found! Message-ID: Yes, i installed via cpan, how do i go around with this? I have on my /usr/lib/perl5/ are 5.8.0 and 5.8.5 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Raymond Dijkxhoorn Sent: Friday, January 21, 2005 4:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ClamAV perl module not found! Hi! > When i do MailScanner -v | grep ClamAV, it says that it is missing, but i do > have install Mail::ClamAV by installing it via cpan, and it says that > Mail::ClamAV is up to date. I dont get it, pls help. I have perl version > 5.8.5 > Mail::ClamAV > > Can you run: MailScanner -v | grep ClamAV Most likely you have multiple perl instances on your box? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph -- All messages that are coming from this domain is certified to be virus and spam free. If ever you have received any virus infected content or spam, please report it to the internet administrator of this domain nats@sscrmnl.edu.ph ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin at MICA.NET Sat Jan 22 01:54:12 2005 From: Kevin at MICA.NET (Kevin Hanser) Date: Thu Jan 12 21:28:17 2006 Subject: MailScanner not processing mail, appears to keep dying... Message-ID: Thanks for the quick reply, Julian. Well, I put it into debug mode as you suggested, and ran the check_mailscanner script, and it started printing out a _bunch_ of spamassassin "debug:" messages (scrolling too fast for me to see). However, I just went and ran the mailscanner install.sh script again to reinstall, and now it's processing messages. Weeeeird.... Hey, I don't care though, as long as it works :) Thanx! k > -----Original Message----- > From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] > Sent: Friday, January 21, 2005 6:03 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner not processing mail, appears to keep dying... > > Have you remembered to install SpamAssassin? > > Otherwise, in your MailScanner.conf set Debug = yes and Debug > SpamAssassin = yes, then get a couple of messages in your > incoming mail > queue and then run "check_MailScanner". It should print out an error > message that says what is going wrong. > > Kevin Hanser wrote: > > >I am having a strange problem w/a new MailScanner > installation... I had > >MailScanner installed on this machine previously, but have recently > >reloaded it. Strange thing is, it was working @ one time, > and I'm not > >sure why it's not now... > > > > > >As far as I can tell, MailScanner keeps dying when it starts > up. I see > >logs like this: > > > >Jan 21 17:54:11 opti MailScanner[32496]: Enabling SpamAssassin > >auto-whitelist functionality... > >Jan 21 17:54:20 opti MailScanner[32499]: MailScanner E-Mail Virus > >Scanner version 4.37.7 starting... > >Jan 21 17:54:21 opti MailScanner[32499]: Enabling SpamAssassin > >auto-whitelist functionality... > >Jan 21 17:54:36 opti MailScanner[32600]: MailScanner E-Mail Virus > >Scanner version 4.37.7 starting... > >Jan 21 17:54:38 opti MailScanner[32600]: Enabling SpamAssassin > >auto-whitelist functionality... > >Jan 21 17:54:46 opti MailScanner[32610]: MailScanner E-Mail Virus > >Scanner version 4.37.7 starting... > >Jan 21 17:54:47 opti MailScanner[32610]: Enabling SpamAssassin > >auto-whitelist functionality... > > > >(over and over and over again) > > > > > >I know mail is coming in, but MailScanner just isn't processing it: > > > >Jan 21 17:55:01 opti sendmail[32616]: j0LMt1UN032616: from=root, > >size=334, class=0, nrcpts=1, > >msgid=<200501212255.j0LMt1UN032616@opti.hanser.org>, > >relay=root@localhost > >Jan 21 17:55:01 opti sm-mta[32617]: j0LMt1rd032617: > >from=, size=591, class=0, nrcpts=1, > >msgid=<200501212255.j0LMt1UN032616@opti.hanser.org>, proto=ESMTP, > >daemon=MTA, relay=opti.hanser.org [127.0.0.1] > >Jan 21 17:55:02 opti sendmail[32616]: j0LMt1UN032616: to=root, > >ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, > >pri=30334, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent > >(j0LMt1rd032617 Message accepted for delivery) > >Jan 21 17:55:06 opti MailScanner[32618]: MailScanner E-Mail Virus > >Scanner version 4.37.7 starting... > >Jan 21 17:55:07 opti MailScanner[32618]: Enabling SpamAssassin > >auto-whitelist functionality... > > > > > >And my processes look like this: > > > >j@opti j $ ps -ef | grep Mail > >root 31736 1 0 17:50 ? 00:00:00 /usr/bin/perl > >-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner > >/opt/MailScanner/etc/MailScanner.conf > >root 32138 31736 6 17:52 ? 00:00:02 > [MailScanner] > >root 32140 31736 8 17:52 ? 00:00:02 > [MailScanner] > >root 32142 31736 11 17:52 ? 00:00:02 > [MailScanner] > >root 32144 31736 20 17:52 ? 00:00:02 > [MailScanner] > >root 32356 31736 67 17:52 ? 00:00:02 /usr/bin/perl > >-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner > >/opt/MailScanner/etc/MailScanner.conf > >j 32421 28542 0 17:53 pts/0 00:00:00 grep Mail > > > > > >And then if I wait a few seconds and look @ the processes > again, I have: > > > >j@opti j $ ps -ef | grep Mail > >root 31736 1 0 17:50 ? 00:00:00 /usr/bin/perl > >-I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner > >/opt/MailScanner/etc/MailScanner.conf > >root 32138 31736 6 17:52 ? 00:00:02 > [MailScanner] > >root 32140 31736 8 17:52 ? 00:00:02 > [MailScanner] > >root 32142 31736 11 17:52 ? 00:00:02 > [MailScanner] > >root 32144 31736 20 17:52 ? 00:00:02 > [MailScanner] > >root 32356 31736 71 17:53 ? 00:00:02 > [MailScanner] > >j 32443 28542 0 17:53 pts/0 00:00:00 grep Mail > > > > > >Which seems to indicate the process that was starting up @ > the bottom of > >the list (32356), is now defunct. > > > >Any ideas on what's going on here...? > > > >Thx! > > > >k > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Sat Jan 22 04:14:36 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:17 2006 Subject: OT: IMAP and subfolders Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have had very good luck with dovecot running on both a fedora and RHEL 3.0. I use it mostly as a pop server but I also use its IMAP functionality a bunch too. Really easy to setup. It is also supper fast. schrock ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sat Jan 22 10:20:12 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:17 2006 Subject: ClamAV perl module not found! Message-ID: Hi! > Yes, i installed via cpan, how do i go around with this? I have on my > /usr/lib/perl5/ are 5.8.0 and 5.8.5 >> Can you run: MailScanner -v | grep ClamAV > > Most likely you have multiple perl instances on your box? Is there a reason you need two perl instances? Best would be to remove one, since it will only cause trouble, obviously... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Sat Jan 22 17:05:48 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:17 2006 Subject: Spamassassin time outs Message-ID: Thanks this has helped,, but now another weird problem has shown up, I have an account that collects a lot of spam and now there are pieces of mail that are not being marked but in the headers it has the score above what is needed...I would say this is 1 out of every 60 to 70 that this is happening to. Any idea's anyone?? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Friday, January 21, 2005 1:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin time outs At 03:59 PM 1/21/2005, Philip Parsons wrote: > Were would I be able to do this ???? > >1) make sure the AWL is off.. you need to do this at the spamassassin >level, My recommendation would be to add this to /etc/mail/spamassassin/local.cf: use_auto_whitelist 0 Note: you'll need to do a "service MailScanner reload" in order to reprocess the new local.cf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 23 17:08:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: Early release of Feb 2005 version Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone got any thoughts (good or bad) on me doing the February stable release of MailScanner in the last weekend of January instead (that's next weekend) ? I'm going on holiday on 3rd February and want to make sure everything is settled and working before I go. I will leave the January 2005 version on the downloads page as well, in case anything shows up after I've gone. If anyone's interested, I'm going to Austria for 10 days by train (1st class) and spending a nice relaxing week going out to see the sights and just wandering round the place getting some fresh air, all courtesy of Great Rail Journeys, who are a superb holiday company. I'll only really be reachable by mobile phone, so unless you already know that number you will have to ask others on the list and on IRC for help. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sun Jan 23 17:14:32 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:28:17 2006 Subject: Early release of Feb 2005 version Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Julian Field wrote: | | If anyone's interested, I'm going to Austria for 10 days by train Since I am in Austria. If you come to Vienna and tell me when you arrive, I would be more than happy to show you around. Of course I would also buy one of the beers for you that have been so often promised by numerous people. After all I have to say tahnk you for the sendmail split queue inplementation. Should you be interested feel free to contact me off list - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFB89t4PMoaMn4kKR4RAx9XAJ4pXxULsJ9thlAVFca3gckHmnkqZACfQnog dsxVYDJwvWVoNY9z0v0n+GI= =FplG -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 23 17:22:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: Early release of Feb 2005 version Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Julian Field wrote: > > | > | If anyone's interested, I'm going to Austria for 10 days by train > > > Since I am in Austria. If you come to Vienna and tell me when you > arrive, I > would be more than happy to show you around. Of course I would also > buy one of > the beers for you that have been so often promised by numerous people. > After > all I have to say tahnk you for the sendmail split queue inplementation. > Should you be interested feel free to contact me off list I'll check the itinerary and see if I go to Vienna, not sure we do, but I'll check. Thanks for the offer! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Jan 23 18:01:31 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:17 2006 Subject: Early release of Feb 2005 version Message-ID: Hi! > Anyone got any thoughts (good or bad) on me doing the February stable > release of MailScanner in the last weekend of January instead (that's > next weekend) ? > > I'm going on holiday on 3rd February and want to make sure everything is > settled and working before I go. I will leave the January 2005 version > on the downloads page as well, in case anything shows up after I've > gone. If there wont be more changes, sure, the current beta is running just fine it seems. > If anyone's interested, I'm going to Austria for 10 days by train (1st > class) and spending a nice relaxing week going out to see the sights and > just wandering round the place getting some fresh air, all courtesy of > Great Rail Journeys, who are a superb holiday company. I'll only really > be reachable by mobile phone, so unless you already know that number you > will have to ask others on the list and on IRC for help. Have fun there! > Support MailScanner development - buy the book Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 23 18:06:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: Early release of Feb 2005 version Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >> Anyone got any thoughts (good or bad) on me doing the February stable >> release of MailScanner in the last weekend of January instead (that's >> next weekend) ? >> >> I'm going on holiday on 3rd February and want to make sure everything is >> settled and working before I go. I will leave the January 2005 version >> on the downloads page as well, in case anything shows up after I've >> gone. > > > If there wont be more changes, sure, the current beta is running just > fine it seems. There are a few more changes since 4.38.3, mostly pretty minor. Or they were intended that way... :) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Jan 23 18:10:35 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:17 2006 Subject: Early release of Feb 2005 version Message-ID: Hi! >> If there wont be more changes, sure, the current beta is running just >> fine it seems. > There are a few more changes since 4.38.3, mostly pretty minor. > Or they were intended that way... :) Ohw well, i guess if you can place 4.38.4 online we can find out one way or the other ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 23 18:15:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: Early release of Feb 2005 version Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >>> If there wont be more changes, sure, the current beta is running just >>> fine it seems. >> > >> There are a few more changes since 4.38.3, mostly pretty minor. >> Or they were intended that way... :) > > > Ohw well, i guess if you can place 4.38.4 online we can find out one way > or the other ;) Will do... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 23 18:35:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest beta code 4.38.4. This is mainly a cleanup and test version for release of the February 2005 version, which I will be releasing slightly early, next weekend. Then I'm away on holiday for a couple of weeks :-) - The logging of HTML disarming will only happen if something was actually changed in the message, not just because it *may* happen, which was the situation until now. - Subject: headers in non-English character sets are now correctly decoded into proper text before being displayed in notices. Most other changes are fairly minor. Download it as usual from www.mailscanner.info. The full Change Log is: * New Features and Improvements * - Upgraded to MIME-tools 5.416. - Added new filename restrictions using Microsoft vulnerability report from AUScert. - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work Dir and Incoming Queue Dir automatically from MailScanner.conf file. - Can now use $from, $id and $subject in inline signature for signing clean messages. - Any entry in the "Archive Mail" setting can contain _DATE_ which will be replaced with the current date in yyyymmdd form, so you can backup or move yesterday's archive safely knowing that it won't be written to today. - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to cause problems. - Added "Also Find Numeric Phishing" setting (on by default) so that all numeric IP addresses in links are flagged as being dangerous. - Added "$postmastername" to the list of variables available in many reports. - ClamAV -autoupdate script now logs all warnings and errors from freshclam. - Postfix support added to "IPBlock" functionality for SMTP connection throttling. Many thanks to Rakesh for writing this. - Updated German translations. Many thanks to Felix for doing this. - Added PDF version of new MailScanner advertising "flyer". - Added "Log Dangerous HTML Tags" configuration setting, and removed old "Log IFrame Tags" configuration setting, so that all potentially dangerous HTML tags are now logged. This helps when you are developing your white- list of safe sources of HTML tags, such as newsletters and daily cartoons. - Added "Phishing Safe Sites File" configuration setting to point to a file containing a list of fully-qualified hostnames which are ignored in the phishing detection tests. Any links to any of these hostnames are ignored in the phishing tests. - Added "Eicar" to non-forging viruses list, so it's easier for testing. - Upgraded to latest HTML::Parser version 3.45. - Changed logging about HTML disarming to only log if it actually changed the message. - Improved comments about ruleset filenames for Spam Actions et al. * Fixes * - Fixed problem where some spam was delivered even if the Spam Actions was set to "store delete" if the messages were not to be virus-scanned. - Fixed harmless uninitialised variables in HTML disarming. - Removed 2nd copy of tnef sources from tar distribution. - Fixed problem in phishing net where empty tags would cause false alarm on the previous normal link. - Fixed problem in a few situations where logging would say content disarming was happening when actually it wasn't. - Fixed problem where messages that were not virus-scanned did not have arbitrary headers removed. - Subject lines are now MIME decoded before writing to Postmaster notices. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From christian at JARNAS.NO Sun Jan 23 20:02:34 2005 From: christian at JARNAS.NO ([iso-8859-1] Christian Jarnæs) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >I have just released the latest beta code 4.38.4. > - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to > cause problems. why? If I define trusted_networks and internal_networks I should be ok? I am also sure the rpm upgrade wrote over my original spam.assassin.prefs.conf even if I had custom settings there. Keep up the good work! Hilsen Christian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 23 20:19:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Jarnæs wrote: >> I have just released the latest beta code 4.38.4. >> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >> known to >> cause problems. > > > why? If I define trusted_networks and internal_networks I should be ok? You'll need to check the SpamAssassin mailing list for details about this one. I did this on advice from a SpamAssassin expert. > I am also sure the rpm upgrade wrote over my original > spam.assassin.prefs.conf even if I had custom settings there. If you are 100% sure it did, then you should file a bug report with RedHat. It is marked as a "%config(noreplace)" file which means it won't overwrite the file if it has been modified. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Mon Jan 24 02:34:55 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Jarnæs wrote: >> I have just released the latest beta code 4.38.4. >> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is >> known to >> cause problems. > > > why? If I define trusted_networks and internal_networks I should be ok? Yes. I defined trusted_networks and the ALL_TRUSTED test is working very well for me. It detects when remote users are authenticating and sending mail through my server, and it does not impose the dial-up or spf penalties on them. I think the problems with ALL_TRUSTED were with the 3.0 version of SA. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Mon Jan 24 09:08:34 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:28:17 2006 Subject: Handling phishing false positives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > The code has changed a bit since 4.37, so hopefully the FP rate has > dropped. > Other than that, report FP's to me and I'll see what I can do. The FP rate has indeed dropped. About the only FPs I'm still seeing with 4.38.4 that it ought to be possible to detect are cases with some text within the tags in addition to the correct URL: > Click here to visit www.example.com I'm also seeing cases of text that looks vaguely like a URL but isn't getting detected: > All about .net technology Also, I just sent myself the examples above to an externally-hosted address as a test message. As a result they passed through MailScanner twice, and got detected as phishing on the way out *and* again on the way back in! But I guess fixing the above cases will effectively stop this double detection in its tracks. > Click here to color="red">MailScanner has detected a possible fraud attempt from > "www.example.com" claiming to be color="red">MailScanner has detected a possible fraud attempt from > "www.example.com" claiming to be visit www.example.com
John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 24 10:25:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just release 4.38.5 which includes the shiny new MIME-tools 5.417. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jan 24 13:45:15 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: You might want to consider upgrading Net-CIDR-0.09.tar.gz to version 0.10. I have been using this version with the last couple of releases of MailScanner with no problems. Have a good trip... Jeff Earickson Colby College On Mon, 24 Jan 2005, Julian Field wrote: > Date: Mon, 24 Jan 2005 10:25:04 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ANNOUNCE: Beta 4.38.4 released > > I have just release 4.38.5 which includes the shiny new MIME-tools 5.417. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 24 14:24:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just added it. 4.38.6 is now on the website. Jeff A. Earickson wrote: > You might want to consider upgrading Net-CIDR-0.09.tar.gz to version > 0.10. I have been using this version with the last couple of releases > of MailScanner with no problems. Have a good trip... > > Jeff Earickson > Colby College > > On Mon, 24 Jan 2005, Julian Field wrote: > >> Date: Mon, 24 Jan 2005 10:25:04 +0000 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: ANNOUNCE: Beta 4.38.4 released >> >> I have just release 4.38.5 which includes the shiny new MIME-tools >> 5.417. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Jan 24 14:39:20 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:17 2006 Subject: Spamassassin time outs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Parsons wrote: >Thanks this has helped,, but now another weird problem has shown up, I >have an account that collects a lot of spam and now there are pieces of >mail that are not being marked but in the headers it has the score above >what is needed...I would say this is 1 out of every 60 to 70 that this >is happening to. Any idea's anyone?? > > Look at the X-MailScanner headers and you'll find the reason. Probably because something is whitelisted. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From raymond at PROLOCATION.NET Mon Jan 24 15:45:38 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: Hi! > I have just release 4.38.5 which includes the shiny new MIME-tools 5.417. Running just fine, while we are updating, what about: perl-MailTools-1.50-1.src.rpm Also little outdated... ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 24 16:00:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How about we collect all these updates in 1 go... Raymond Dijkxhoorn wrote: > Hi! > >> I have just release 4.38.5 which includes the shiny new MIME-tools >> 5.417. > > > Running just fine, while we are updating, what about: > > perl-MailTools-1.50-1.src.rpm > > Also little outdated... ;) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Jan 24 16:07:27 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:17 2006 Subject: ANNOUNCE: Beta 4.38.4 released Message-ID: Hi! > How about we collect all these updates in 1 go... >> Running just fine, while we are updating, what about: >> perl-MailTools-1.50-1.src.rpm >> Also little outdated... ;) Sure! :) But lets not do that now shall we ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Mon Jan 24 16:18:40 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:17 2006 Subject: Spamassassin time outs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] NO there is no white list and spam assassin did not time out ??? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Denis Beauchemin Sent: Monday, January 24, 2005 6:39 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin time outs Philip Parsons wrote: >Thanks this has helped,, but now another weird problem has shown up, I >have an account that collects a lot of spam and now there are pieces of >mail that are not being marked but in the headers it has the score >above what is needed...I would say this is 1 out of every 60 to 70 that >this is happening to. Any idea's anyone?? > > Look at the X-MailScanner headers and you'll find the reason. Probably because something is whitelisted. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jan 24 19:08:07 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:17 2006 Subject: Spamassassin time outs Message-ID: At 11:18 AM 1/24/2005, Philip Parsons wrote: >NO there is no white list and spam assassin did not time out ??? Any chance you can post two X-MailScanner-Spamcheck: headers, one from a correctly tagged message, and one from a non-tagged message? Perhaps one of us can spot a subtle difference between them.... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Mon Jan 24 19:32:03 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:17 2006 Subject: Spamassassin time outs Message-ID: Aaaah I will have to wait for the next one seemed to have misplaced or deleted hehehe the others !!! -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Monday, January 24, 2005 11:08 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spamassassin time outs At 11:18 AM 1/24/2005, Philip Parsons wrote: >NO there is no white list and spam assassin did not time out ??? Any chance you can post two X-MailScanner-Spamcheck: headers, one from a correctly tagged message, and one from a non-tagged message? Perhaps one of us can spot a subtle difference between them.... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Tue Jan 25 00:49:22 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:17 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: Rocky McCamey wrote: I installed from the tar on the website, and I still get that same error. I have also gone ahead and unmerged postfix and then merged it back again, and still the same thing. -Rocky So to re-cap 1. With out MailScanner Postfix runs fine? 2. You install MS and Postfix complains with exit errors? 3. You checked that the sendmail binary is pointing to the correct Postfix equivalent and not an 'old' Sendmail one? 4. Are all your spool directory paths in MailScanner.conf true paths with no sym links? 5. Have you any mail in the mail queue (mailq will do it)? 6. Does Postfix complain if you just start it with out MailScanner (postfix start)? 7. With Postfix stopped, set the debug options on in MailScanner.conf and the start just MailScanner and check the output (Just in case). I'll go with just the luck 7 for now! ;-) Let me know how you get on. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! 1. Yes 2. Yes 3. I checked and it is set to use Postfix 4. all full paths no syn links 5. The server is sending mail, its just that it lags way longer than the others, with the same exact hardware. 6. Postfix works fine on its own, ie i can telnet to the server with mailscanner off and it works fine 7. Will let you know I am trying it in a sec in regards to number 5, the server filters the mail and sends it out, but its not scanning the mail in a timely manner, i would say its because of that postfix error because none of the other servers get that error and they are all running from the same ebuild ( and i did try the tarbal on the wesite too) :) -Rocky ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nick at WEBSPACESOLUTIONS.COM Tue Jan 25 02:06:34 2005 From: nick at WEBSPACESOLUTIONS.COM (Nick Twaddell) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: Has anyone experienced this problem? User's home directory /no/dir does not exist Everytime it tries to process a message I get that in my error log. I'm using postfix+mailscanner by the way. Thanks Nick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 08:36:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] SpamAssassin needs to write some files into the postfix's home directory. You need to edit your /etc/passwd file to put a real directory (owned by the postfix user) in the user's line. Nick Twaddell wrote: >Has anyone experienced this problem? > >User's home directory /no/dir does not exist > >Everytime it tries to process a message I get that in my error log. I'm >using postfix+mailscanner by the way. > >Thanks > >Nick > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nick at WEBSPACESOLUTIONS.COM Tue Jan 25 08:38:52 2005 From: nick at WEBSPACESOLUTIONS.COM (Nick Twaddell) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: What should I use for postfix's home dir? Just /etc/postfix? Nick -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, January 25, 2005 12:37 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: User's home dir does not exist? SpamAssassin needs to write some files into the postfix's home directory. You need to edit your /etc/passwd file to put a real directory (owned by the postfix user) in the user's line. Nick Twaddell wrote: >Has anyone experienced this problem? > >User's home directory /no/dir does not exist > >Everytime it tries to process a message I get that in my error log. >I'm using postfix+mailscanner by the way. > >Thanks > >Nick > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Jan 25 08:42:13 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:17 2006 Subject: configure ms to exclude domain/ip Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, after reading the ms-config file i miss one feature (or im too stupid to find it, well, not the first time :)) i wanna exclude one domain or better, one special ip from getting scanned. background: the mails from our internal mailserver (exchange.. jea i hate it too ... ;)) should not be scanned, because the the ms-server is here only relay host but our users doesnt send spam (i hope so). is there a way to configure it right now ? ip would mutch better then the domainname (domain-faker). mx-record test wont work here because the exchange is in a private ip subnet. greetings andy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 08:43:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /var/spool/postfix is a better idea. Nick Twaddell wrote: >What should I use for postfix's home dir? Just /etc/postfix? > >Nick > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Tuesday, January 25, 2005 12:37 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: User's home dir does not exist? > >SpamAssassin needs to write some files into the postfix's home directory. >You need to edit your /etc/passwd file to put a real directory (owned by the >postfix user) in the user's line. > >Nick Twaddell wrote: > > > >>Has anyone experienced this problem? >> >>User's home directory /no/dir does not exist >> >>Everytime it tries to process a message I get that in my error log. >>I'm using postfix+mailscanner by the way. >> >>Thanks >> >>Nick >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 25 09:00:19 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:17 2006 Subject: configure ms to exclude domain/ip Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andy Here's what I do. On outbound email I only scan for viruses and not spam (waste of time and might generate false positives). I set the following options in MailScanner.conf Spam Checks = %rules-dir%/spam.rules The file spam.rules then contains. From: 192.168. no FromOrTo: default yes where 192.168.0.0/16 is my local subnet -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dörfler Andreas wrote: > hi there, > > after reading the ms-config file i miss one feature > (or im too stupid to find it, well, not the first time :)) > > i wanna exclude one domain or better, one special ip > from getting scanned. > background: the mails from our internal mailserver > (exchange.. jea i hate it too ... ;)) should not be > scanned, because the the ms-server is here only > relay host but our users doesnt send spam (i hope so). > > is there a way to configure it right now ? > ip would mutch better then the domainname (domain-faker). > mx-record test wont work here because the exchange is > in a private ip subnet. > > greetings > andy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nick at WEBSPACESOLUTIONS.COM Tue Jan 25 09:00:59 2005 From: nick at WEBSPACESOLUTIONS.COM (Nick Twaddell) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: Perfect. Thanks. Its still not scanning messages I don't think. I put it into debug mode, and I get this Can't use an undefined value as an ARRAY reference at /usr/lib/MailScanner/MailScanner/Message.pm line 2871. Nick -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, January 25, 2005 12:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: User's home dir does not exist? /var/spool/postfix is a better idea. Nick Twaddell wrote: >What should I use for postfix's home dir? Just /etc/postfix? > >Nick > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Tuesday, January 25, 2005 12:37 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: User's home dir does not exist? > >SpamAssassin needs to write some files into the postfix's home directory. >You need to edit your /etc/passwd file to put a real directory (owned >by the postfix user) in the user's line. > >Nick Twaddell wrote: > > > >>Has anyone experienced this problem? >> >>User's home directory /no/dir does not exist >> >>Everytime it tries to process a message I get that in my error log. >>I'm using postfix+mailscanner by the way. >> >>Thanks >> >>Nick >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 09:06:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What is the code around line 2871 of Message.pm ? Nick Twaddell wrote: >Perfect. Thanks. > >Its still not scanning messages I don't think. I put it into debug mode, >and I get this > >Can't use an undefined value as an ARRAY reference at >/usr/lib/MailScanner/MailScanner/Message.pm line 2871. > >Nick > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Tuesday, January 25, 2005 12:44 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: User's home dir does not exist? > >/var/spool/postfix is a better idea. > >Nick Twaddell wrote: > > > >>What should I use for postfix's home dir? Just /etc/postfix? >> >>Nick >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Tuesday, January 25, 2005 12:37 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: User's home dir does not exist? >> >>SpamAssassin needs to write some files into the postfix's home directory. >>You need to edit your /etc/passwd file to put a real directory (owned >>by the postfix user) in the user's line. >> >>Nick Twaddell wrote: >> >> >> >> >> >>>Has anyone experienced this problem? >>> >>>User's home directory /no/dir does not exist >>> >>>Everytime it tries to process a message I get that in my error log. >>>I'm using postfix+mailscanner by the way. >>> >>>Thanks >>> >>>Nick >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nick at WEBSPACESOLUTIONS.COM Tue Jan 25 09:07:22 2005 From: nick at WEBSPACESOLUTIONS.COM (Nick Twaddell) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: @extraheaders = @{$this->{mcpheaders}}; -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, January 25, 2005 1:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: User's home dir does not exist? What is the code around line 2871 of Message.pm ? Nick Twaddell wrote: >Perfect. Thanks. > >Its still not scanning messages I don't think. I put it into debug >mode, and I get this > >Can't use an undefined value as an ARRAY reference at >/usr/lib/MailScanner/MailScanner/Message.pm line 2871. > >Nick > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Tuesday, January 25, 2005 12:44 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: User's home dir does not exist? > >/var/spool/postfix is a better idea. > >Nick Twaddell wrote: > > > >>What should I use for postfix's home dir? Just /etc/postfix? >> >>Nick >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Tuesday, January 25, 2005 12:37 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: User's home dir does not exist? >> >>SpamAssassin needs to write some files into the postfix's home directory. >>You need to edit your /etc/passwd file to put a real directory (owned >>by the postfix user) in the user's line. >> >>Nick Twaddell wrote: >> >> >> >> >> >>>Has anyone experienced this problem? >>> >>>User's home directory /no/dir does not exist >>> >>>Everytime it tries to process a message I get that in my error log. >>>I'm using postfix+mailscanner by the way. >>> >>>Thanks >>> >>>Nick >>> >>>------------------------ MailScanner list ------------------------ To >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 09:19:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This line doesn't appear in the latest code, so I must have already fixed this problem. Nick Twaddell wrote: >@extraheaders = @{$this->{mcpheaders}}; > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Tuesday, January 25, 2005 1:06 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: User's home dir does not exist? > >What is the code around line 2871 of Message.pm ? > >Nick Twaddell wrote: > > > >>Perfect. Thanks. >> >>Its still not scanning messages I don't think. I put it into debug >>mode, and I get this >> >>Can't use an undefined value as an ARRAY reference at >>/usr/lib/MailScanner/MailScanner/Message.pm line 2871. >> >>Nick >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Tuesday, January 25, 2005 12:44 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: User's home dir does not exist? >> >>/var/spool/postfix is a better idea. >> >>Nick Twaddell wrote: >> >> >> >> >> >>>What should I use for postfix's home dir? Just /etc/postfix? >>> >>>Nick >>> >>>-----Original Message----- >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>Behalf Of Julian Field >>>Sent: Tuesday, January 25, 2005 12:37 AM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: User's home dir does not exist? >>> >>>SpamAssassin needs to write some files into the postfix's home directory. >>>You need to edit your /etc/passwd file to put a real directory (owned >>>by the postfix user) in the user's line. >>> >>>Nick Twaddell wrote: >>> >>> >>> >>> >>> >>> >>> >>>>Has anyone experienced this problem? >>>> >>>>User's home directory /no/dir does not exist >>>> >>>>Everytime it tries to process a message I get that in my error log. >>>>I'm using postfix+mailscanner by the way. >>>> >>>>Thanks >>>> >>>>Nick >>>> >>>> >>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 25 09:55:22 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:17 2006 Subject: User's home dir does not exist? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, January 25, 2005 8:43, Julian Field said: > /var/spool/postfix is a better idea. In MailScanner.conf at the bottom there is an 'advanced setting' for the SpamAssassin users directory, which defaults to /var/spool/MailScanner/SpamAssassin, which I would suggest checking (Make sure it's owned by Postfix, along with the quarantine). Using the queue directory as a home directory could upset Postfix when it (re)starts (As has been seen by .razor files in /var/spool/postfix, left by razor run from SpamAssassin). My 2ps worth. Drew > Nick Twaddell wrote: > >>What should I use for postfix's home dir? Just /etc/postfix? >> >>Nick -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Jan 25 10:37:18 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:17 2006 Subject: problem after upgrade from 4.38.5 to .6 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi again, well not my day ... after upgrade no more messages get stored ive tried to setup quarantine rights to 777 and deleting todays folder but no more folder will be created and nothing get stored Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine (is 777 for tests now) Quarantine User = wwwrun Quarantine Group = www Quarantine Permissions = 0660 Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Spam Actions = store High Scoring Spam Actions = store Non Spam Actions = deliver debug ms shows me: MailScanner[8780]: New Batch: Scanning 1 messages, 1178 bytes MailScanner[8780]: Created attachment dirs for 1 messages MailScanner[8780]: Message Content Protection SpamAssassin returned 0 MailScanner[8780]: RBL Checks: returned 0 Stopping now as you are debugging me. commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line 36. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line 36. MailScanner[8780]: SpamAssassin returned 0 MailScanner[8780]: Spam Checks: Found 1 spam messages MailScanner[8780]: Virus and Content Scanning: Starting MailScanner[8780]: Commencing scanning by clamav... MailScanner[8780]: Completed scanning by clamav MailScanner[8780]: Logging message j0PAYH9O008788 to SQL MailScanner[8780]: Config: calling custom end function MailWatchLogging MailScanner[8780]: MailScanner child dying of old age im a little confused now greetings andy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 11:13:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: problem after upgrade from 4.38.5 to .6 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please try without MailWatch. Dörfler Andreas wrote: >hi again, > >well not my day ... >after upgrade no more messages get stored >ive tried to setup quarantine rights to 777 >and deleting todays folder but no more folder >will be created and nothing get stored > >Incoming Work Dir = /var/spool/MailScanner/incoming >Quarantine Dir = /var/spool/MailScanner/quarantine (is 777 for tests now) > >Quarantine User = wwwrun >Quarantine Group = www >Quarantine Permissions = 0660 > >Quarantine Infections = yes >Quarantine Silent Viruses = no >Quarantine Whole Message = yes >Quarantine Whole Messages As Queue Files = yes > >Spam Actions = store >High Scoring Spam Actions = store >Non Spam Actions = deliver > >debug ms shows me: > MailScanner[8780]: New Batch: Scanning 1 messages, 1178 bytes > MailScanner[8780]: Created attachment dirs for 1 messages > MailScanner[8780]: Message Content Protection SpamAssassin returned 0 > MailScanner[8780]: RBL Checks: returned 0 >Stopping now as you are debugging me. >commit ineffective with AutoCommit enabled at >/usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line 36. >Commmit ineffective while AutoCommit is on at >/usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line 36. > MailScanner[8780]: SpamAssassin returned 0 > MailScanner[8780]: Spam Checks: Found 1 spam messages > MailScanner[8780]: Virus and Content Scanning: Starting > MailScanner[8780]: Commencing scanning by clamav... > MailScanner[8780]: Completed scanning by clamav > MailScanner[8780]: Logging message j0PAYH9O008788 to SQL > MailScanner[8780]: Config: calling custom end function MailWatchLogging > MailScanner[8780]: MailScanner child dying of old age > >im a little confused now > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Jan 25 11:37:24 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:17 2006 Subject: AW: problem after upgrade from 4.38.5 to .6 (solved) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi julian, after put ms 3 time to debug on and off and multible deamon restarts it looks like fine now (with active mailwatch). but there must be a problem with mailwatch, it doesnt shows now any content from the quarantine subfolders "No rows retrieved". the only change from .5 to .6 was to new Net-CIDR package ? greetings andy -----Ursprüngliche Nachricht----- Von: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] Gesendet: Dienstag, 25. Januar 2005 12:13 An: MAILSCANNER@JISCMAIL.AC.UK Betreff: Re: problem after upgrade from 4.38.5 to .6 Please try without MailWatch. Dörfler Andreas wrote: >hi again, > >well not my day ... >after upgrade no more messages get stored >ive tried to setup quarantine rights to 777 >and deleting todays folder but no more folder >will be created and nothing get stored > >Incoming Work Dir = /var/spool/MailScanner/incoming >Quarantine Dir = /var/spool/MailScanner/quarantine (is 777 for tests >now) > >Quarantine User = wwwrun >Quarantine Group = www >Quarantine Permissions = 0660 > >Quarantine Infections = yes >Quarantine Silent Viruses = no >Quarantine Whole Message = yes >Quarantine Whole Messages As Queue Files = yes > >Spam Actions = store >High Scoring Spam Actions = store >Non Spam Actions = deliver > >debug ms shows me: > MailScanner[8780]: New Batch: Scanning 1 messages, 1178 bytes > MailScanner[8780]: Created attachment dirs for 1 messages > MailScanner[8780]: Message Content Protection SpamAssassin returned 0 > MailScanner[8780]: RBL Checks: returned 0 >Stopping now as you are debugging me. >commit ineffective with AutoCommit enabled at >/usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line >36. Commmit ineffective while AutoCommit is on at >/usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line >36. > MailScanner[8780]: SpamAssassin returned 0 > MailScanner[8780]: Spam Checks: Found 1 spam messages > MailScanner[8780]: Virus and Content Scanning: Starting > MailScanner[8780]: Commencing scanning by clamav... > MailScanner[8780]: Completed scanning by clamav > MailScanner[8780]: Logging message j0PAYH9O008788 to SQL > MailScanner[8780]: Config: calling custom end function MailWatchLogging > MailScanner[8780]: MailScanner child dying of old age > >im a little confused now ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karen at PROJECTHARMONY.AM Tue Jan 25 11:34:52 2005 From: karen at PROJECTHARMONY.AM (Karen Mkoyan) Date: Thu Jan 12 21:28:17 2006 Subject: Quarantine ? Message-ID: Dear all, I have a redhat server running spamassassin version integrated with MailScanner. I forward all {Spam} mails to an e-mail address called spam@localhost. Now in case a user lost a mail, I want to give them a possibility to check wheter their mail is in spam mails. How could I organize that? something like, user should login somewhere with his mail login and pass, and see spam mails (only the ones which addressed to him/her). 80% of my users use pine, 10% pop3 access, 10% webmail (neomail). Thank you. P.S. I've just learned that http://www.fsl.com/support/ here available software called "Quarantine Report" anybody used that ? Karen Mkoyan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 12:02:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:17 2006 Subject: AW: problem after upgrade from 4.38.5 to .6 (solved) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think that was the only change, yes. Dörfler Andreas wrote: >hi julian, > >after put ms 3 time to debug on and off >and multible deamon restarts it looks like >fine now (with active mailwatch). >but there must be a problem with mailwatch, >it doesnt shows now any content from the >quarantine subfolders "No rows retrieved". >the only change from .5 to .6 was to new >Net-CIDR package ? > >greetings >andy > >-----Ursprüngliche Nachricht----- >Von: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >Gesendet: Dienstag, 25. Januar 2005 12:13 >An: MAILSCANNER@JISCMAIL.AC.UK >Betreff: Re: problem after upgrade from 4.38.5 to .6 > > >Please try without MailWatch. > >Dörfler Andreas wrote: > > > >>hi again, >> >>well not my day ... >>after upgrade no more messages get stored >>ive tried to setup quarantine rights to 777 >>and deleting todays folder but no more folder >>will be created and nothing get stored >> >>Incoming Work Dir = /var/spool/MailScanner/incoming >>Quarantine Dir = /var/spool/MailScanner/quarantine (is 777 for tests >>now) >> >>Quarantine User = wwwrun >>Quarantine Group = www >>Quarantine Permissions = 0660 >> >>Quarantine Infections = yes >>Quarantine Silent Viruses = no >>Quarantine Whole Message = yes >>Quarantine Whole Messages As Queue Files = yes >> >>Spam Actions = store >>High Scoring Spam Actions = store >>Non Spam Actions = deliver >> >>debug ms shows me: >>MailScanner[8780]: New Batch: Scanning 1 messages, 1178 bytes >>MailScanner[8780]: Created attachment dirs for 1 messages >>MailScanner[8780]: Message Content Protection SpamAssassin returned 0 >>MailScanner[8780]: RBL Checks: returned 0 >>Stopping now as you are debugging me. >>commit ineffective with AutoCommit enabled at >>/usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line >>36. Commmit ineffective while AutoCommit is on at >>/usr/lib/MailScanner/MailScanner/MailWatch.pm line 89, line >>36. >>MailScanner[8780]: SpamAssassin returned 0 >>MailScanner[8780]: Spam Checks: Found 1 spam messages >>MailScanner[8780]: Virus and Content Scanning: Starting >>MailScanner[8780]: Commencing scanning by clamav... >>MailScanner[8780]: Completed scanning by clamav >>MailScanner[8780]: Logging message j0PAYH9O008788 to SQL >>MailScanner[8780]: Config: calling custom end function >> >> >MailWatchLogging > > >>MailScanner[8780]: MailScanner child dying of old age >> >>im a little confused now >> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Tue Jan 25 13:46:17 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:17 2006 Subject: Quarantine ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Dear all, > I have a redhat server running spamassassin version integrated with > MailScanner. > I forward all {Spam} mails to an e-mail address called spam@localhost. Now > in case a user lost a mail, I want to give them a possibility > to check wheter their mail is in spam mails. How could I organize that? > something like, user should login somewhere with his mail login and pass, > and see spam mails (only the ones which addressed to him/her). write a custom function in perl to handle quarantine. Place it in the CustomFunctions dir. There is already an example custom function in that dir. On my setup (FreeBSD) it was /usr/local/lib/MailScanner/MailScanner/CustomFunctions/ yours maybe different. Then replace "Spam Actions = store" with "Spam Actions = &yourcustomfunction" in your MailScanner.conf. If you plain on having more than one spam action after the quarantine have your custom function return what the rest of the line is after &yourcustomfunction. - Nick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From karen at PROJECTHARMONY.AM Tue Jan 25 14:40:15 2005 From: karen at PROJECTHARMONY.AM (Karen Mkoyan) Date: Thu Jan 12 21:28:17 2006 Subject: Quarantine ? Message-ID: [ The following text is in the "koi8-r" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you Nick, but is there another way? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Nick Meverden Sent: 25 ÑÎ×ÁÒÑ 2005 Ç. 17:46 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Quarantine ? > Dear all, > I have a redhat server running spamassassin version integrated with > MailScanner. > I forward all {Spam} mails to an e-mail address called spam@localhost. Now > in case a user lost a mail, I want to give them a possibility > to check wheter their mail is in spam mails. How could I organize that? > something like, user should login somewhere with his mail login and pass, > and see spam mails (only the ones which addressed to him/her). write a custom function in perl to handle quarantine. Place it in the CustomFunctions dir. There is already an example custom function in that dir. On my setup (FreeBSD) it was /usr/local/lib/MailScanner/MailScanner/CustomFunctions/ yours maybe different. Then replace "Spam Actions = store" with "Spam Actions = &yourcustomfunction" in your MailScanner.conf. If you plain on having more than one spam action after the quarantine have your custom function return what the rest of the line is after &yourcustomfunction. - Nick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 25 14:44:56 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:18 2006 Subject: configure ms to exclude domain/ip Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would also suggest adding loopback to this rule list: From: 127.0.0.1 no Jeff Earickson Colby College On Tue, 25 Jan 2005, Martin Hepworth wrote: > Date: Tue, 25 Jan 2005 09:00:19 +0000 > From: Martin Hepworth > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: configure ms to exclude domain/ip > > Andy > > Here's what I do. On outbound email I only scan for viruses and not spam > (waste of time and might generate false positives). > > I set the following options in MailScanner.conf > > Spam Checks = %rules-dir%/spam.rules > > The file spam.rules then contains. > > From: 192.168. no > FromOrTo: default yes > > where 192.168.0.0/16 is my local subnet > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Dörfler Andreas wrote: >> hi there, >> >> after reading the ms-config file i miss one feature >> (or im too stupid to find it, well, not the first time :)) >> >> i wanna exclude one domain or better, one special ip >> from getting scanned. >> background: the mails from our internal mailserver >> (exchange.. jea i hate it too ... ;)) should not be >> scanned, because the the ms-server is here only >> relay host but our users doesnt send spam (i hope so). >> >> is there a way to configure it right now ? >> ip would mutch better then the domainname (domain-faker). >> mx-record test wont work here because the exchange is >> in a private ip subnet. >> >> greetings >> andy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nmeverde at NP.K12.MN.US Tue Jan 25 15:02:56 2005 From: nmeverde at NP.K12.MN.US (Nick Meverden) Date: Thu Jan 12 21:28:18 2006 Subject: Quarantine ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Thank you Nick, but is there another way? > You could probably write something in PHP that would go through each quarantineday dir check the headers of each email to see who its going to and build a list to show the user, but that's just nasty. The reason I would recommend the CustomFunction would be that you can control the email when its going to quarantine. Example, my function creates a dir using there email address and moves the email into that dir and creates a random generated password and then sends an email with login information for them to release, delete, or whitelist what is in there quarantine before it is automatically removed. I am currently in the processes of making some documentation on how to write your own customfunctions and will probably have it published in a week or two. - Nick ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yoloits at YCOE.ORG Tue Jan 25 15:34:31 2005 From: yoloits at YCOE.ORG (yoloits) Date: Thu Jan 12 21:28:18 2006 Subject: Fetchmail and MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a Red Hat 3 server running MailScanner 4.37.7-1 and Sendmail. Fetchmail brings in all the email. SpamAssassin 3.0.2 works fine on the email. In MailScanner I use RBLs. If it is on a blacklist I just want to drop it. But MailScanner is not running the blacklist agains the emails. I have no RBL checks in my log files. SpamAssassin has emails scored with SBL and dsbl so I know I have email that should have been dropped by the RBLs. Because of SA scoring some SPAM gets through that could have been dropped with the RBLs. The config is: Log Spam = yes Spam Checks = yes Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org Spam Lists To Reach High Score = 1 Spam List Timeout = 10 Max Spam List Timeouts = 7 Can I get MailScanner to process fetchmail or do I have a setup problem on my server? Thanks in advance Jay ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Tue Jan 25 15:45:27 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:18 2006 Subject: Quarantine ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nick Meverden wrote: >>Thank you Nick, but is there another way? >> > > You could probably write something in PHP that would go through each > quarantineday dir check the headers of each email to see who its going to > and build a list to show the user, but that's just nasty. > Or, you could just use MailWatch for MailScanner (a web GUI sort of front-end for MailScanner (http://mailwatch.sourceforge.net/)) and implement the users part of it (instructions are included). This is what I have done for my company. Our employees can log in and browse through their quarantine (they only see mail which is thiers, no one elses), releasing anything that was tagged which should not have been. From here they can train SpamAssassin what is and what is not spam, get reports on their mail statistics, etc. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 16:11:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: Fetchmail and MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sounds like you are running SpamAssassin with procmail and spamc/spamd. You can stop all of that (shutdown the SpamAssassin processes altogether) and get your system up and running so that fetchmail is collecting your mail and delivering it normally, without any SpamAssassin involved at all. Once that is working happily, shutdown down the sendmail service and only then enable MailScanner. The MailScanner init.d script will start up the copies of sendmail that it needs in exactly the right way. All you then need to do to enable SpamAssassin is set "Use SpamAssassin = yes" in MailScanner.conf and restart MailScanner. You do not want to be running the spamassassin "service" (i.e. spamd+spamc) or the sendmail "service" as MailScanner will look after that for you. Once MailScanner is processing your mail, you will see MailScanner headers appearing in all your messages, whether they are spam or not. yoloits wrote: >I have a Red Hat 3 server running MailScanner 4.37.7-1 and Sendmail. >Fetchmail brings in all the email. SpamAssassin 3.0.2 works fine on the >email. In MailScanner I use RBLs. If it is on a blacklist I just want to >drop it. But MailScanner is not running the blacklist agains the emails. I >have no RBL checks in my log files. SpamAssassin has emails scored with SBL >and dsbl so I know I have email that should have been dropped by the RBLs. >Because of SA scoring some SPAM gets through that could have been dropped >with the RBLs. The config is: > >Log Spam = yes >Spam Checks = yes >Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org >Spam Lists To Reach High Score = 1 >Spam List Timeout = 10 >Max Spam List Timeouts = 7 > >Can I get MailScanner to process fetchmail or do I have a setup problem on >my server? > >Thanks in advance >Jay > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Tue Jan 25 16:22:36 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:18 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: Hi guys, I can see from the list that this was discussed in October of 2003 ("Exchange blocking duplicate messages"), but it doesn't look like a solution was reached. To restate the problem: When an email is quarantined, the notification is sent to the EU with the same message-id as the original email. When that email is de-quarantined (from a raw queue file), it still retains this message-id. Exchange accepts, but does not deliver emails with duplicate message-id. If you wait long enough (and it is unclear how long), before releasing the quarantined email, then exchange will process it normally, perhaps it keeps a limited history of "used" message-ids. Has anyone found a method or workaround which allows a message to be released immediately from quarantine to an exchange server? And yes, I know we all hate exchange, however the "real world" uses it more than we would care to confess. :) Stef Stefan Morrell | Operations Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue Jan 25 16:35:17 2005 From: itdept at REDRED.COM (Sean Smith) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: I did a search in the list archives for keyword vexira and found several hits but none of them really showed a definitive resolution. So I'm asking to see if anyone has figured this out yet. I have MailScanner running on a Linux server with Sendmail. I also have Vexira running as a milter. What I would like to do is integrate Vexira, the "vams" mailserver version, into Mailscanner so that I can have everything in one place and so that I can have MailScanner-MRTG report on everything. So, Has anyone figured out a procedure for making this work? Any info would be appreciated. Thank you. Sean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 16:55:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What are your "Spam Actions". If you use "notify" then the message-id is generated by the MTA, and should therefore always be unique. Stef Morrell wrote: >Hi guys, > >I can see from the list that this was discussed in October of 2003 >("Exchange blocking duplicate messages"), but it doesn't look like a >solution was reached. > >To restate the problem: > >When an email is quarantined, the notification is sent to the EU with >the same message-id as the original email. >When that email is de-quarantined (from a raw queue file), it still >retains this message-id. >Exchange accepts, but does not deliver emails with duplicate message-id. >If you wait long enough (and it is unclear how long), before releasing >the quarantined email, then exchange will process it normally, perhaps >it keeps a limited history of "used" message-ids. > >Has anyone found a method or workaround which allows a message to be >released immediately from quarantine to an exchange server? > >And yes, I know we all hate exchange, however the "real world" uses it >more than we would care to confess. :) > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 16:56:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner uses the command-line "vexira" binary. Sean Smith wrote: >I did a search in the list archives for keyword vexira and found several >hits but none of them really showed a definitive resolution. So I'm asking >to see if anyone has figured this out yet. > >I have MailScanner running on a Linux server with Sendmail. I also have >Vexira running as a milter. What I would like to do is integrate Vexira, the >"vams" mailserver version, into Mailscanner so that I can have everything in >one place and so that I can have MailScanner-MRTG report on everything. > >So, Has anyone figured out a procedure for making this work? Any info would >be appreciated. Thank you. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue Jan 25 17:08:26 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: Does this include the newest version which has a binary name of "vascan"? I have the newer "vascan" version and would like to use it. Julian Field wrote: > MailScanner uses the command-line "vexira" binary. > > Sean Smith wrote: > >> I did a search in the list archives for keyword vexira and found several >> hits but none of them really showed a definitive resolution. So I'm >> asking >> to see if anyone has figured this out yet. >> >> I have MailScanner running on a Linux server with Sendmail. I also have >> Vexira running as a milter. What I would like to do is integrate >> Vexira, the >> "vams" mailserver version, into Mailscanner so that I can have >> everything in >> one place and so that I can have MailScanner-MRTG report on everything. >> >> So, Has anyone figured out a procedure for making this work? Any info >> would >> be appreciated. Thank you. >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Tue Jan 25 17:12:16 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: Sean: I'm running Vexira as a milter too. I haven't tried it, but there has been a way to run Vexira via MailScanner for a while. I'm not sure why google isn't finding this, but look here: http://www.jiscmail.ac.uk/cgi-bin/webadmin?A1=ind0408&L=mailscanner Thread# 18 should answer all your questions. P.S. Are you looking at this now because of the "surprise" vexira version change? I don't know if that breaks the previous/existing solution. Let me know how your install goes. -Bill Sean Smith wrote: >I did a search in the list archives for keyword vexira and found several >hits but none of them really showed a definitive resolution. So I'm asking >to see if anyone has figured this out yet. > >I have MailScanner running on a Linux server with Sendmail. I also have >Vexira running as a milter. What I would like to do is integrate Vexira, the >"vams" mailserver version, into Mailscanner so that I can have everything in >one place and so that I can have MailScanner-MRTG report on everything. > >So, Has anyone figured out a procedure for making this work? Any info would >be appreciated. Thank you. > >Sean > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 17:34:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I will need someone to send me a fully licensed copy of the new version in order to implement support for it. This is the first I have heard of it. RedRed!com IT Department wrote: > Does this include the newest version which has a binary name of > "vascan"? I have the newer "vascan" version and would like to use it. > > Julian Field wrote: > >> MailScanner uses the command-line "vexira" binary. >> >> Sean Smith wrote: >> >>> I did a search in the list archives for keyword vexira and found >>> several >>> hits but none of them really showed a definitive resolution. So I'm >>> asking >>> to see if anyone has figured this out yet. >>> >>> I have MailScanner running on a Linux server with Sendmail. I also have >>> Vexira running as a milter. What I would like to do is integrate >>> Vexira, the >>> "vams" mailserver version, into Mailscanner so that I can have >>> everything in >>> one place and so that I can have MailScanner-MRTG report on everything. >>> >>> So, Has anyone figured out a procedure for making this work? Any info >>> would >>> be appreciated. Thank you. >>> >>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Tue Jan 25 17:46:42 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: I started that thread when using Mailscanner with Vexira. I was never successful getting the command line version running with Mailscanner. Even test eicar viruses would get through. Ended up going back to the sendmail+milter version. Don't know what has happened to Vexira. They released the new surprise version without testing to see if it works. I am not able to get the new sendmail+milter working at all. FreeBSD vamilter beta 1.0 or 1.1 (its a joke) Looking for possible alternatives. Clamav F-prot ? Vexira had real good pricing. On Tue, 25 Jan 2005 12:12:16 -0500, William Burns wrote: > Sean: > > I'm running Vexira as a milter too. > I haven't tried it, but there has been a way to run Vexira via > MailScanner for a while. > > I'm not sure why google isn't finding this, but look here: > http://www.jiscmail.ac.uk/cgi-bin/webadmin?A1=ind0408&L=mailscanner > > Thread# 18 should answer all your questions. > > P.S. > Are you looking at this now because of the "surprise" vexira version change? > I don't know if that breaks the previous/existing solution. > > Let me know how your install goes. > > -Bill > > Sean Smith wrote: > > >I did a search in the list archives for keyword vexira and found several > >hits but none of them really showed a definitive resolution. So I'm asking > >to see if anyone has figured this out yet. > > > >I have MailScanner running on a Linux server with Sendmail. I also have > >Vexira running as a milter. What I would like to do is integrate Vexira, the > >"vams" mailserver version, into Mailscanner so that I can have everything in > >one place and so that I can have MailScanner-MRTG report on everything. > > > >So, Has anyone figured out a procedure for making this work? Any info would > >be appreciated. Thank you. > > > >Sean > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Tue Jan 25 17:53:03 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:18 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > What are your "Spam Actions". If you use "notify" then the > message-id is > generated by the MTA, and should therefore always be unique. I run into the same problem here. The default timeout in Exchange is one hour, after which, the server will gladly accept and deliver the messages. Julian: The problem is with an email that has an attachment removed or blocked. The cleaned messages is sent on to the user and if you were to release the blocked content (stored as a raw queue file) within an hour of originally receiving the message, Exchange silently blocks it out as being a duplicate. Regards, -- Joshua Hirsh Systems Administration Partner Solutions Inc. PGP/GnuPG ID: 0xD12A3B59 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yoloits at YCOE.ORG Tue Jan 25 17:53:29 2005 From: yoloits at YCOE.ORG (Jay Ehrhart) Date: Thu Jan 12 21:28:18 2006 Subject: Fetchmail and MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank you. I should have included more detail in my question, sorry. My setting is Use SpamAssassin = yes I am not using procmail. Sendmail is set to not start at startup so MailScanner call call it. SpamAssassin is not running excepted when called by MailScanner. I do have MailScanner entries in the log file. I have another mail gateway server that I have been running for about 3 years on Red Hat using MailScanner. I set the new box up the same way except for the fetchmail. In fact I copied the MailScanner.conf file over and used it except for the domain name changes in the file. It works correctly and shows the emails being blocked by the RBLs. Here is an example: Jan 25 09:50:28 free MailScanner[29146]: RBL checks: j0PHoO9A025227 found in SBL+XBL The mail server using fetchmail does have MailScanner entries, example, Jan 25 09:48:04 free sendmail[28874]: j0PHm4Nj028874: from=, size=2320, class=0, nrcpts=1, msgid=<200501251742.j0PHgQx3023954@mtac3.prodigy.net>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Jan 25 09:48:05 free MailScanner[27108]: New Batch: Scanning 1 messages, 2838 bytes Jan 25 09:48:05 free MailScanner[27108]: Spam Checks: Starting Jan 25 09:48:06 free MailScanner[27108]: Message j0PHm4Nj028874 from 127.0.0.1 (mbfup@centrapoint.com) to localhost is spam, SpamAssassin (score=8.467, required 5, FORGED_RCVD_HELO 0.05, MIME_BOUND_DD_DIGITS 4.23, MSGID_FROM_MTA_HEADER 0.00, X_MESSAGE_INFO 4.19) Jan 25 09:48:06 free MailScanner[27108]: Spam Checks: Found 1 spam messages Jan 25 09:48:06 free MailScanner[27108]: Spam Actions: message j0PHm4Nj028874 actions are forward,spam@jehrhart.net Jan 25 09:48:06 free MailScanner[27108]: Virus and Content Scanning: Starting Jan 25 09:48:07 free MailScanner[27108]: Uninfected: Delivered 1 messages Jan 25 09:48:07 free sendmail[28889]: j0PHm4Nj028874: to=, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=122320, dsn=2.0.0, stat=Sent Any suggests on how to see where it is failing? Thanks ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 25, 2005 8:11 AM Subject: Re: Fetchmail and MailScanner > Sounds like you are running SpamAssassin with procmail and spamc/spamd. > You can stop all of that (shutdown the SpamAssassin processes > altogether) and get your system up and running so that fetchmail is > collecting your mail and delivering it normally, without any > SpamAssassin involved at all. > > Once that is working happily, shutdown down the sendmail service and > only then enable MailScanner. The MailScanner init.d script will start > up the copies of sendmail that it needs in exactly the right way. All > you then need to do to enable SpamAssassin is set "Use SpamAssassin = > yes" in MailScanner.conf and restart MailScanner. You do not want to be > running the spamassassin "service" (i.e. spamd+spamc) or the sendmail > "service" as MailScanner will look after that for you. > > Once MailScanner is processing your mail, you will see MailScanner > headers appearing in all your messages, whether they are spam or not. > > > yoloits wrote: > > >I have a Red Hat 3 server running MailScanner 4.37.7-1 and Sendmail. > >Fetchmail brings in all the email. SpamAssassin 3.0.2 works fine on the > >email. In MailScanner I use RBLs. If it is on a blacklist I just want to > >drop it. But MailScanner is not running the blacklist agains the emails. I > >have no RBL checks in my log files. SpamAssassin has emails scored with SBL > >and dsbl so I know I have email that should have been dropped by the RBLs. > >Because of SA scoring some SPAM gets through that could have been dropped > >with the RBLs. The config is: > > > >Log Spam = yes > >Spam Checks = yes > >Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org > >Spam Lists To Reach High Score = 1 > >Spam List Timeout = 10 > >Max Spam List Timeouts = 7 > > > >Can I get MailScanner to process fetchmail or do I have a setup problem on > >my server? > > > >Thanks in advance > >Jay > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rocky at LWORLD.NET Tue Jan 25 18:33:25 2005 From: rocky at LWORLD.NET (Rocky McCamey) Date: Thu Jan 12 21:28:18 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! With Postfix off and MailScanner running with the debug all is well, so now I am continuing to pull my hair out :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 18:31:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: Fetchmail and MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need to tell fetchmail to deliver all the mail it receives to an SMTP server called "localhost". This will infect it into sendmail so that MailScanner can work on it. Hmm, but the logs you show below appear to indicate that this is already happening. Is it just the virus scan that is failing to detect anything? The "forward" would send the original untouched message to the address given, without any changes. This may all come down to nothing more than me not explaining sufficiently what the "forward" action does. Jay Ehrhart wrote: >Thank you. I should have included more detail in my question, sorry. >My setting is Use SpamAssassin = yes >I am not using procmail. Sendmail is set to not start at startup so >MailScanner call call it. SpamAssassin is not running excepted when called >by MailScanner. >I do have MailScanner entries in the log file. > >I have another mail gateway server that I have been running for about 3 >years on Red Hat using MailScanner. I set the new box up the same way >except for the fetchmail. In fact I copied the MailScanner.conf file over >and used it except for the domain name changes in the file. It works >correctly and shows the emails being blocked by the RBLs. Here is an >example: >Jan 25 09:50:28 free MailScanner[29146]: RBL checks: j0PHoO9A025227 found in >SBL+XBL > >The mail server using fetchmail does have MailScanner entries, example, >Jan 25 09:48:04 free sendmail[28874]: j0PHm4Nj028874: >from=, size=2320, class=0, nrcpts=1, >msgid=<200501251742.j0PHgQx3023954@mtac3.prodigy.net>, proto=ESMTP, >daemon=MTA, relay=localhost.localdomain [127.0.0.1] >Jan 25 09:48:05 free MailScanner[27108]: New Batch: Scanning 1 messages, >2838 bytes >Jan 25 09:48:05 free MailScanner[27108]: Spam Checks: Starting >Jan 25 09:48:06 free MailScanner[27108]: Message j0PHm4Nj028874 from >127.0.0.1 (mbfup@centrapoint.com) to localhost is spam, SpamAssassin >(score=8.467, required 5, FORGED_RCVD_HELO 0.05, MIME_BOUND_DD_DIGITS 4.23, >MSGID_FROM_MTA_HEADER 0.00, X_MESSAGE_INFO 4.19) >Jan 25 09:48:06 free MailScanner[27108]: Spam Checks: Found 1 spam messages >Jan 25 09:48:06 free MailScanner[27108]: Spam Actions: message >j0PHm4Nj028874 actions are forward,spam@jehrhart.net >Jan 25 09:48:06 free MailScanner[27108]: Virus and Content Scanning: >Starting >Jan 25 09:48:07 free MailScanner[27108]: Uninfected: Delivered 1 messages >Jan 25 09:48:07 free sendmail[28889]: j0PHm4Nj028874: >to=, delay=00:00:03, xdelay=00:00:00, mailer=local, >pri=122320, dsn=2.0.0, stat=Sent > >Any suggests on how to see where it is failing? >Thanks > >----- Original Message ----- >From: "Julian Field" >To: >Sent: Tuesday, January 25, 2005 8:11 AM >Subject: Re: Fetchmail and MailScanner > > > > >>Sounds like you are running SpamAssassin with procmail and spamc/spamd. >>You can stop all of that (shutdown the SpamAssassin processes >>altogether) and get your system up and running so that fetchmail is >>collecting your mail and delivering it normally, without any >>SpamAssassin involved at all. >> >>Once that is working happily, shutdown down the sendmail service and >>only then enable MailScanner. The MailScanner init.d script will start >>up the copies of sendmail that it needs in exactly the right way. All >>you then need to do to enable SpamAssassin is set "Use SpamAssassin = >>yes" in MailScanner.conf and restart MailScanner. You do not want to be >>running the spamassassin "service" (i.e. spamd+spamc) or the sendmail >>"service" as MailScanner will look after that for you. >> >>Once MailScanner is processing your mail, you will see MailScanner >>headers appearing in all your messages, whether they are spam or not. >> >> >>yoloits wrote: >> >> >> >>>I have a Red Hat 3 server running MailScanner 4.37.7-1 and Sendmail. >>>Fetchmail brings in all the email. SpamAssassin 3.0.2 works fine on the >>>email. In MailScanner I use RBLs. If it is on a blacklist I just want >>> >>> >to > > >>>drop it. But MailScanner is not running the blacklist agains the emails. >>> >>> >I > > >>>have no RBL checks in my log files. SpamAssassin has emails scored with >>> >>> >SBL > > >>>and dsbl so I know I have email that should have been dropped by the >>> >>> >RBLs. > > >>>Because of SA scoring some SPAM gets through that could have been dropped >>>with the RBLs. The config is: >>> >>>Log Spam = yes >>>Spam Checks = yes >>>Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org >>>Spam Lists To Reach High Score = 1 >>>Spam List Timeout = 10 >>>Max Spam List Timeouts = 7 >>> >>>Can I get MailScanner to process fetchmail or do I have a setup problem >>> >>> >on > > >>>my server? >>> >>>Thanks in advance >>>Jay >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 18:35:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hirsh, Joshua wrote: >>What are your "Spam Actions". If you use "notify" then the >>message-id is >>generated by the MTA, and should therefore always be unique. >> >> > > > I run into the same problem here. The default timeout in Exchange is one >hour, after which, the server will gladly accept and deliver the messages. > > Julian: The problem is with an email that has an attachment removed or >blocked. The cleaned messages is sent on to the user and if you were to >release the blocked content (stored as a raw queue file) within an hour of >originally receiving the message, Exchange silently blocks it out as being a >duplicate. > > Okay, I see the problem now. However I don't really want to change the message-id of the cleaned message as I try to play with them as little as possible, and also if I do that then the message-id format won't match with the MUA that claimed to generate the message, which means it will get caught as spam by SpamAssassin which checks these things. So the only real solution is to change the message-id of the quarantined message as you send it. But I understand that is also hard if you are storing it as raw queue files. Got any ideas on potential solutions to this? I can't see any solution that wouldn't potentially break things further down stream, or make it very awkward to track mail using the Message-Id header, which is A Bad Thing(tm). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue Jan 25 18:42:57 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: Julian, Is there an address I can send it too? I don't want to post it on the list. Bill, Yes, I'm ressurecting this thread because of the new Vexira version. The mail version is still vams and it is still working as vamilter on my setup. But I wanted to incorporate it into MailScanner so I could use MailScanner-MRTG and ultimately MailWatch for reporting statistics. I sent a similar question to CentralCommand Support (Vexira) and they said that I would have to use the command line version because of the proxying of the mail version. Anyway, without getting into a long winded description, I'm trying to find a solution for the new version which is now called "vascan" as opposed to "vaguard". Sean Julian Field wrote: > I will need someone to send me a fully licensed copy of the new version > in order to implement support for it. This is the first I have heard of it ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 25 19:10:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:18 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Hirsh, Joshua wrote: >> I run into the same problem here. The default timeout in Exchange is one >> hour, after which, the server will gladly accept and deliver the >> messages. >> >> Julian: The problem is with an email that has an attachment removed or >> blocked. The cleaned messages is sent on to the user and if you were to >> release the blocked content (stored as a raw queue file) within an >> hour of >> originally receiving the message, Exchange silently blocks it out as >> being a >> duplicate. >> >> > Okay, I see the problem now. However I don't really want to change the > message-id of the cleaned message as I try to play with them as little > as possible, and also if I do that then the message-id format won't > match with the MUA that claimed to generate the message, which means it > will get caught as spam by SpamAssassin which checks these things. > > So the only real solution is to change the message-id of the quarantined > message as you send it. But I understand that is also hard if you are > storing it as raw queue files. > > Got any ideas on potential solutions to this? I can't see any solution > that wouldn't potentially break things further down stream, or make it > very awkward to track mail using the Message-Id header, which is A Bad > Thing(tm). I have the same problem, when someone is quick to report that they want a message released from quarantine it will just get eaten by Exchange as some sort of protection against duplicate msgids. It doesn't seem to be a way to turn this feature off, you can only set it to remember msgids for a longer period, one hour is the minimum. http://blogs.msdn.com/exchange/archive/2004/07/14/183132.aspx -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 19:22:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] RedRed!com IT Department wrote: > Julian, > > Is there an address I can send it too? I don't want to post it on the > list. mailscanner@ecs.soton.ac.uk > Bill, > > Yes, I'm ressurecting this thread because of the new Vexira version. The > mail version is still vams and it is still working as vamilter on my > setup. But I wanted to incorporate it into MailScanner so I could use > MailScanner-MRTG and ultimately MailWatch for reporting statistics. I > sent a similar question to CentralCommand Support (Vexira) and they said > that I would have to use the command line version because of the > proxying of the mail version. Anyway, without getting into a long winded > description, I'm trying to find a solution for the new version which is > now called "vascan" as opposed to "vaguard". > > Sean > > Julian Field wrote: > >> I will need someone to send me a fully licensed copy of the new version >> in order to implement support for it. This is the first I have heard >> of it > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Tue Jan 25 19:39:06 2005 From: brent.bolin at gmail.com (BB) Date: Thu Jan 12 21:28:18 2006 Subject: MailScanner and Vexira Message-ID: What O/S are you running ? Isn't vams the command line product ? If your running the sendmail+milter version can you tell me what you have configured in vamilter.conf socket setup - Something like this miltersocket=inet:3333@localhost What milter setup in sendmail.mc Something like this INPUT_MAIL_FILTER(`vamilter',`S=inet:3333@localhost,F=T,T=S:10m;R:10m;E:5m') or INPUT_MAIL_FILTER(`vamilter',`S=unix:/var/run/vexira/vamilter,F=T,T=S:4m;R:4m') Thanks On Tue, 25 Jan 2005 12:42:57 -0600, RedRed!com IT Department wrote: > Julian, > > Is there an address I can send it too? I don't want to post it on the list. > > Bill, > > Yes, I'm ressurecting this thread because of the new Vexira version. The > mail version is still vams and it is still working as vamilter on my > setup. But I wanted to incorporate it into MailScanner so I could use > MailScanner-MRTG and ultimately MailWatch for reporting statistics. I > sent a similar question to CentralCommand Support (Vexira) and they said > that I would have to use the command line version because of the > proxying of the mail version. Anyway, without getting into a long winded > description, I'm trying to find a solution for the new version which is > now called "vascan" as opposed to "vaguard". > > Sean > > Julian Field wrote: > > > I will need someone to send me a fully licensed copy of the new version > > in order to implement support for it. This is the first I have heard of it > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 19:48:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:18 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Julian Field wrote: > >> Hirsh, Joshua wrote: >> >>> I run into the same problem here. The default timeout in Exchange is >>> one >>> hour, after which, the server will gladly accept and deliver the >>> messages. >>> >>> Julian: The problem is with an email that has an attachment removed or >>> blocked. The cleaned messages is sent on to the user and if you were to >>> release the blocked content (stored as a raw queue file) within an >>> hour of >>> originally receiving the message, Exchange silently blocks it out as >>> being a >>> duplicate. >>> >>> >> Okay, I see the problem now. However I don't really want to change the >> message-id of the cleaned message as I try to play with them as little >> as possible, and also if I do that then the message-id format won't >> match with the MUA that claimed to generate the message, which means it >> will get caught as spam by SpamAssassin which checks these things. >> >> So the only real solution is to change the message-id of the quarantined >> message as you send it. But I understand that is also hard if you are >> storing it as raw queue files. >> >> Got any ideas on potential solutions to this? I can't see any solution >> that wouldn't potentially break things further down stream, or make it >> very awkward to track mail using the Message-Id header, which is A Bad >> Thing(tm). > > > I have the same problem, when someone is quick to report that they want > a message released from quarantine it will just get eaten by Exchange as > some sort of protection against duplicate msgids. It doesn't seem to be > a way to turn this feature off, you can only set it to remember msgids > for a longer period, one hour is the minimum. > > http://blogs.msdn.com/exchange/archive/2004/07/14/183132.aspx What happens if you set Remove These Headers = Message-Id Then the Message-Id will be removed from the cleaned messages, forcing Exchange it add its own, unique, id. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Tue Jan 25 19:59:58 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:18 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > What happens if you set > Remove These Headers = Message-Id > Then the Message-Id will be removed from the cleaned messages, forcing > Exchange it add its own, unique, id. That would probably work, but then I can't follow the message ID's when someone reports a problem :-) At the moment, I tell people they have to wait a minimum of one hour, or I manually extract the quarantined file and send it to them in a separate email This works for me, but I don't get that many requests for quarantined files anymore (fear helps cut down support requests!) ;-) -- Joshua Hirsh Systems Administration Partner Solutions Inc. PGP/GnuPG ID: 0xD12A3B59 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tom at cci.net Tue Jan 25 19:52:48 2005 From: tom at cci.net (Thomas R McBride) Date: Thu Jan 12 21:28:18 2006 Subject: Handling phishing false positives Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Regarding phishing ruleset in 4.37.7 I have been unable to get that ruleset to work either setting the default setting to yes or no when setting the default to no it still flags phishing attempts when setting the default to yes the domains set to no still are flagged. When changing the MailScanner.conf setting to not use ruleset works as expected --. ==================================================== Thomas McBride CORPORATE COMPUTER, INC. Voice 206.365.3113 11300 25th AVE NE Fax 206.365.2526 Seattle Washington 98125-6639 Email tom@cci.net U.S.A Help helpdesk@cci.net ==================================================== > > > Just over two weeks ago, we installed MS 4.37.7 and kept its new: > Find Phishing Fraud = yes > > We have had very little adverse criticism in that time, but > there has been > one user asking about a false positive. > > I realise the setting can be a ruleset. So theoretically, we > could begin > to use that as users request that certain external sources > be, in effect, > whitelisted. But I see this as a potentially long piece of string (we > have a local user population of around 20,000) and some > maintenance issues > lurking. (How long do we keep things? Who authorises what should be > cleaned out (and when)?) > > I recall that in the early days of MS's anti-phishing, there was a > significant number of false positives, and that Julian > tightened up the > code to try to address many of these. (I recall that Quentin > Campbell of > Newcastle provided input to this reduction process.) > Nevertheless (and > probably inevitably) the possibility of f.p.s will remain. > > 1. Julian: Do you have a mechanism by wish we can report > "false positives" > to you so that you can see whether there are other > criteria that might > help you reduce even further the f.p. rate in MS? > > 2. Most of us probably regard the technique of: > http://looks.nice.com/ > as undesirable (even if technically legal) and that there > is a case > for trying to educate the creators of many (most?) such things. > > Might is be worth us (the MailScanner community) > developing a simple, > short paragraph or text that we can hand to our local > users who receive > such things, for them to pass on to the external people > who sent them? > (This could be included in ths MS distribution.) > > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 25 20:22:52 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:18 2006 Subject: postfix: Process did not exit cleanly Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rocky McCamey wrote: With Postfix off and MailScanner running with the debug all is well, so now I am continuing to pull my hair out :) Oh nice :-( Ok so MailScanner runs debug with out problems. Can you leave Postfix running, collect some mail in the queue (With MailScanner off) and then start MS in debug mode. There must be more clues at the MailScanner gives it to Postfix point. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 20:23:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:19 2006 Subject: Handling phishing false positives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you reloaded (ie SIGHUP) MailScanner or restarted it after making changes to its configuration? The ruleset code is exactly the same as that used for all the other options, there is little reason to believe it doesn't work. Has anyone else had any problems with this? Thomas R McBride wrote: >Regarding phishing ruleset in 4.37.7 >I have been unable to get that ruleset to work >either setting the default setting to yes or no >when setting the default to no it still flags phishing attempts >when setting the default to yes the domains set to no still are flagged. > >When changing the MailScanner.conf setting to not use ruleset >works as expected --. > > > >>Just over two weeks ago, we installed MS 4.37.7 and kept its new: >> Find Phishing Fraud = yes >> >>We have had very little adverse criticism in that time, but >>there has been >>one user asking about a false positive. >> >>I realise the setting can be a ruleset. So theoretically, we >>could begin >>to use that as users request that certain external sources >>be, in effect, >>whitelisted. But I see this as a potentially long piece of string (we >>have a local user population of around 20,000) and some >>maintenance issues >>lurking. (How long do we keep things? Who authorises what should be >>cleaned out (and when)?) >> >>I recall that in the early days of MS's anti-phishing, there was a >>significant number of false positives, and that Julian >>tightened up the >>code to try to address many of these. (I recall that Quentin >>Campbell of >>Newcastle provided input to this reduction process.) >>Nevertheless (and >>probably inevitably) the possibility of f.p.s will remain. >> >>1. Julian: Do you have a mechanism by wish we can report >>"false positives" >> to you so that you can see whether there are other >>criteria that might >> help you reduce even further the f.p. rate in MS? >> >>2. Most of us probably regard the technique of: >> http://looks.nice.com/ >> as undesirable (even if technically legal) and that there >>is a case >> for trying to educate the creators of many (most?) such things. >> >> Might is be worth us (the MailScanner community) >>developing a simple, >> short paragraph or text that we can hand to our local >>users who receive >> such things, for them to pass on to the external people >>who sent them? >> (This could be included in ths MS distribution.) >> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gayle at ANOTHERCRAP.COM Tue Jan 25 21:12:59 2005 From: gayle at ANOTHERCRAP.COM (Gayle) Date: Thu Jan 12 21:28:19 2006 Subject: Multiple quarantine directories Message-ID: A simple question, but Google and the list search have failed me. Is it possible to configure mailscanner to use multiple quarantine directories? e.g. /var/spool/mail/quarantine/executable, /var/spool/mail/quarantine/virus, /var/spool/mail/quarantine/spam, /var/spool/mail/quarantine/encrypted etc. Regards, Gayle ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue Jan 25 21:25:52 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:19 2006 Subject: Multiple quarantine directories Message-ID: I'm not sure if you can get that detailed but you can set the Quarantine Dir in the config to a ruleset instead of hard coding the directory. Gayle wrote: >A simple question, but Google and the list search have failed me. Is it >possible to configure mailscanner to use multiple quarantine directories? > >e.g. /var/spool/mail/quarantine/executable, /var/spool/mail/quarantine/virus, >/var/spool/mail/quarantine/spam, /var/spool/mail/quarantine/encrypted etc. > >Regards, > >Gayle > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yoloits at YCOE.ORG Tue Jan 25 22:03:48 2005 From: yoloits at YCOE.ORG (Jay Ehrhart) Date: Thu Jan 12 21:28:19 2006 Subject: Fetchmail and MailScanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Strange. I uninstalled MailScanner and reinstalled SpamAssassin.. Made sure the perl stuff was uptodate. Reinstalled MailScanner. It still doesn't run RBL check. But it does use the blacklist that I have in "/etc/MailScanner/rules/spam.blacklist.rules". see example below. I have fetchmail setup so that .fetchmailrc is in the root home folder. All the user settings for mail servers, username and passwords are in there. The users all have accounts and mailboxs on the server. They pop into the server and pull mail from the mailboxes. A cron job pulls the emails from the different servers. Jan 25 12:38:23 free sendmail[5016]: j0PKc5Ih005016: from=, size=25518, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=youreletters.com [65.202.132.10] Jan 25 12:38:28 free MailScanner[4411]: New Batch: Scanning 1 messages, 26062 bytes Jan 25 12:38:28 free MailScanner[4411]: Spam Checks: Starting Jan 25 12:38:28 free MailScanner[4411]: Message j0PKc5Ih005016 from 65.202.132.10 (bounce-111429-6624239@youreletters.com) to jehrhart.net is spam (blacklisted) Jan 25 12:38:28 free MailScanner[4411]: Spam Checks: Found 1 spam messages Jan 25 12:38:28 free MailScanner[4411]: Spam Actions: message j0PKc5Ih005016 actions are forward,spam@jehrhart.net Jan 25 12:38:28 free MailScanner[4411]: Virus and Content Scanning: Starting Jan 25 12:38:28 free MailScanner[4411]: Uninfected: Delivered 1 messages MailScanner is updating CalmAV, running Sendmail (see below), putting viruses in the quarantine. It just isn't running the RBLs in MailScanner, (see below). Executing /etc/rc.d/init.d/MailScanner start .. Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] # This is the list of spam blacklists (RBLs) which you are using. # See the "Spam List Definitions" file for more information about what # you can put here. # This can also be the filename of a ruleset. Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org # This is the list of spam domain blacklists which you are using # (such as the "rfc-ignorant" domains). See the "Spam List Definitions" # file for more information about what you can put here. # This can also be the filename of a ruleset. Spam Domain List = whois.rfc-ignorant.org ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 25, 2005 10:31 AM Subject: Re: Fetchmail and MailScanner > You need to tell fetchmail to deliver all the mail it receives to an > SMTP server called "localhost". This will infect it into sendmail so > that MailScanner can work on it. > > Hmm, but the logs you show below appear to indicate that this is already > happening. Is it just the virus scan that is failing to detect anything? > The "forward" would send the original untouched message to the address > given, without any changes. > > This may all come down to nothing more than me not explaining > sufficiently what the "forward" action does. > > Jay Ehrhart wrote: > > >Thank you. I should have included more detail in my question, sorry. > >My setting is Use SpamAssassin = yes > >I am not using procmail. Sendmail is set to not start at startup so > >MailScanner call call it. SpamAssassin is not running excepted when called > >by MailScanner. > >I do have MailScanner entries in the log file. > > > >I have another mail gateway server that I have been running for about 3 > >years on Red Hat using MailScanner. I set the new box up the same way > >except for the fetchmail. In fact I copied the MailScanner.conf file over > >and used it except for the domain name changes in the file. It works > >correctly and shows the emails being blocked by the RBLs. Here is an > >example: > >Jan 25 09:50:28 free MailScanner[29146]: RBL checks: j0PHoO9A025227 found in > >SBL+XBL > > > >The mail server using fetchmail does have MailScanner entries, example, > >Jan 25 09:48:04 free sendmail[28874]: j0PHm4Nj028874: > >from=, size=2320, class=0, nrcpts=1, > >msgid=<200501251742.j0PHgQx3023954@mtac3.prodigy.net>, proto=ESMTP, > >daemon=MTA, relay=localhost.localdomain [127.0.0.1] > >Jan 25 09:48:05 free MailScanner[27108]: New Batch: Scanning 1 messages, > >2838 bytes > >Jan 25 09:48:05 free MailScanner[27108]: Spam Checks: Starting > >Jan 25 09:48:06 free MailScanner[27108]: Message j0PHm4Nj028874 from > >127.0.0.1 (mbfup@centrapoint.com) to localhost is spam, SpamAssassin > >(score=8.467, required 5, FORGED_RCVD_HELO 0.05, MIME_BOUND_DD_DIGITS 4.23, > >MSGID_FROM_MTA_HEADER 0.00, X_MESSAGE_INFO 4.19) > >Jan 25 09:48:06 free MailScanner[27108]: Spam Checks: Found 1 spam messages > >Jan 25 09:48:06 free MailScanner[27108]: Spam Actions: message > >j0PHm4Nj028874 actions are forward,spam@jehrhart.net > >Jan 25 09:48:06 free MailScanner[27108]: Virus and Content Scanning: > >Starting > >Jan 25 09:48:07 free MailScanner[27108]: Uninfected: Delivered 1 messages > >Jan 25 09:48:07 free sendmail[28889]: j0PHm4Nj028874: > >to=, delay=00:00:03, xdelay=00:00:00, mailer=local, > >pri=122320, dsn=2.0.0, stat=Sent > > > >Any suggests on how to see where it is failing? > >Thanks > > > >----- Original Message ----- > >From: "Julian Field" > >To: > >Sent: Tuesday, January 25, 2005 8:11 AM > >Subject: Re: Fetchmail and MailScanner > > > > > > > > > >>Sounds like you are running SpamAssassin with procmail and spamc/spamd. > >>You can stop all of that (shutdown the SpamAssassin processes > >>altogether) and get your system up and running so that fetchmail is > >>collecting your mail and delivering it normally, without any > >>SpamAssassin involved at all. > >> > >>Once that is working happily, shutdown down the sendmail service and > >>only then enable MailScanner. The MailScanner init.d script will start > >>up the copies of sendmail that it needs in exactly the right way. All > >>you then need to do to enable SpamAssassin is set "Use SpamAssassin = > >>yes" in MailScanner.conf and restart MailScanner. You do not want to be > >>running the spamassassin "service" (i.e. spamd+spamc) or the sendmail > >>"service" as MailScanner will look after that for you. > >> > >>Once MailScanner is processing your mail, you will see MailScanner > >>headers appearing in all your messages, whether they are spam or not. > >> > >> > >>yoloits wrote: > >> > >> > >> > >>>I have a Red Hat 3 server running MailScanner 4.37.7-1 and Sendmail. > >>>Fetchmail brings in all the email. SpamAssassin 3.0.2 works fine on the > >>>email. In MailScanner I use RBLs. If it is on a blacklist I just want > >>> > >>> > >to > > > > > >>>drop it. But MailScanner is not running the blacklist agains the emails. > >>> > >>> > >I > > > > > >>>have no RBL checks in my log files. SpamAssassin has emails scored with > >>> > >>> > >SBL > > > > > >>>and dsbl so I know I have email that should have been dropped by the > >>> > >>> > >RBLs. > > > > > >>>Because of SA scoring some SPAM gets through that could have been dropped > >>>with the RBLs. The config is: > >>> > >>>Log Spam = yes > >>>Spam Checks = yes > >>>Spam List = ORDB-RBL SBL+XBL NJABL dsbl.org > >>>Spam Lists To Reach High Score = 1 > >>>Spam List Timeout = 10 > >>>Max Spam List Timeouts = 7 > >>> > >>>Can I get MailScanner to process fetchmail or do I have a setup problem > >>> > >>> > >on > > > > > >>>my server? > >>> > >>>Thanks in advance > >>>Jay > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 22:16:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:19 2006 Subject: MailScanner and Vexira Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Beta release 4.38.7 is out with support for the latest Vexira in there. It assumes Vexira has been installed into /usr/local/vexira by default. If it's not there, you will just need to edit /etc/MailScanner/virus.scanners.conf to tell it where it is installed. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 25 22:22:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:19 2006 Subject: 4.38.7 -- Updated for latest Vexira scanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released version 4.38.7 (beta). This is to test the support for the latest version of Vexira. If you are using the latest Vexira, please do try this out for me. My own tests have shown it works, but I would like some more evidence from other people. Please note that I have had to drop support for the old version of Vexira. You can download it as usual from www.mailscanner.info. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tom at cci.net Tue Jan 25 23:52:15 2005 From: tom at cci.net (Thomas R McBride) Date: Thu Jan 12 21:28:19 2006 Subject: Handling phishing false positives Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I do full restarts after changing rules I also believed it must be something I was doing wrong and have been trying various things for about 2 weeks with little luck. The other rulesets I have all work fine. Thanks > > > Have you reloaded (ie SIGHUP) MailScanner or restarted it > after making > changes to its configuration? > The ruleset code is exactly the same as that used for all the other > options, there is little reason to believe it doesn't work. > > Has anyone else had any problems with this? > > Thomas R McBride wrote: > > >Regarding phishing ruleset in 4.37.7 > >I have been unable to get that ruleset to work > >either setting the default setting to yes or no > >when setting the default to no it still flags phishing attempts > >when setting the default to yes the domains set to no still > are flagged. > > > >When changing the MailScanner.conf setting to not use ruleset > >works as expected --. > > > > > > > >>Just over two weeks ago, we installed MS 4.37.7 and kept its new: > >> Find Phishing Fraud = yes > >> > >>We have had very little adverse criticism in that time, but > >>there has been > >>one user asking about a false positive. > >> > >>I realise the setting can be a ruleset. So theoretically, we > >>could begin > >>to use that as users request that certain external sources > >>be, in effect, > >>whitelisted. But I see this as a potentially long piece of > string (we > >>have a local user population of around 20,000) and some > >>maintenance issues > >>lurking. (How long do we keep things? Who authorises what > should be > >>cleaned out (and when)?) > >> > >>I recall that in the early days of MS's anti-phishing, there was a > >>significant number of false positives, and that Julian > >>tightened up the > >>code to try to address many of these. (I recall that Quentin > >>Campbell of > >>Newcastle provided input to this reduction process.) > >>Nevertheless (and > >>probably inevitably) the possibility of f.p.s will remain. > >> > >>1. Julian: Do you have a mechanism by wish we can report > >>"false positives" > >> to you so that you can see whether there are other > >>criteria that might > >> help you reduce even further the f.p. rate in MS? > >> > >>2. Most of us probably regard the technique of: > >> http://looks.nice.com/ > >> as undesirable (even if technically legal) and that there > >>is a case > >> for trying to educate the creators of many (most?) such things. > >> > >> Might is be worth us (the MailScanner community) > >>developing a simple, > >> short paragraph or text that we can hand to our local > >>users who receive > >> such things, for them to pass on to the external people > >>who sent them? > >> (This could be included in ths MS distribution.) > >> > >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at LANGHERD.COM Wed Jan 26 06:52:00 2005 From: john at LANGHERD.COM (John P. Lang) Date: Thu Jan 12 21:28:19 2006 Subject: Definately worth the effort: Making sendmail only accept mail to genuine Exchange users Message-ID: This has made all the difference in the world! We scan mail for 4 domains (3 exchange servers and local mailboxes) We were processing over 2700 pieces of mail per day. The majority of it was dictionary style spews. This simple change dropped us down to only processing about 300 pieces of mail through Mail Scanner. The reject graph went through the roof in MailWatch. Whoever wrote that FAQ entry deserves a huge pat on the back! Thanks. We did have to modify the configs a bit, as we send to the 3 different exchange servers plus localhost. It was pretty easy though. I just pipe the text files into a mysql database using PHP, The table has Emailaddress FQDN of exchange fred@domain1.com mail.domain1.com joe@domain2.com mail.domain2.com me@localdomain.com localhost I then output this via PHP again to the whitelist-address.txt file -> to the mailhost.db for sendmail to use. Thanks again for the tutorial and THANKS for MailScanner…. BTW, the book is great! John ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 26 09:04:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:19 2006 Subject: Definately worth the effort: Making sendmail only accept mail to genuine Exchange users Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John heck even more than mine - I drop 66% of inbound email at the MTA due to it being for non-existant users.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 John P. Lang wrote: > This has made all the difference in the world! We scan mail for 4 > domains (3 exchange servers and local mailboxes) > > We were processing over 2700 pieces of mail per day. The majority of it > was dictionary style spews. > > > > This simple change dropped us down to only processing about 300 pieces > of mail through Mail Scanner. The reject graph went through the roof in > MailWatch. > > Whoever wrote that FAQ entry deserves a huge pat on the back! Thanks. > > > > We did have to modify the configs a bit, as we send to the 3 different > exchange servers plus localhost. It was pretty easy though. I just > pipe the text files into a mysql database using PHP, > > > > The table has > > Emailaddress FQDN of exchange > > fred@domain1.com mail.domain1.com > > joe@domain2.com mail.domain2.com > > me@localdomain.com localhost > > > > > > I then output this via PHP again to the whitelist-address.txt file -> to > the mailhost.db for sendmail to use. > > > > Thanks again for the tutorial and THANKS for MailScanner^Å. > > > > BTW, the book is great! > > > > John > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Wed Jan 26 11:37:23 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:19 2006 Subject: OT: SPF query and a new spin on an old thread (Exchange/Notes) Message-ID: All, MailScanner is very good, as we all know, but it does take time to execute :-( As I have limited hardware resources I have been looking at ways of either... 1. Moving stuff round the Spam checks, I don't have time to maintain a white list or... 2. Rejecting more stuff before MailScanner sees it. Trouble is management types (pointy hair) don't like DNS blacklists as one false positive = one irate user! I was wondering about SPF, I think I'm going to have to build support for it anyway but do any of you use it? How well does it work? The new spin on the old thread. In the past people have asked about putting sendmail and MailScanner in front of an Exchange/Notes server and rejecting invalid recipients. There is a how-to in the MailScanner FAQ and it does work but I'm working on a new sendmail build and early testing would imply the Milter-ahead works really well for this purpose although this is not the reason I was looking at it. http://www.milter.info/milter-ahead/index.shtml Not for the faint hearted, if you don't like compiling and messing with .mc files or you don't know what that means then maybe not worth looking but if you do then have a look. Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jan 26 11:46:05 2005 From: dh at UPTIME.AT ([ISO-8859-1] David Höhn) Date: Thu Jan 12 21:28:19 2006 Subject: OT: SPF query and a new spin on an old thread (Exchange/Notes) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Pentland G. wrote: | | I was wondering about SPF, I think I'm going to have to build support | for it anyway but do any of you use it? How well does it work? | To use SPF as a basis for accepting or rejecting mail would be fatal. It simply does not work. It would if everyone had valid SPF records and if the system itself was flawless (which it is not in my humble opinion). You can use SPF to weigh in on the score (I do that for example). - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFB94L9PMoaMn4kKR4RAwNZAKCRngUQ+Z5+hfa71eY+5IoG4S2jEwCgmbwO dHnE1zUXGBmYOeE7cc2BZrA= =se2b -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Wed Jan 26 12:07:37 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:28:19 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: Julian said: >> What happens if you set >> Remove These Headers = Message-Id >> Then the Message-Id will be removed from the cleaned messages, forcing >> Exchange it add its own, unique, id. Joshua replied >That would probably work, but then I can't follow the message ID's when someone reports >a problem :-) That's a good solution for me though, as I can track message movements through my server from the ESMTP id in the received header, which is what appears in my logfiles. On an utterly unrelated note, I didn't receive any of Julian's replies to this in my inbox and had to check the archive. I wonder if MS has taken a dislike to it's Daddy. ;) Thanks for the assist guys! Stef Stefan Morrell | Operations Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 26 12:16:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:19 2006 Subject: Exchange and duplicate message-id with quarantine. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stef Morrell wrote: >Julian said: > > >>>What happens if you set >>>Remove These Headers = Message-Id >>>Then the Message-Id will be removed from the cleaned messages, >>> >>> >forcing > > >>>Exchange it add its own, unique, id. >>> >>> > >Joshua replied > > >>That would probably work, but then I can't follow the message ID's when >> >> >someone reports >a problem :-) > >That's a good solution for me though, as I can track message movements >through my server from the ESMTP id in the received header, which is >what appears in my logfiles. > >On an utterly unrelated note, I didn't receive any of Julian's replies >to this in my inbox and had to check the archive. I wonder if MS has >taken a dislike to it's Daddy. ;) > >Thanks for the assist guys! > > > If you are using the bogus-virus-warnings.cf SpamAssassin ruleset, you need to add this to your spam.assassin.prefs.conf file: score VIRUS_WARNING15 0 score VIRUS_WARNING28 0 score VIRUS_WARNING33 0 score VIRUS_WARNING62 0 score VIRUS_WARNING66 0 score VIRUS_WARNING226 0 score VIRUS_WARNING250 0 score VIRUS_WARNING300 0 score VIRUS_WARNING326 0 score VIRUS_WARNING339 0 score VIRUS_WARNING340 0 so it doesn't delete mail from me (or from the mailing list). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Wed Jan 26 11:52:08 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:19 2006 Subject: Exim security/iptables query Message-ID: Hi all We are using vispan on some of our sendmail servers, however its support for exim is pretty much non-existent, so I'm looking for a similar type of solution for exim Basically we want to be able to drop Ips into iptables if they send more than X viruses or spam in a given period. Over the last few days we have seen a very high number of infected machines hammering servers with junk, so dropping the connections from these machines would save us a lot of headaches Any ideas? Thanks in advance Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Jan 26 14:06:20 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:19 2006 Subject: Exim security/iptables query Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >Hi all > >We are using vispan on some of our sendmail servers, however its support for >exim is pretty much non-existent, so I'm looking for a similar type of >solution for exim >Basically we want to be able to drop Ips into iptables if they send more >than X viruses or spam in a given period. >Over the last few days we have seen a very high number of infected machines >hammering servers with junk, so dropping the connections from these machines >would save us a lot of headaches > >Any ideas? > > > Michele, Why don't you use the IPBlock code inside MS? It's working fine here but it puts offenders into the access database of sendmail. I'm sure you could modify it to update iptables instead. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Wed Jan 26 14:25:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:19 2006 Subject: Exim security/iptables query Message-ID: Michele my idea would be to ask on he exim-users email list :-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Michele Neylon :: Blacknight Solutions wrote: > Hi all > > We are using vispan on some of our sendmail servers, however its support for > exim is pretty much non-existent, so I'm looking for a similar type of > solution for exim > Basically we want to be able to drop Ips into iptables if they send more > than X viruses or spam in a given period. > Over the last few days we have seen a very high number of infected machines > hammering servers with junk, so dropping the connections from these machines > would save us a lot of headaches > > Any ideas? > > Thanks in advance > > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 > http://www.blacknight.ie/specialoffers.html > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Wed Jan 26 14:54:47 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:19 2006 Subject: OT: SPF query Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Höhn wrote: > To use SPF as a basis for accepting or rejecting mail would be fatal. > It simply does not work. It would if everyone had valid SPF records > and if the system itself was flawless (which it is not in my humble > opinion). You can use SPF to weigh in on the score (I do that for > example). IMHO I was thinking... If a domain has no SPF record then carry on with the other normal checks. If a domain does have an SPF record and the IP matches etc. then carry on with the other normal checks. If a domain does have an SPF record and this mail comes from somewhere else then either 450 (TMEP FIAL leading to some sort of greylist) it or 550 it. would be a valid approach. Obviously it would be fatal to 550 anything without an SPF record. I was wondering how many mails I could expect to fall into the 3rd rule so not having to put them though MailScanner so saving CPU time. Just thinking out loud and thought this list would be a fair place to ask for others experience. Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Wed Jan 26 15:03:50 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:19 2006 Subject: OT: SPF query Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Pentland G. > >If a domain does have an SPF record and this mail comes from somewhere else >then either 450 (TMEP FIAL leading to some sort of greylist) it or 550 it. > >would be a valid approach. > >Obviously it would be fatal to 550 anything without an SPF record. I was >wondering how many mails I could expect to fall into the 3rd rule so not >having to put them though MailScanner so saving CPU time. > >Just thinking out loud and thought this list would be a fair place to ask >for others experience. That is just what the SPF milter for sendmail does (see http://spf.pobox.com). The milter takes care of all your three described rules. I'm using the sendmail-milter and it works fine (although I have changed the code a bit for local purposes). It's a perl script, so: easy to change. Other MTA's are supported as well. >Gary Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Wed Jan 26 15:17:24 2005 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:28:19 2006 Subject: Exim security/iptables query Message-ID: If you use Mailwatch, you can run some simple queries to create a list of ip addresses of virus senders, put them into a file, and have Exim reject these at the MTA level with a nice message as to why they are being rejected. We do something similar for both spam and virus senders. Jase Michele Neylon :: Blacknight Solutions wrote: > Hi all > > We are using vispan on some of our sendmail servers, however its > support for exim is pretty much non-existent, so I'm looking for a > similar type of solution for exim > Basically we want to be able to drop Ips into iptables if they send > more than X viruses or spam in a given period. > Over the last few days we have seen a very high number of infected > machines hammering servers with junk, so dropping the connections > from these machines would save us a lot of headaches > > Any ideas? > > Thanks in advance > > Michele > > Mr Michele Neylon > Blacknight Internet Solutions Ltd > Hosting, co-location & domains > http://www.blacknight.ie/ > Tel. +353 59 9137101 > http://www.blacknight.ie/specialoffers.html > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jan 26 15:20:35 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:19 2006 Subject: Quarantine ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Karen Mkoyan wrote: > Hi Craig, > this looks interesting. I have the mailwatch installed. Do you mean the > luser stuff ? gonna check right now. > I'm talking about the 'user filter' option that is distributed with the MailWatch distro (see the file labeled USER_FILTERS). This involves using an additional column in the table called 'type' where you can specify whether a user is an admin, domain admin, user, or regexp A new table called 'user_filters' has four columns which discribes the user and domain/email matching criteria. The file USER_FILTERS shows a few examples that explains how it works, and I must admit, it works quite nicely. This also needs to be set up manually, but Steve promises that later versions will allow user management from within the web interface. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 26 15:33:31 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:19 2006 Subject: Quarantine ? Message-ID: On Tue, 25 Jan 2005, Karen Mkoyan wrote: [...] > > P.S. I've just learned that http://www.fsl.com/support/ here available > software called "Quarantine Report" anybody used that ? > > i am using it. You need to tweak things to get it working, but if needed i could send you a mail not via the list. But you should get it work. Just remember: Change the URL within the file Emails.pm to be your site ;) and use and create the usercheck. Because else you would send out a report to everyone in the quarantine-dir, but some spammers insert another mail-recipient in the to-field ;) And check the Group within the CreateLink-File, as it is set to apache..maybe your webserver is not in the group apache ;) And maybe you should change the behaviour of linking these files into copy those files, as some mailserver are running as root within the group root, and no rights to read or write to those quarantine-files ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 26 15:42:06 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:19 2006 Subject: Exim security/iptables query Message-ID: Hi Michele, the latest Version of vispan does actually also support iptables ;) never tested it though.. Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 26 15:47:33 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:19 2006 Subject: OT: Learn Spam the easy way. Message-ID: Hi there, currently i am the admin of a system, on which the users do receive mails locally, but do not have any kind of shell.. As they are receiving mails considered as spam, they would like to teach spamassassin those mails as spam. But, outlook is not capable of bouncing those mails, so they just forwared these mails to my account..but this is not really a lot of help. So..i am thinking of a way to get those users to learn spamassassin which mail is spam and which is not. Never seen MailWatch, but is it capable to learn mails, which are already at the maschine of the user (fetched via pop3)? Or should i get them switch over to imap, create a box called spam, they dp copy the spam-mails into this box, and i do have a cronjob learning those boxes? Maybe someone has some ideas? Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 26 16:06:54 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:19 2006 Subject: OT: Learn Spam the easy way. Message-ID: Marcel I do the last option (not with Exchange but with courier-imapd). As for MailWatch it relies on you quarantining the email as well as delivering it, so you need a cron to delete the quarantined stuff after X days.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Marcel Blenkers wrote: > Hi there, > > currently i am the admin of a system, on which the users do receive mails > locally, but do not have any kind of shell.. > > As they are receiving mails considered as spam, they would like to teach > spamassassin those mails as spam. > > But, outlook is not capable of bouncing those mails, so they just forwared > these mails to my account..but this is not really a lot of help. > > So..i am thinking of a way to get those users to learn spamassassin which > mail is spam and which is not. > > Never seen MailWatch, but is it capable to learn mails, which are already > at the maschine of the user (fetched via pop3)? > > Or should i get them switch over to imap, create a box called spam, they > dp copy the spam-mails into this box, and i do have a cronjob learning > those boxes? > > Maybe someone has some ideas? > > Greetings > > Marcel > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 26 16:11:19 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:19 2006 Subject: Learn Spam the easy way. Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Marcel Blenkers > Sent: den 26 januari 2005 16:48 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Learn Spam the easy way. > > > Hi there, > > currently i am the admin of a system, on which the users do > receive mails > locally, but do not have any kind of shell.. > > As they are receiving mails considered as spam, they would > like to teach > spamassassin those mails as spam. > > But, outlook is not capable of bouncing those mails, so they > just forwared > these mails to my account..but this is not really a lot of help. > > So..i am thinking of a way to get those users to learn > spamassassin which > mail is spam and which is not. Provide them with a folder on your server to dump things to, perhaps via IMAP. Shouldn't be hard after that. > > Never seen MailWatch, but is it capable to learn mails, which > are already > at the maschine of the user (fetched via pop3)? Not really, you'd need store the messages in the "nonspam" quarantine for that to be available. > > Or should i get them switch over to imap, create a box called > spam, they > dp copy the spam-mails into this box, and i do have a cronjob learning > those boxes? Yep. -- Glenn > > Maybe someone has some ideas? > > Greetings > > Marcel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 26 16:15:52 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:19 2006 Subject: Difference between Spam-Scores.. Message-ID: hi there, on my system a do use spamassassin with mailscanner, but also, after checking the mails with ms and sa, i do use procmail to check the mails again with spamassassin. No i do see some strange behaviour with this. Some mails do get checked by MailScanner in combination of SpamAssassin, but the do receive a lower score as using SpamAssassin on itself. Example: The Mail-Scanner-Header: X-irc-addicts.de-MailScanner-Information: Please contact the ISP for more information X-irc-addicts.de-MailScanner: Found to be clean X-irc-addicts.de-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.595,required 5, RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK 0.15,RCVD_IN_NJABL_DUL 1.66, RCVD_IN_SORBS_DUL 0.14, URIBL_SBL 0.63,URIBL_WS_SURBL 0.54) X-irc-addicts.de-MailScanner-SpamScore: ssss and now the SpamAssassin-Report after procmail: Content analysis details: (6.8 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.7 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4998] 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50% [cf: 100] 1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [220.184.70.162 listed in dnsbl.sorbs.net] 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [220.184.70.162 listed in combined.njabl.org] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: screegood.com] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: screegood.com] it seems that spamassassin on itself uses different tests on its own.. how could i implement those tests also in the use with mailscanner?? Thanks in advance.. Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 26 16:16:36 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:19 2006 Subject: OT: Learn Spam the easy way. Message-ID: Hi Martin, > > I do the last option (not with Exchange but with courier-imapd). > > As for MailWatch it relies on you quarantining the email as well as > delivering it, so you need a cron to delete the quarantined stuff after > X days.. > thanks for the answer.. i guess, i will switch over to imap then :) Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 26 16:18:23 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:19 2006 Subject: What BlackLists to use.. Message-ID: Hi there, currently i am using the following option: Spam List = ORDB-RBL SBL+XBL are there other Blacklists i could consider checking and which are free of charge? So..in fact..i am asking: are you using this option..and what do you inserted here? ;) Thanks in advance again Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 26 16:32:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:19 2006 Subject: Difference between Spam-Scores.. Message-ID: Marcel small point but remoce the '.' (dot) in the MailScanner.conf for your suite name, it breaks alot of MTA's and is an illegal char in headers after all. I note that bayes isn't triggering on the MS version. Can the MailScanner user read/write to the bayes DB? AS to the date_in_past rule, I'd check the user can read all the rules in /etc/mail/spamassass and /usr/local/lib/spamassassin. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Marcel Blenkers wrote: > hi there, > > on my system a do use spamassassin with mailscanner, but also, after > checking the mails with ms and sa, i do use procmail to check the mails > again with spamassassin. > > No i do see some strange behaviour with this. > > Some mails do get checked by MailScanner in combination of SpamAssassin, > but the do receive a lower score as using SpamAssassin on itself. > > Example: > > The Mail-Scanner-Header: > > X-irc-addicts.de-MailScanner-Information: Please contact the ISP for > more information > X-irc-addicts.de-MailScanner: Found to be clean > X-irc-addicts.de-MailScanner-SpamCheck: not spam, SpamAssassin > (score=4.595,required 5, RAZOR2_CF_RANGE_51_100 1.49, RAZOR2_CHECK > 0.15,RCVD_IN_NJABL_DUL 1.66, RCVD_IN_SORBS_DUL 0.14, URIBL_SBL > 0.63,URIBL_WS_SURBL 0.54) > X-irc-addicts.de-MailScanner-SpamScore: ssss > > > and now the SpamAssassin-Report after procmail: > > Content analysis details: (6.8 points, 6.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.7 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.4998] > 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50% > [cf: 100] > 1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > [220.184.70.162 listed in dnsbl.sorbs.net] > 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP > [220.184.70.162 listed in combined.njabl.org] > 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist > [URIs: screegood.com] > 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > blocklist > [URIs: screegood.com] > > > it seems that spamassassin on itself uses different tests on its own.. > > how could i implement those tests also in the use with mailscanner?? > > Thanks in advance.. > > Marcel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Jan 26 16:36:59 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:19 2006 Subject: What BlackLists to use.. Message-ID: Marcel, We've always found the best selections for Lists at www.dnsstuff.com. You check your own IP's there to ensure you're not on the lists, but the long screen report it produces has links to all the major lists. Those lists provide details on what needs to be keyed into MS in long form in your spam.lists file, then you can make the shorter versions for the MS.conf file. We've picked out about 6-7 without degrading performance, we use the dnsstuff report to look for those major & reliable blacklists that have a very low response time in the far right column (usually 900ms or less). That way you've got the lowest chances of timeouts and keep that system performance up at an acceptable rate. HTH! David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Marcel Blenkers > Sent: Wednesday, January 26, 2005 11:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: What BlackLists to use.. > > > Hi there, > > currently i am using the following option: > > Spam List = ORDB-RBL SBL+XBL > > are there other Blacklists i could consider checking and > which are free of charge? > > So..in fact..i am asking: > > are you using this option..and what do you inserted here? ;) > > Thanks in advance again > > Marcel > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 26 16:33:04 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:19 2006 Subject: OT: Learn Spam the easy way. Message-ID: Marcel you can get Exchange to create imap folders so non-Outleek clients can connect... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Marcel Blenkers wrote: > Hi Martin, > > >>I do the last option (not with Exchange but with courier-imapd). >> >>As for MailWatch it relies on you quarantining the email as well as >>delivering it, so you need a cron to delete the quarantined stuff after >>X days.. >> > > thanks for the answer.. > > i guess, i will switch over to imap then :) > > Marcel > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jan 26 15:54:21 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:19 2006 Subject: Exim security/iptables query Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: > Hi Michele, > > the latest Version of vispan does actually also support iptables ;) > > never tested it though.. > > Marcel But not Exim. You would have to modify it. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Wed Jan 26 16:39:21 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:19 2006 Subject: What BlackLists to use.. Message-ID: I'm using thes in the sendmail configuration. Is this to much? Koen FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl FEATURE(`dnsbl',`combined.njabl.org',`Message from $&{client_addr} rejected - see http://njabl.org/lookup?$&{client_addr}')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `Email categorized as SPAM and blocked using Spamhaus SBL+XBL service - see http://cbl.abuseat.org/lookup.cgi?ip=$&{client_addr}&. submit=Lookup')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl Julian Field wrote: I use those 2 myself. I wouldn't recommend more than 2 or at most 3 spam lists defined there, or else things will start to slow down. You are better off leaving most of the RBL checking to SpamAssassin. Marcel Blenkers wrote: Hi there, currently i am using the following option: Spam List = ORDB-RBL SBL+XBL are there other Blacklists i could consider checking and which are free of charge? So..in fact..i am asking: are you using this option..and what do you inserted here? ;) Thanks in advance again -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 26 17:02:49 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:19 2006 Subject: What BlackLists to use.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Actually, thats the best part and the most efficient depending on the amount of users you have to support. The closer to the actual connection you can block people (firewall, MTA) the better. The only downside to blocking at MTA is that you can't "ignore" hosts that are on the RBL's so if your business partners get on an RBL you have to get creative about routing mail from them. -Vlad Mazek ExchangeDefender Quoting Koen Teugels : > > > > > > > > I'm using thes in the sendmail configuration. > > Is this to much? > > > > Koen > > > > FEATURE(`dnsbl', `relays.ordb.org', > `"550 Email rejected due to sending server misconfiguration - see > http://www.ordb.org/faq/\#why_rejected"')dnl > > > FEATURE(`dnsbl',`combined.njabl.org',`Message > from $&{client_addr} rejected - see > http://njabl.org/lookup?$&{client_addr}')dnl > > > FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', > `Email categorized as SPAM and blocked using Spamhaus SBL+XBL service - > see > http://cbl.abuseat.org/lookup.cgi?ip=$&{client_addr}&. > submit=Lookup')dnl > > > define(`confBIND_OPTS', > `WorkAroundBrokenAAAA')dnl > > > FEATURE(`enhdnsbl', `bl.spamcop.net', > `"Spam blocked see: > http://spamcop.net/bl.shtml?"$&{client_addr}')dnl > > > > > > > > Julian Field wrote: > I > use those 2 myself. I wouldn't recommend more than 2 or at most 3 spam > > > lists defined there, or else things will start to slow down. > > > > > You are better off leaving most of the RBL checking to SpamAssassin. > > > > > Marcel Blenkers wrote: > > > > > Hi there, > > > > > currently i am using the following option: > > > > > Spam List = ORDB-RBL SBL+XBL > > > > > are there other Blacklists i could consider checking and which are free > of > > > charge? > > > > > So..in fact..i am asking: > > > > > are you using this option..and what do you inserted here? ;) > > > > > > Thanks in advance again > > > > > > > > -- > > > Julian Field > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > -- Vladimir Mazek vlad@mazek.com (407) 729-7501 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Wed Jan 26 16:58:17 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:28:19 2006 Subject: Spamassassin time outs Message-ID: Sorry for the top post. I just wanted to add something I noticed. With Spamassassin 3+ on a machine that gets under heavy load [runs between 1.50 -> 9.00 50,000mails/day] it seems you need to take 1 extra step which is to set Rebuild Bayes Every = 0 And then do the force-expire cron. Under spamassassin 2.64 this was set to 86400 and [with all the other standard instructions from this list] it worked fine. But with SA3+ I was still getting 40+ timeouts per day. [Yes: bayes_auto_expire 0 in both spam.assassin.prefs.conf and local.cf] mgt@irondoor ~ [1] rpm -q spamassassin spamassassin-3.0.2-1 mgt@irondoor ~ [2] rpm -q mailscanner mailscanner-4.35.9-1 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: Friday, January 21, 2005 9:32 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spamassassin time outs > > At 12:04 PM 1/21/2005, Philip Parsons wrote: > >Ever since we upgraded to spamassassin 3.02 in the maillog we are > >getting a lot of > > > >"Spamassassin timed out and was killed, failure " > > > >There does not seem to be any reason for this that I can find anyone > >got any idea's ??? > > 1) make sure the AWL is off.. you need to do this at the spamassassin > level, as SA 3.0's API does not respond to MailScanner's attempts to > disable it. The extra DB overhead here can be substantial. > > 2) Are you using bayes? Check for "expire" files next to your bayes > database files.. If you have those piling up, MS is timing out SA while > it's doing bayes database expiry. Either disable bayes_auto_expire and > run sa-learn --force-expire from a cronjob, or extend your spamassassin > timeout to a really large value. > > 3) SA 3.0 queries a lot more RBLs.. run spamassassin --lint -D and see > if it's getting hung up there. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Wed Jan 26 17:07:48 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:19 2006 Subject: What BlackLists to use.. Message-ID: But they get a reason why they are blocked and it up to them to get of the blacklist. Koen Vlad Mazek wrote: Actually, thats the best part and the most efficient depending on the amount of users you have to support. The closer to the actual connection you can block people (firewall, MTA) the better. The only downside to blocking at MTA is that you can't "ignore" hosts that are on the RBL's so if your business partners get on an RBL you have to get creative about routing mail from them. -Vlad Mazek ExchangeDefender Quoting Koen Teugels : I'm using thes in the sendmail configuration. Is this to much? Koen FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl FEATURE(`dnsbl',`combined.njabl.org',`Message from $&{client_addr} rejected - see http://njabl.org/lookup?$&{client_addr}')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `Email categorized as SPAM and blocked using Spamhaus SBL+XBL service - see http://cbl.abuseat.org/lookup.cgi?ip=$&{client_addr}&. submit=Lookup')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl Julian Field wrote: I use those 2 myself. I wouldn't recommend more than 2 or at most 3 spam lists defined there, or else things will start to slow down. You are better off leaving most of the RBL checking to SpamAssassin. Marcel Blenkers wrote: Hi there, currently i am using the following option: Spam List = ORDB-RBL SBL+XBL are there other Blacklists i could consider checking and which are free of charge? So..in fact..i am asking: are you using this option..and what do you inserted here? ;) Thanks in advance again -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Vladimir Mazek vlad@mazek.com (407) 729-7501 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 26 16:24:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:19 2006 Subject: What BlackLists to use.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I use those 2 myself. I wouldn't recommend more than 2 or at most 3 spam lists defined there, or else things will start to slow down. You are better off leaving most of the RBL checking to SpamAssassin. Marcel Blenkers wrote: >Hi there, > >currently i am using the following option: > >Spam List = ORDB-RBL SBL+XBL > >are there other Blacklists i could consider checking and which are free of >charge? > >So..in fact..i am asking: > >are you using this option..and what do you inserted here? ;) > >Thanks in advance again > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jan 26 17:16:35 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:19 2006 Subject: Quarantine ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > I'm talking about the 'user filter' option that is distributed with the > MailWatch distro (see the file labeled USER_FILTERS). This involves > using an additional column in the table called 'type' where you can > specify whether a user is an admin, domain admin, user, or regexp > > A new table called 'user_filters' has four columns which discribes the > user and domain/email matching criteria. > > The file USER_FILTERS shows a few examples that explains how it works, > and I must admit, it works quite nicely. > > This also needs to be set up manually, but Steve promises that later > versions will allow user management from within the web interface. > I just wanted to add that I am storing the non-spam email in addition to delivering it. I have set up a cron job using a modified 'clean.quarantine' script to delete any messages over 90 days from the quarantine. After I set this up, I discovered that the quarantine section of the messages for non-spam was not showing up. Thanks to Michael Svendsen on the MailWatch list for this fix: In detail.php change following line (line 190 in my file): $quarantinedir = get_conf_var("QuarantineDir"); $quarantine = $quarantinedir.'/'.$row->date.'/'.$row->id; $spam = $quarantinedir."/".$row->date.'/spam/'.$row->id; $notspam = $quarantinedir."/".$row->date.'/not-spam/'.$row->id; Change the $notspam variable to point on the right directory name: $notspam = $quarantinedir."/".$row->date.'/nonspam/'.$row->id; And that did the trick! With regard to the clean.quarantine script I happened upon this tip a little bit ago that I think is too cool and uses the 'tmpwatch' app installed on most everyone's *nix distro: /etc/cron.daily/mailscanner-tmpwatch #!/bin/bash /usr/sbin/tmpwatch -u 168 /var/spool/MailScanner/quarantine # 168 == 24 * 7 or one week # 720 == 24 * 30 or one month # 2160 == 24 * 90 or three months I just thought I would share, this can be handy for all sorts of things :) -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jan 26 17:41:47 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:19 2006 Subject: Spamassassin time outs Message-ID: At 11:58 AM 1/26/2005, Mike Tremaine wrote: >Rebuild Bayes Every = 0 > >And then do the force-expire cron. > >Under spamassassin 2.64 this was set to 86400 and [with all the other >standard instructions from this list] it worked fine. But with SA3+ I >was still getting 40+ timeouts per day. [Yes: bayes_auto_expire 0 in >both spam.assassin.prefs.conf and local.cf] That's really odd.. Rebuild Bayes Every should be a separate process, unless a recent version of mailscanner introduced a bug where that process becomes a part of the SA timeout. Do you have: Wait During Bayes Rebuild = yes set in MailScanner.conf? Does it make a difference? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Wed Jan 26 17:45:34 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:19 2006 Subject: Exim security/iptables query Message-ID: > Marcel Blenkers wrote: >> Hi Michele, >> >> the latest Version of vispan does actually also support iptables ;) >> >> never tested it though.. >> >> Marcel > But not Exim. You would have to modify it. Exactly, which is what I am trying to avoid .... Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jan 26 17:45:21 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:19 2006 Subject: Learn Spam the easy way. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday, January 26, 2005 4:48 PM MailScanner mailing list wrote: > So..i am thinking of a way to get those users to learn > spamassassin which mail is spam and which is not. > > Never seen MailWatch, but is it capable to learn mails, which > are already at the maschine of the user (fetched via pop3)? No. > Or should i get them switch over to imap, create a box called > spam, they dp copy the spam-mails into this box, and i do > have a cronjob learning those boxes? Create public folders SPAM/NOSPAM in Exchange and have your users copy/move mails there. Then fetch those mails via IMAP and feed it into SpamAssassin. Only problem: Exchange will always mangle your messages a bit so it is not exactly the message you received in the first place. We archive incoming mail for three days, fetch SPAM/NOSPAM mails, read the message-id and try to locate the original message in this archive. If we find it we feed this to spamassassin if not we feed the message as fetched from Exchange. That works pretty well. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jan 26 18:01:36 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:19 2006 Subject: OT: Learn Spam the easy way. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: > Never seen MailWatch, but is it capable to learn mails, which are already > at the maschine of the user (fetched via pop3)? > MailWatch cannot learn spam that has already been picked up off the mail server by the user (via POP), BUT if you store your non-spam for X amount of days (in addition to delivering it to the user) you can use the 'user filters' feature of Mail Watch to let your users log into a web GUI (viewing only their mail) and they can teach SpamAssassin which messages are spam and which are not. This also allows them to recover a message that may have been deleted, view statistics regarding their mail usage, etc. See my recent posts under the 'Quarantine' thread. A cool trick too...is if you have users who leave (who wouldn't normally be getting legitimate email anymore) who also get a lot of spam, you can turn their email addresses into 'spamtraps' and create a cron job to learn from their mailbox each night. Then in that same cron job, delete their mail. This has trained my bayes database in no time :) -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Wed Jan 26 18:06:16 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:28:19 2006 Subject: Spamassassin time outs Message-ID: On Wed, 2005-01-26 at 09:41, Matt Kettler wrote: > At 11:58 AM 1/26/2005, Mike Tremaine wrote: > >Rebuild Bayes Every = 0 > > > >And then do the force-expire cron. > > > >Under spamassassin 2.64 this was set to 86400 and [with all the other > >standard instructions from this list] it worked fine. But with SA3+ I > >was still getting 40+ timeouts per day. [Yes: bayes_auto_expire 0 in > >both spam.assassin.prefs.conf and local.cf] > > That's really odd.. Rebuild Bayes Every should be a separate process, > unless a recent version of mailscanner introduced a bug where that process > becomes a part of the SA timeout. > > Do you have: > Wait During Bayes Rebuild = yes It was set to "no"... I'm sure that is what the timeouts are from, but like I said it was not an issue before I moved to SA3+. [Yesterday after I set Rebuild Bayes Every = 0, I ended up with 2 timeouts but no orphaned .expireXXX files. So I suspect that setting Wait During Bayes Rebuild = yes might also help. However I can live with a few timeouts.] -- Mike Tremaine mgt@stellarcore.net http://www.stellarcore.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Wed Jan 26 18:27:11 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:19 2006 Subject: What BlackLists to use.. Message-ID: Using RBLs/DNSBLs to score is a good idea, but blocking can be very dangerous. Spamcop - good in SURBL. Dodgy as hell as a block XBL-SBL - overall is very good, but I see a lot of Irish ISPs ending up in there all the time, so you really need to examine the scenario very carefully. In my case I have to be very cautious as we are handling mail for several thousand users from over a thousand companies with very different email profiles, so we cannot simply block mail from any source. We need to "weigh it" very carefully Just my two cents Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Wed Jan 26 19:09:40 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:20 2006 Subject: signing rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have a signing rule that appends a company disclaimer to all outgoing emails. There are some instances however, where we don't want it. For some addresses we have just turned it off in /etc/MailScanner/rules/signing.rules, and that works fine. BUT...would it be possible to be able to do something like...add a certain string of characters in your email..and this would cause the signing rule to skip over for that instance *only*? We don't want it in the subject line. But maybe at the bottom...the user can just put a 'nosign' under there name..its a bit more discrete than putting it in the subject line. If this is even possible..how would you do it? thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné à la personne ou aux personnes à qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'êtes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 26 19:29:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:20 2006 Subject: signing rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You could write a Custom Function that did this, but rather than adding the special tag in the body of the message (which is relatively hard to search), you could put it at the start of the Subject: line but have the Custom Function remove it from the Subject: line before it delivered the message. Then the recipients would see no sign that the tag was ever there. Is this better? I would probably need some bribery to write this for you... Matt Kehler wrote: > We have a signing rule that appends a company disclaimer to all > outgoing emails. There are some instances however, where we don't > want it. For some addresses we have just turned it off in > /etc/MailScanner/rules/signing.rules, and that works fine. > BUT...would it be possible to be able to do something like...add a > certain string of characters in your email..and this would cause the > signing rule to skip over for that instance *only*? We don't want it > in the subject line. But maybe at the bottom...the user can just put > a 'nosign' under there name..its a bit more discrete than putting it > in the subject line. If this is even possible..how would you do it? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 26 19:38:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:20 2006 Subject: Book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'll take a look at that, thanks. Denis Beauchemin wrote: > Hello Julian, > > I needed some tips on using a ruleset for filename.rules so I looked > inside your book. I couldn't find any reference to ruleset in the > index but the info was there nonetheless: it was in Appendix C. > > Maybe you should add ruleset to the index if it is not there already > (my copy had the wrong index). > > Keep up the good work! > > Denis > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jan 26 20:29:36 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:20 2006 Subject: OT: Learn Spam the easy way. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers writes: > thanks for the answer.. > > i guess, i will switch over to imap then :) > > Marcel > You could also try this, if you are switching to imap. http://freshmeat.net/projects/teach-sa/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Wed Jan 26 21:21:19 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:28:20 2006 Subject: Exim security/iptables query Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't have access to any machine that runs exim which is why I haven't provided support for it in Vispan (yet!). If someone who does use exim could supply me with info and log entries then I can add support. Having said that - the iptables blocking should still work since that relies on the Mailscanner log lines not the MTA - it will only affect the rejected messages and MTA reported info. David While -----Original Message----- From: MailScanner mailing list on behalf of Michele Neylon :: Blacknight Solutions Sent: Wed 26/01/2005 17:45 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Exim security/iptables query > Marcel Blenkers wrote: >> Hi Michele, >> >> the latest Version of vispan does actually also support iptables ;) >> >> never tested it though.. >> >> Marcel > But not Exim. You would have to modify it. Exactly, which is what I am trying to avoid .... Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Wed Jan 26 21:42:15 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:20 2006 Subject: Forwarded messages lose their attachments. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] When I forward a message from a yahoo account for instance, it send the forwarded message as an attachment which mailscanner takes out. When I look at the header, Mailscanner says its infected but its not. I tried this from different emails and different messages with the same results. Does anyone have any ideas? The subject includes {blocked content} -JD -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Dhawal Doshy Sent: Wednesday, January 26, 2005 12:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: OT: Learn Spam the easy way. Marcel Blenkers writes: > thanks for the answer.. > > i guess, i will switch over to imap then :) > > Marcel > You could also try this, if you are switching to imap. http://freshmeat.net/projects/teach-sa/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 26 21:57:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:20 2006 Subject: Forwarded messages lose their attachments. Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What does the log say about this message? And what does the attachment warning file say? And what does this have to do with "Learn Spam the easy way"? JD wrote: >When I forward a message from a yahoo account for instance, it send the forwarded message as an attachment which mailscanner takes out. When I look at the header, Mailscanner says its infected but its not. I tried this from different emails and different messages with the same results. Does anyone have any ideas? The subject includes {blocked content} > >-JD > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Dhawal Doshy >Sent: Wednesday, January 26, 2005 12:30 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: OT: Learn Spam the easy way. > > >Marcel Blenkers writes: > > >>thanks for the answer.. >> >>i guess, i will switch over to imap then :) >> >>Marcel >> >> >> > >You could also try this, if you are switching to imap. >http://freshmeat.net/projects/teach-sa/ > > - dhawal > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Wed Jan 26 22:15:17 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:20 2006 Subject: How to verify URIBL_SBL blocklist entry? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everyone, We have a client complaining that an email has been incorrectly tagged as spam. One of the "violations" was that the sender's email address is showing as appearing in the URIBL_SBL which my client insists is extremely unlikely. Any idea how I can manually check via a web page or something whether their URL is indeed in the URIBL_SBL? Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Wed Jan 26 22:16:38 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:20 2006 Subject: How to verify URIBL_SBL blocklist entry? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you tried.... http://openrbl.org/ John -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Fractal IT Dept. Sent: Wednesday, January 26, 2005 2:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: How to verify URIBL_SBL blocklist entry? Hi everyone, We have a client complaining that an email has been incorrectly tagged as spam. One of the "violations" was that the sender's email address is showing as appearing in the URIBL_SBL which my client insists is extremely unlikely. Any idea how I can manually check via a web page or something whether their URL is indeed in the URIBL_SBL? Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Wed Jan 26 22:18:46 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:20 2006 Subject: How to verify URIBL_SBL blocklist entry? Message-ID: Always useful is http://www.dnsstuff.com/ Specifically... http://www.dnsstuff.com/tools/ip4r.ch?ip=1.2.3.4 Fractal IT Dept. wrote: > Hi everyone, > > We have a client complaining that an email has been incorrectly > tagged as spam. One of the "violations" was that the sender's email > address is showing as appearing in the URIBL_SBL which my client > insists is extremely unlikely. Any idea how I can manually check via > a web page or something whether their URL is indeed in the URIBL_SBL? > > Thanks. > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at FRACTALWEB.COM Wed Jan 26 22:30:21 2005 From: itdept at FRACTALWEB.COM (Fractal IT Dept.) Date: Thu Jan 12 21:28:20 2006 Subject: How to verify URIBL_SBL blocklist entry? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks for this. Strangely, this domain name does not appear in any of the lookups I tried. I also tried variations on the domain name to get different IP addresses, and still nothing. I'm stuck. Chris Pentland G. wrote: Always useful is http://www.dnsstuff.com/ Specifically... http://www.dnsstuff.com/tools/ip4r.ch?ip=1.2.3.4 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Wed Jan 26 22:40:44 2005 From: jd at BENTECMED.COM (JD) Date: Thu Jan 12 21:28:20 2006 Subject: Forwarded messages lose their attachments. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I can't open the maillog file, its too huge for memory, and there is no attachment warning message. Only the header shows mailscanner listing it as infected. Im sorry, the message doesn't have anything to do with learn spam the easy way. I think im functioning with half a brain because I've been banging my head trying to figure this out while it would probably take 5 secs for you. Im trying to set the conf file to let everything in. It doesn't seem to be doing any good. Im looking in the filetype and filename . conf's but nothing seems to be related. Yahoo seems to be forwarding as an html attachment. -JD -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Wednesday, January 26, 2005 1:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Forwarded messages lose their attachments. What does the log say about this message? And what does the attachment warning file say? And what does this have to do with "Learn Spam the easy way"? JD wrote: >When I forward a message from a yahoo account for instance, it send the forwarded message as an attachment which mailscanner takes out. When I look at the header, Mailscanner says its infected but its not. I tried this from different emails and different messages with the same results. Does anyone have any ideas? The subject includes {blocked content} > >-JD > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jan 26 22:37:15 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:20 2006 Subject: How to verify URIBL_SBL blocklist entry? Message-ID: At 05:15 PM 1/26/2005, Fractal IT Dept. wrote: >We have a client complaining that an email has been incorrectly tagged as >spam. One of the "violations" was that the sender's email address is >showing as appearing in the URIBL_SBL which my client insists is extremely >unlikely. Any idea how I can manually check via a web page or something >whether their URL is indeed in the URIBL_SBL? First, URIBL_SBL won't have anything to do with the senders email address, or their mailserver IP. That's a URI blacklist, thus only has anything to do with URI's (more or less the same as a URL in this discussion) Thus you need to look at all the weblinks in the body of the email. No part of the headers is relevant. only body, and only something that might look like a web link to SA's parser. In the case of uribl_sbl it's a little less direct than just trying to use openrbl or something similar, because how this test is implemented is tricky. First, take the target domain, and find it's nameserver $dig ns example.com next resolve the nameserver to an ip: $host ns1.example.com now take that, and go to openrbl and check to see if THAT is listed in sbl. (or do it yourself by reversing the ip) A real example with a real spamvertized domain, zoldor.com: ------------------------------------- $ dig ns zoldor.com ; <<>> DiG 9.2.1 <<>> ns zoldor.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64281 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;zoldor.com. IN NS ;; ANSWER SECTION: zoldor.com. 86379 IN NS ns1.msmdns.com. zoldor.com. 86379 IN NS ns2.msmdns.com. $ host ns1.msmdns.com ns1.msmdns.com has address 209.237.253.171 $ dig txt 171.253.237.209.sbl.spamhaus.org ; <<>> DiG 9.2.1 <<>> txt 171.253.237.209.sbl.spamhaus.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23490 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 17, ADDITIONAL: 7 ;; QUESTION SECTION: ;171.253.237.209.sbl.spamhaus.org. IN TXT ;; ANSWER SECTION: 171.253.237.209.sbl.spamhaus.org. 7200 IN TXT "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL16022" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Thu Jan 27 00:30:41 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:28:20 2006 Subject: How to verify URIBL_SBL blocklist entry? Message-ID: It might be their ISP. I had such a case where the group was sending a mailing that had their web address in it. I couldn't find them in the Spamhaus SBL either but after doing some digging, it turned out that the ISP was their secondary name service and it was their ISPs domain name that was listed in Spamhaus's SBL. I had to put in a uri rule to compensate for their URL. ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Fractal IT Dept. Sent: Wednesday, January 26, 2005 5:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: How to verify URIBL_SBL blocklist entry? Thanks for this. Strangely, this domain name does not appear in any of the lookups I tried. I also tried variations on the domain name to get different IP addresses, and still nothing. I'm stuck. Chris Pentland G. wrote: Always useful is http://www.dnsstuff.com/ Specifically... http://www.dnsstuff.com/tools/ip4r.ch?ip=1.2.3.4 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jan 27 00:32:42 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:20 2006 Subject: What BlackLists to use.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Koen Teugels wrote: > <>I'm using thes in the sendmail configuration. > Is this to much? > > Koen > > FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending > server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl > FEATURE(`dnsbl',`combined.njabl.org',`Message from $&{client_addr} > rejected - see http://njabl.org/lookup?$&{client_addr}')dnl > FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `Email categorized as SPAM and > blocked using Spamhaus SBL+XBL service - see > http://cbl.abuseat.org/lookup.cgi?ip=$&{client_addr}&. submit=Lookup')dnl > define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl > FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: > http://spamcop.net/bl.shtml?"$&{client_addr}')dnl I would be careful of spamcop. Many false positives. I use sbl-xbl, but I have also heard of many false positives from European originating addresses. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 27 11:58:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:20 2006 Subject: Forwarded messages lose their attachments. Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Open the maillog with "less" and not a text editor. JD wrote: >I can't open the maillog file, its too huge for memory, and there is no attachment warning message. Only the header shows mailscanner listing it as infected. Im sorry, the message doesn't have anything to do with learn spam the easy way. I think im functioning with half a brain because I've been banging my head trying to figure this out while it would probably take 5 secs for you. Im trying to set the conf file to let everything in. It doesn't seem to be doing any good. Im looking in the filetype and filename . conf's but nothing seems to be related. Yahoo seems to be forwarding as an html attachment. > >-JD > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >Behalf Of Julian Field >Sent: Wednesday, January 26, 2005 1:57 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Forwarded messages lose their attachments. > > >What does the log say about this message? And what does the attachment >warning file say? > >And what does this have to do with "Learn Spam the easy way"? > >JD wrote: > > > >>When I forward a message from a yahoo account for instance, it send the forwarded message as an attachment which mailscanner takes out. When I look at the header, Mailscanner says its infected but its not. I tried this from different emails and different messages with the same results. Does anyone have any ideas? The subject includes {blocked content} >> >>-JD >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Thu Jan 27 12:21:06 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:20 2006 Subject: Stop "Other Bad Content" admin notices for addresses in blacklist Message-ID: Hi, Couldn't find anything in the mailing list archive about this, so here goes: I've successfully blacklisted recipient addresses using To: in my spam.blacklist.rules file. However despite the log showing the recipient blacklisted, I still get "Other bad content" admin messages from MailScanner when bad emails come in to these addresses. I've not noticed any for blacklisted From: addresses, but that's not to say there aren't any. I've considered changing the MS "Send Notices" setting to a ruleset and adding the same blacklisted recipients to that, but before I do (and without re-igniting the "block it at the MTA" debate, which I am finally making progress on with management by the way), is there a better way to prevent this behaviour? I'm using MailScanner 4.37.7. Many Thanks Dan Harris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andersjk at SOL-INVICTUS.ORG Thu Jan 27 12:49:33 2005 From: andersjk at SOL-INVICTUS.ORG (Kevin Anderson) Date: Thu Jan 12 21:28:20 2006 Subject: Forwarding spam question Message-ID: I am sure this has been answered before but can't find the answer on the website from MailScanner, is it possible to forward the mail marked spam on to another mailbox for each user? I was thinking in terms of an in house postini... either via procmail and or spamassassin? thanks, kevin anderson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Thu Jan 27 13:19:05 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:20 2006 Subject: AW: Forwarding spam question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi, for each user not but to a central mailbox via MailScanner.conf: Spam Actions = forward user@domain.de High Scoring Spam Actions = forward user@domain.de other way is to modify the subject only and deliver the mails to to user, by that way they can handle spam by setup a rule inside mailclient what to do with spam: Spam Subject Text = **!Spam!** High Scoring Spam Subject Text = **!Spam!** Spam Actions = deliver High Scoring Spam Actions = deliver rule inside mailclient: put all to "my folder" if subject contains **!SPAM!** greetings andy -----Ursprüngliche Nachricht----- Von: Kevin Anderson [mailto:andersjk@SOL-INVICTUS.ORG] Gesendet: Donnerstag, 27. Januar 2005 13:50 An: MAILSCANNER@JISCMAIL.AC.UK Betreff: Forwarding spam question I am sure this has been answered before but can't find the answer on the website from MailScanner, is it possible to forward the mail marked spam on to another mailbox for each user? I was thinking in terms of an in house postini... either via procmail and or spamassassin? thanks, kevin anderson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Thu Jan 27 13:26:06 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:20 2006 Subject: OT: clamav 0.81 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The scan engine has been improved. The internal mail scanner now supports multipart/partial messages, and support for decoding non-standard mail files was greatly enhanced. clamav-milter by default uses libclamav and scans emails itself without the use of clamd. libclamav can now extract RFC2397 encoded data within HTML documents, block zip archives with modified information in local header, and scan HQX files. PE file structure rebuilding from compressed executables was improved too. http://www.clamav.net/ upgrade is importend to get virusdefinition updates ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Thu Jan 27 14:02:10 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:20 2006 Subject: Spam Score Question Message-ID: I have the following message that was marked as spam. The spam report is below, but it doesn't add up to the SpamAssassin Score. What do I need to look at as to why this message was marked? I've since put the sender in the WL.... Thanks!, Diane SpamAssassin Spam: Y SpamAssassin Score: 6.90 Spam Report: Score Matching Rule Description 0.00 AWL -0.50 IN_REP_TO Has a In-Reply-To header -0.38 MSGID_GOOD_EXCHANGE Message-Id indicates the message was sent from MS Exchange -0.50 ORIGINAL_MESSAGE Looks like a reply to a message 0.50 RCVD_IN_ORBS Received via a relay in orbs.dorkslayers.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 27 14:14:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:20 2006 Subject: Spam Score Question Message-ID: Diane I guess you cut&pasted from Mailwatch.... any chance of looking at the headers as added my MailScanner? It maybe the MW hasn;t logged the rules correctly. have you updated the MW rules table in 'Other->Update SpamAssassin Rules Descriptions'. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > I have the following message that was marked as spam. The spam report is > below, but it doesn't add up to the SpamAssassin Score. > > What do I need to look at as to why this message was marked? I've since put > the sender in the WL.... > > Thanks!, > Diane > > SpamAssassin Spam: Y > SpamAssassin Score: 6.90 > Spam Report: Score Matching Rule Description > 0.00 AWL > -0.50 IN_REP_TO Has a > In-Reply-To header > -0.38 MSGID_GOOD_EXCHANGE Message-Id indicates > the message was sent from MS Exchange > -0.50 ORIGINAL_MESSAGE Looks like a > reply to a message > 0.50 RCVD_IN_ORBS Received via a relay > in orbs.dorkslayers.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shrek-m at GMX.DE Thu Jan 27 14:17:30 2005 From: shrek-m at GMX.DE (shrek-m@gmx.de) Date: Thu Jan 12 21:28:20 2006 Subject: OT: clamav 0.81 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dörfler Andreas wrote: >The scan engine has been improved. The internal mail scanner now supports >multipart/partial messages, and support for decoding non-standard mail files >was greatly enhanced. clamav-milter by default uses libclamav and scans >emails itself without the use of clamd. libclamav can now extract RFC2397 >encoded data within HTML documents, block zip archives with modified >information in local header, and scan HQX files. PE file structure >rebuilding from compressed executables was improved too. > >http://www.clamav.net/ > >upgrade is importend to get virusdefinition updates > fedora core 3, full up2date $ rpm -q zlib zlib-1.2.1.2-1 $ ./configure [...] checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then! # yum --enablerepo=development update zlib [...] Dependencies Resolved Transaction Listing: Update: zlib.i386 0:1.2.2.2-1 [...] -- shrek-m ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Thu Jan 27 14:27:03 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:28:20 2006 Subject: OT: clamav 0.81 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Using the same Fedora development zlib source RPM and "rpmbuild --rebuild zlib-1.2.2.2-1.src.rpm" and installing the resultant zlib-devel-1.2.2.2-1.i386.rpm and zlib-1.2.2.2-1.i386.rpm worked here fine on Fedora Core 1. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of shrek-m@gmx.de > Sent: 27 January 2005 14:18 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: clamav 0.81 released > > Dörfler Andreas wrote: > > >The scan engine has been improved. The internal mail scanner now > >supports multipart/partial messages, and support for decoding > >non-standard mail files was greatly enhanced. clamav-milter > by default > >uses libclamav and scans emails itself without the use of clamd. > >libclamav can now extract RFC2397 encoded data within HTML > documents, > >block zip archives with modified information in local > header, and scan > >HQX files. PE file structure rebuilding from compressed > executables was improved too. > > > >http://www.clamav.net/ > > > >upgrade is importend to get virusdefinition updates > > > > fedora core 3, full up2date > > $ rpm -q zlib > zlib-1.2.1.2-1 > > $ ./configure > [...] > checking for zlib installation... /usr > configure: error: The installed zlib version may contain a > security bug. > Please upgrade to 1.2.2 or later: http://www.zlib.net. You > can omit this check with --disable-zlib-vcheck but DO NOT > REPORT any stablility issues then! > > # yum --enablerepo=development update zlib [...] Dependencies > Resolved Transaction Listing: > Update: zlib.i386 0:1.2.2.2-1 > [...] > > -- > shrek-m > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Thu Jan 27 14:27:49 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:20 2006 Subject: Spam Score Question Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Thursday, January 27, 2005 8:14 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spam Score Question > > Diane > > I guess you cut&pasted from Mailwatch.... > > any chance of looking at the headers as added my MailScanner? > > It maybe the MW hasn;t logged the rules correctly. have you > updated the MW rules table in 'Other->Update SpamAssassin > Rules Descriptions'. > Sorry about the cut/paste.... Here is the message header from the mailwatch log: And I haven't made any changes since the last time I had updated the SpamAssassin Rules Descriptions. I don't need to do that unless I modify SA rules, right? Thanks, Diane Return-Path: < g> Received: from ns2.kozeny.net (host83-237.discord.birch.net [65.16.83.237]) by prsvr02.km-law.com (8.12.11/8.12.11) with ESMTP id j0RDnY0e019040 for ; Thu, 27 Jan 2005 07:49:34 -0600 Received: from weshome (host83-234.discord.birch.net [65.16.83.234]) by ns2.kozeny.net (8.12.8/8.12.8) with SMTP id j0RD0wS6006175 for ; Thu, 27 Jan 2005 07:00:59 -0600 Reply-To: From: "WES" To: "Jenny Frerker" Subject: RE: Homecomings title claims Date: Thu, 27 Jan 2005 07:50:36 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: X-Virus-Scanned: ClamAV 0.80/685/Wed Jan 26 03:08:24 2005 clamav-milter version 0.80j on ns2.kozeny.net X-Virus-Status: Clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 27 14:26:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:20 2006 Subject: OT: clamav 0.81 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Upgraded here..waiting for the first hit... just using clamav as the scanner not clamavmodule -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Dörfler Andreas wrote: > The scan engine has been improved. The internal mail scanner now supports > multipart/partial messages, and support for decoding non-standard mail files > was greatly enhanced. clamav-milter by default uses libclamav and scans > emails itself without the use of clamd. libclamav can now extract RFC2397 > encoded data within HTML documents, block zip archives with modified > information in local header, and scan HQX files. PE file structure > rebuilding from compressed executables was improved too. > > http://www.clamav.net/ > > upgrade is importend to get virusdefinition updates > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 27 14:31:12 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:20 2006 Subject: Spam Score Question Message-ID: Diane ok, that's before MS, have you got the post MS headers? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>Sent: Thursday, January 27, 2005 8:14 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Spam Score Question >> >>Diane >> >>I guess you cut&pasted from Mailwatch.... >> >>any chance of looking at the headers as added my MailScanner? >> >>It maybe the MW hasn;t logged the rules correctly. have you >>updated the MW rules table in 'Other->Update SpamAssassin >>Rules Descriptions'. >> > > > Sorry about the cut/paste.... Here is the message header from the mailwatch > log: > > And I haven't made any changes since the last time I had updated the > SpamAssassin Rules Descriptions. I don't need to do that unless I modify SA > rules, right? > > Thanks, > Diane > > Return-Path: < g> > Received: from ns2.kozeny.net (host83-237.discord.birch.net [65.16.83.237]) > by prsvr02.km-law.com (8.12.11/8.12.11) with ESMTP id j0RDnY0e019040 > for ; Thu, 27 Jan 2005 07:49:34 -0600 > Received: from weshome (host83-234.discord.birch.net [65.16.83.234]) > by ns2.kozeny.net (8.12.8/8.12.8) with SMTP id j0RD0wS6006175 > for ; Thu, 27 Jan 2005 07:00:59 -0600 > Reply-To: > From: "WES" > To: "Jenny Frerker" > Subject: RE: Homecomings title claims > Date: Thu, 27 Jan 2005 07:50:36 -0600 > Message-ID: > MIME-Version: 1.0 > Content-Type: text/plain; > charset="US-ASCII" > Content-Transfer-Encoding: 7bit > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > Importance: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > In-Reply-To: > X-Virus-Scanned: ClamAV 0.80/685/Wed Jan 26 03:08:24 2005 > clamav-milter version 0.80j > on ns2.kozeny.net > X-Virus-Status: Clean > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 27 14:31:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:20 2006 Subject: OT: clamav 0.81 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released a new install-ClamAV-SA.tar.gz package that contains the new ClamAV 0.81. It's on the downloads page on www.mailscanner.info. Dörfler Andreas wrote: >The scan engine has been improved. The internal mail scanner now supports >multipart/partial messages, and support for decoding non-standard mail files >was greatly enhanced. clamav-milter by default uses libclamav and scans >emails itself without the use of clamd. libclamav can now extract RFC2397 >encoded data within HTML documents, block zip archives with modified >information in local header, and scan HQX files. PE file structure >rebuilding from compressed executables was improved too. > >http://www.clamav.net/ > >upgrade is importend to get virusdefinition updates > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at ZANKER.ORG Thu Jan 27 14:37:15 2005 From: mike at ZANKER.ORG (Mike Zanker) Date: Thu Jan 12 21:28:20 2006 Subject: OT: clamav 0.81 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Upgraded here..waiting for the first hit... > > just using clamav as the scanner not clamavmodule Seems to be working for me with Mail-ClamAV-0.13. Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Thu Jan 27 14:37:45 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:20 2006 Subject: Spam Score Question Message-ID: Not sure... Would they still be in MW somewhere? > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Thursday, January 27, 2005 8:31 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spam Score Question > > Diane > > ok, that's before MS, have you got the post MS headers? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Diane Rolland wrote: > >>-----Original Message----- > >>From: MailScanner mailing list > >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > >>Sent: Thursday, January 27, 2005 8:14 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Spam Score Question > >> > >>Diane > >> > >>I guess you cut&pasted from Mailwatch.... > >> > >>any chance of looking at the headers as added my MailScanner? > >> > >>It maybe the MW hasn;t logged the rules correctly. have you updated > >>the MW rules table in 'Other->Update SpamAssassin Rules > Descriptions'. > >> > > > > > > Sorry about the cut/paste.... Here is the message header from the > > mailwatch > > log: > > > > And I haven't made any changes since the last time I had > updated the > > SpamAssassin Rules Descriptions. I don't need to do that unless I > > modify SA rules, right? > > > > Thanks, > > Diane > > > > Return-Path: < g> > > Received: from ns2.kozeny.net (host83-237.discord.birch.net > > [65.16.83.237]) by prsvr02.km-law.com (8.12.11/8.12.11) > with ESMTP id > > j0RDnY0e019040 for ; Thu, 27 Jan 2005 07:49:34 > > -0600 > > Received: from weshome (host83-234.discord.birch.net > [65.16.83.234]) > > by ns2.kozeny.net (8.12.8/8.12.8) with SMTP id j0RD0wS6006175 for > > ; Thu, 27 Jan 2005 07:00:59 -0600 > > Reply-To: > > From: "WES" > > To: "Jenny Frerker" > > Subject: RE: Homecomings title claims > > Date: Thu, 27 Jan 2005 07:50:36 -0600 > > Message-ID: > > MIME-Version: 1.0 > > Content-Type: text/plain; > > charset="US-ASCII" > > Content-Transfer-Encoding: 7bit > > X-Priority: 3 (Normal) > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > > Importance: Normal > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > > In-Reply-To: > > X-Virus-Scanned: ClamAV 0.80/685/Wed Jan 26 03:08:24 2005 > > clamav-milter version 0.80j on ns2.kozeny.net > > X-Virus-Status: Clean > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Thu Jan 27 14:42:02 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:20 2006 Subject: Forwarding spam question Message-ID: Yes you can do this via procmail. The procmail rule for this is below. :0: * ^Subject:.*Spam\?.* .Spam/new I believe you could put this in the system wide procmail file and it would be invoked for each user. (This is not tested though). I use it for my personal mail, /home/ssmith/.procmailrc, and it works great. I'm using Courier-Imap with maildirs so that is why the folder name, .Spam/new, looks like that. HTH Sean Kevin Anderson wrote: >I am sure this has been answered before but can't find the answer on the >website from MailScanner, is it possible to forward the mail marked spam >on to another mailbox for each user? I was thinking in terms of an in >house postini... either via procmail and or spamassassin? > >thanks, >kevin anderson > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 27 14:47:42 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:20 2006 Subject: Spam Score Question Message-ID: Diane probably not...MS will only store the pre-MS versions ,evein if storing, quarantining or archiving. However ... if you are stroring the SPAM within MS (archive, or storing actions somewhere in rules) you could rerun the message through the queue and then catch it b4 the end user picks it up... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Diane Rolland wrote: > Not sure... Would they still be in MW somewhere? > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>Sent: Thursday, January 27, 2005 8:31 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Spam Score Question >> >>Diane >> >>ok, that's before MS, have you got the post MS headers? >> >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >> >>Diane Rolland wrote: >> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >>>>Sent: Thursday, January 27, 2005 8:14 AM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: Spam Score Question >>>> >>>>Diane >>>> >>>>I guess you cut&pasted from Mailwatch.... >>>> >>>>any chance of looking at the headers as added my MailScanner? >>>> >>>>It maybe the MW hasn;t logged the rules correctly. have you updated >>>>the MW rules table in 'Other->Update SpamAssassin Rules >> >>Descriptions'. >> >>> >>>Sorry about the cut/paste.... Here is the message header from the >>>mailwatch >>>log: >>> >>>And I haven't made any changes since the last time I had >> >>updated the >> >>>SpamAssassin Rules Descriptions. I don't need to do that unless I >>>modify SA rules, right? >>> >>>Thanks, >>>Diane >>> >>>Return-Path: < g> >>>Received: from ns2.kozeny.net (host83-237.discord.birch.net >>>[65.16.83.237]) by prsvr02.km-law.com (8.12.11/8.12.11) >> >>with ESMTP id >> >>>j0RDnY0e019040 for ; Thu, 27 Jan 2005 07:49:34 >>>-0600 >>>Received: from weshome (host83-234.discord.birch.net >> >>[65.16.83.234]) >> >>>by ns2.kozeny.net (8.12.8/8.12.8) with SMTP id j0RD0wS6006175 for >>>; Thu, 27 Jan 2005 07:00:59 -0600 >>>Reply-To: >>>From: "WES" >>>To: "Jenny Frerker" >>>Subject: RE: Homecomings title claims >>>Date: Thu, 27 Jan 2005 07:50:36 -0600 >>>Message-ID: >>>MIME-Version: 1.0 >>>Content-Type: text/plain; >>>charset="US-ASCII" >>>Content-Transfer-Encoding: 7bit >>>X-Priority: 3 (Normal) >>>X-MSMail-Priority: Normal >>>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) >>>Importance: Normal >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >>>In-Reply-To: >>>X-Virus-Scanned: ClamAV 0.80/685/Wed Jan 26 03:08:24 2005 >>>clamav-milter version 0.80j on ns2.kozeny.net >>>X-Virus-Status: Clean >>> >>>------------------------ MailScanner list >> >>------------------------ To >> >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ >> >>(http://www.mailscanner.biz/maq/) and the >> >>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential >>and intended solely for the use of the individual or entity >>to whom they are addressed. If you have received this email >>in error please notify the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list >>------------------------ To unsubscribe, email >>jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ >>(http://www.mailscanner.biz/maq/) and the archives >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Thu Jan 27 14:58:30 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:20 2006 Subject: Spam Score Question Message-ID: Looks like my other Admin has already deleted it (we usually delete after they have been released to know they have already been done). If something similar comes up again, I'll be sure to save it. Thanks for your help, Diane > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Thursday, January 27, 2005 8:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spam Score Question > > Diane > > probably not...MS will only store the pre-MS versions ,evein > if storing, quarantining or archiving. > > However ... if you are stroring the SPAM within MS (archive, > or storing actions somewhere in rules) you could rerun the > message through the queue and then catch it b4 the end user > picks it up... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Diane Rolland wrote: > > Not sure... Would they still be in MW somewhere? > > > > > >>-----Original Message----- > >>From: MailScanner mailing list > >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > >>Sent: Thursday, January 27, 2005 8:31 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Spam Score Question > >> > >>Diane > >> > >>ok, that's before MS, have you got the post MS headers? > >> > >> > >>-- > >>Martin Hepworth > >>Snr Systems Administrator > >>Solid State Logic > >>Tel: +44 (0)1865 842300 > >> > >> > >>Diane Rolland wrote: > >> > >>>>-----Original Message----- > >>>>From: MailScanner mailing list > >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > >>>>Sent: Thursday, January 27, 2005 8:14 AM > >>>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>>Subject: Re: Spam Score Question > >>>> > >>>>Diane > >>>> > >>>>I guess you cut&pasted from Mailwatch.... > >>>> > >>>>any chance of looking at the headers as added my MailScanner? > >>>> > >>>>It maybe the MW hasn;t logged the rules correctly. have > you updated > >>>>the MW rules table in 'Other->Update SpamAssassin Rules > >> > >>Descriptions'. > >> > >>> > >>>Sorry about the cut/paste.... Here is the message header from the > >>>mailwatch > >>>log: > >>> > >>>And I haven't made any changes since the last time I had > >> > >>updated the > >> > >>>SpamAssassin Rules Descriptions. I don't need to do that unless I > >>>modify SA rules, right? > >>> > >>>Thanks, > >>>Diane > >>> > >>>Return-Path: < g> > >>>Received: from ns2.kozeny.net (host83-237.discord.birch.net > >>>[65.16.83.237]) by prsvr02.km-law.com (8.12.11/8.12.11) > >> > >>with ESMTP id > >> > >>>j0RDnY0e019040 for ; Thu, 27 Jan 2005 > 07:49:34 > >>>-0600 > >>>Received: from weshome (host83-234.discord.birch.net > >> > >>[65.16.83.234]) > >> > >>>by ns2.kozeny.net (8.12.8/8.12.8) with SMTP id j0RD0wS6006175 for > >>>; Thu, 27 Jan 2005 07:00:59 -0600 > >>>Reply-To: > >>>From: "WES" > >>>To: "Jenny Frerker" > >>>Subject: RE: Homecomings title claims > >>>Date: Thu, 27 Jan 2005 07:50:36 -0600 > >>>Message-ID: > >>>MIME-Version: 1.0 > >>>Content-Type: text/plain; > >>>charset="US-ASCII" > >>>Content-Transfer-Encoding: 7bit > >>>X-Priority: 3 (Normal) > >>>X-MSMail-Priority: Normal > >>>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > >>>Importance: Normal > >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 > >>>In-Reply-To: > >>>X-Virus-Scanned: ClamAV 0.80/685/Wed Jan 26 03:08:24 2005 > >>>clamav-milter version 0.80j on ns2.kozeny.net > >>>X-Virus-Status: Clean > >>> > >>>------------------------ MailScanner list > >> > >>------------------------ To > >> > >>>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ > >> > >>(http://www.mailscanner.biz/maq/) and the > >> > >>>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >> > >>************************************************************ > ********** > >> > >>This email and any files transmitted with it are confidential and > >>intended solely for the use of the individual or entity to > whom they > >>are addressed. If you have received this email in error > please notify > >>the system manager. > >> > >>This footnote confirms that this email message has been > swept for the > >>presence of computer viruses and is believed to be clean. > >> > >>************************************************************ > ********** > >> > >>------------------------ MailScanner list > >>------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk > >>with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ > >>(http://www.mailscanner.biz/maq/) and the archives > >>(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jan 27 15:24:53 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:20 2006 Subject: Stop "Other Bad Content" admin notices for addresses in blacklist Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dan Harris > Sent: den 27 januari 2005 13:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Stop "Other Bad Content" admin notices for addresses > in blacklist > > > Hi, > > Couldn't find anything in the mailing list archive about > this, so here goes: > > I've successfully blacklisted recipient addresses using To: in my > spam.blacklist.rules file. However despite the log showing ^^^^ ... This is not the same as Other Bad... You probably have the "keep spam quarantine clean" thing set to yes. Perhaps make that a ruleset? Or just live with it:-). > the recipient > blacklisted, I still get "Other bad content" admin messages > from MailScanner > when bad emails come in to these addresses. I've not noticed any for > blacklisted From: addresses, but that's not to say there aren't any. > > I've considered changing the MS "Send Notices" setting to a > ruleset and > adding the same blacklisted recipients to that, but before I > do (and without > re-igniting the "block it at the MTA" debate, which I am > finally making > progress on with management by the way), is there a better Glad to hear it. -- Glenn > way to prevent > this behaviour? I'm using MailScanner 4.37.7. > > Many Thanks > > Dan Harris. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 27 15:33:50 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:20 2006 Subject: OT: clamav 0.81 released Message-ID: Hi! >> upgrade is importend to get virusdefinition updates > $ rpm -q zlib > zlib-1.2.1.2-1 > > $ ./configure > [...] > checking for zlib installation... /usr > configure: error: The installed zlib version may contain a security bug. > Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this > check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues > then! > > # yum --enablerepo=development update zlib > [...] > Dependencies Resolved > Transaction Listing: > Update: zlib.i386 0:1.2.2.2-1 > [...] I noticed the same... is that one also available for FC1 and FC2 ? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Howard at HARPER-ADAMS.AC.UK Thu Jan 27 16:19:47 2005 From: Howard at HARPER-ADAMS.AC.UK (Howard Robinson) Date: Thu Jan 12 21:28:20 2006 Subject: Rules for filename checking Message-ID: Hello All, Looking through the archives it looks to me like the following in the filename.rules file will allow me to have a my standard filename.rule.conf as default but also allow usera to send email to userb using a different file, and slightly tweaked, filename.rule.exceptions. I block MP3 attachments to every one but one user gets voicemail email to her in mp3 format from a third party. So in MailScanner.conf I have Filename Rules = %etc-dir%/filename.rules In %etc-dir%/filename.rules I have # Always. always end with a default rule # on one line but wrapped in pegasus! From: userA and To: userB /%rulesdir%/filename.rules.exceptions # Everyone else uses this file FromOrTo: default /%rules-dir%/filename.rules.conf I have tried From, To and FromOrTo and they worked as expected but its the 'anding' that I am unsure of. I am I right? Is it and or And? Oh and the actual lines are tabbed not spaced. Thanks Thanks (MailScanner Book is ordered by the way) Regards Howard Robinson (Senior Technical Development Officer) Harper Adams University College Edgmond Newport Shropshire TF10 8NB UK E-mail: hrobinson@harper-adams.ac.uk Tel. : +44(0)1952 820280 Via switchboard : +44(0)1952 815253 Direct line Fax. : +44(0)1952 814783 College Web site http://www.harper-adams.ac.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Jan 27 16:39:36 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:20 2006 Subject: Rules for filename checking Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Howard Robinson wrote: >Hello All, > >Looking through the archives it looks to me like the following in the >filename.rules file will allow me to have a my standard >filename.rule.conf as default but also allow usera to send email to >userb using a different file, and slightly tweaked, >filename.rule.exceptions. I block MP3 attachments to every one >but one user gets voicemail email to her in mp3 format from a third >party. > >So in MailScanner.conf I have >Filename Rules = %etc-dir%/filename.rules > >In %etc-dir%/filename.rules >I have > ># Always. always end with a default rule ># on one line but wrapped in pegasus! >From: userA and To: userB >/%rulesdir%/filename.rules.exceptions ># Everyone else uses this file >FromOrTo: default /%rules-dir%/filename.rules.conf > >I have tried From, To and FromOrTo and they worked as expected >but its the 'anding' that I am unsure of. >I am I right? >Is it and or And? >Oh and the actual lines are tabbed not spaced. >Thanks > >Thanks >(MailScanner Book is ordered by the way) > > > Howard, I prefer to put rules files in %rules-dir% and config files in %etc-dir% (the opposite of what you did) but your setup should work unless you really forgot the dash in %rulesdir% above. The AND should work. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From campbell at cnpapers.com Thu Jan 27 16:40:24 2005 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 12 21:28:20 2006 Subject: clamav 0.81 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ----- Original Message ----- From: "Dörfler Andreas" To: Sent: Thursday, January 27, 2005 8:26 AM Subject: OT: clamav 0.81 released > upgrade is importend to get virusdefinition updates Does this mean my 0.80 won't get updates anymore? Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 27 16:44:31 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:20 2006 Subject: What BlackLists to use.. Message-ID: Hi there, > > FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see > http://www.ordb.org/faq/\#why_rejected"')dnl > FEATURE(`dnsbl',`combined.njabl.org',`Message from $&{client_addr} rejected - see http://njabl.org/lookup?$&{client_addr}')dnl > FEATURE(`dnsbl',`sbl-xbl.spamhaus.org', `Email categorized as SPAM and blocked using Spamhaus SBL+XBL service - see > http://cbl.abuseat.org/lookup.cgi?ip=$&{client_addr}&. submit=Lookup')dnl > define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl > FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl > > > but this would mean i would block mails directly on the mta.. and the users would not get those mails. But, as some of my users are using dynamic ips, and some of those ips provided by their provider are listed in some blacklists, they would be blocked directly.. i prefer to block spam via ms, and then report the user about this. So the user could check if this is really spam, and if not, could get the mail by himself. Thanks for the idea though.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 27 16:45:32 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:20 2006 Subject: What BlackLists to use.. Message-ID: Hi again > But they get a reason why they are blocked and it up to them to get of the blacklist. > try to teach your customers this lesson ;) Some people are glad that they are able to use the mailclients.. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Thu Jan 27 16:47:07 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:20 2006 Subject: Difference between Spam-Scores.. Message-ID: Hi Martin, > > small point but remoce the '.' (dot) in the MailScanner.conf for your > suite name, it breaks alot of MTA's and is an illegal char in headers > after all. ok..will do this ;) > > I note that bayes isn't triggering on the MS version. Can the > MailScanner user read/write to the bayes DB? > > AS to the date_in_past rule, I'd check the user can read all the rules > in /etc/mail/spamassass and /usr/local/lib/spamassassin. > checked that.. all rules do have the same owner:group and the same modes.. :( Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From myeasytech at YAHOO.COM.HK Thu Jan 27 17:09:28 2005 From: myeasytech at YAHOO.COM.HK (hkbyte) Date: Thu Jan 12 21:28:20 2006 Subject: Posfix requeue problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am using Postfix as the MTA. I have written a custom function and it is activated via the options "Non-Spam Action", it will reject email based on some conditions and the original email will not deliver to the recipient. It work properly in a production server two days ago. I don't know what I have changed and it does not work now. When condition meets, it still send to the recipient. But if I use the SAME script to other testing server which running nearly the same configuration (In fact, only the Postfix version is a bit earlier), It run normally. Therefore, I don't think the problem is arised from my script. When I double check with the log between two servers, I found the difference is that there are three lines which appear in the abnormal server: MailScanner[5150]: Requeue: 9BAA35E47D. BA504 to C45F35E481 posfix/nqmgr[5132]: C45F35E481: from =, size =1344, nrcpt=1 (queue active) MailScanner[5150]: Unscanned: Delivered 1 message. 9BAA35E47D is the original submission message id. That means the MailScanner will requeue the message and bypass the checking and deliver the message. How can I debug the reason for that requeue. Byte ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jan 27 17:30:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:20 2006 Subject: clamav 0.81 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Campbell wrote: > ----- Original Message ----- > From: "Dörfler Andreas" > To: > Sent: Thursday, January 27, 2005 8:26 AM > Subject: OT: clamav 0.81 released > > > >>upgrade is importend to get virusdefinition updates > > > Does this mean my 0.80 won't get updates anymore? Not at the moment, but they seem to only support older releases for a limited time. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 27 18:39:26 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:20 2006 Subject: clamav 0.81 released Message-ID: Hi! >>> upgrade is importend to get virusdefinition updates >> Does this mean my 0.80 won't get updates anymore? > Not at the moment, but they seem to only support older releases for a limited > time. That limited time isnt weeks but rather months... IOf i am right only support for .65 and below has been dropped yet. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Thu Jan 27 18:43:50 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I would like to get around this error: MailScanner[11532]: /var/spool/mqueue.in & /var/spool/mqueue must be on the same filesystem/partition! I would like to run the mqueue.in partition in a tmpfs, in order to reduce IO slowdowns. Can someone educate me as to why the two must reside on the same partition or filesystem? What is the reasoning behind this (I don't want to generalize it as a limitation, but in my case it certainly feels that way)? Thanks in advance, Chris Conn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Thu Jan 27 18:50:46 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:28:20 2006 Subject: clamav 0.81 released Message-ID: I was using 0.80 and freshclam reported that the functionality was 3 out of 4 and a upgrade was very much recomended, or something like that. I believe an upgrade is worth the little time it takes. Med vennlig hilsen / Regards John Berntsen -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn Sent: 27. januar 2005 19:39 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: clamav 0.81 released Hi! >>> upgrade is importend to get virusdefinition updates >> Does this mean my 0.80 won't get updates anymore? > Not at the moment, but they seem to only support older releases for a limited > time. That limited time isnt weeks but rather months... IOf i am right only support for .65 and below has been dropped yet. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Thu Jan 27 18:58:38 2005 From: dnsadmin at 1BIGTHINK.COM (DNSAdmin) Date: Thu Jan 12 21:28:20 2006 Subject: clamav 0.81 released Message-ID: At 01:39 PM 1/27/2005, you wrote: >Hi! > >>>>upgrade is importend to get virusdefinition updates > >>> Does this mean my 0.80 won't get updates anymore? > >>Not at the moment, but they seem to only support older releases for a limited >>time. > >That limited time isnt weeks but rather months... IOf i am right only >support for .65 and below has been dropped yet. Don't be too complacent about this. I had an issue crop up last year when an 0.7x version started false-positive flagging. I resolved the problem when I posted on this group, only to get lashed for not having paid attention. The problem had been discussed plentifully for weeks prior. Cheers! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. http://www.sng.ecs.soton.ac.uk/mailscanner/ Configuration by Glenn Parsons dnsadmin-at-1bigthink.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 27 19:02:19 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:20 2006 Subject: clamav 0.81 released Message-ID: Hi! >> That limited time isnt weeks but rather months... IOf i am right only >> support for .65 and below has been dropped yet. > Don't be too complacent about this. > > I had an issue crop up last year when an 0.7x version started > false-positive flagging. I resolved the problem when I posted on this > group, only to get lashed for not having paid attention. The problem had > been discussed plentifully for weeks prior. I only _tried_ to point out that Clam will support them, even if its naturally better to run a more up-to-date version... We are running one of the official Clam mirrors, so i might know... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Jan 27 19:04:01 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: > Hello, > > I would like to get around this error: > > MailScanner[11532]: /var/spool/mqueue.in & /var/spool/mqueue > must be on the same filesystem/partition! > > I would like to run the mqueue.in partition in a tmpfs, in order to > reduce IO slowdowns. Wouldn't that be very risky? Using tmpfs for /var/spool/MailScanner/incoming is risk free though. > Can someone educate me as to why the two must reside on the same > partition or filesystem? What is the reasoning behind this (I don't > want to generalize it as a limitation, but in my case it certainly feels > that way)? When MailScanner moves the message from the incoming queue to the outgoing it's a much lighter operation if it's the same file system. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Thu Jan 27 19:08:50 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Wouldn't that be very risky? Using tmpfs for > /var/spool/MailScanner/incoming is risk free though. > I already have tmpfs for incoming. The risk is minimal and acceptable on a stable system. At least such is my opinion. >> Can someone educate me as to why the two must reside on the same >> partition or filesystem? What is the reasoning behind this (I don't >> want to generalize it as a limitation, but in my case it certainly feels >> that way)? > > > When MailScanner moves the message from the incoming queue to the > outgoing it's a much lighter operation if it's the same file system. It would be even less if it is from RAM to disk instead of same-disk to same-disk though would it not? Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jan 27 19:02:20 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Conn wrote: > Hello, > > I would like to get around this error: > > MailScanner[11532]: /var/spool/mqueue.in & /var/spool/mqueue > must be on the same filesystem/partition! > > I would like to run the mqueue.in partition in a tmpfs, in order to > reduce IO slowdowns. > > Can someone educate me as to why the two must reside on the same > partition or filesystem? What is the reasoning behind this (I don't > want to generalize it as a limitation, but in my case it certainly feels > that way)? I'm not an expert, but I think MailScanner in its infinite wisdom doesn't actually move files between queues, but hard links the file to the new queue and then removes the hardlink from the old queue. I think it is to prevent loss of mail. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Thu Jan 27 19:17:59 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Chris Conn > >It would be even less if it is from RAM to disk instead of same-disk to >same-disk though would it not? I don't think so. When a file is moved on the same partition, the only thing that is changed, are the inodes, nothing more. When you're copying from ram, the complete file has to be copied. Moving from ram to disk is faster than from one disk partition to another disk partition, but not as fast as moving on the same disk partition. As the file size increases, so does the time to move it. This is not so when you stay on one disk partition (inode only). >Chris Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 27 19:23:55 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: On Thu, Jan 27, 2005 at 02:08:50PM -0500, Chris Conn wrote: > > > >Wouldn't that be very risky? Using tmpfs for > >/var/spool/MailScanner/incoming is risk free though. > > > > I already have tmpfs for incoming. The risk is minimal and acceptable > on a stable system. At least such is my opinion. > > >>Can someone educate me as to why the two must reside on the same > >>partition or filesystem? What is the reasoning behind this (I don't > >>want to generalize it as a limitation, but in my case it certainly feels > >>that way)? > > > > > >When MailScanner moves the message from the incoming queue to the > >outgoing it's a much lighter operation if it's the same file system. > > It would be even less if it is from RAM to disk instead of same-disk to > same-disk though would it not? I should have so much RAM :) If you're happy running your mail spool on a tmpfs (not that I'm encouraging you, mind you) why not put mqueue there as well ?? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 27 19:26:42 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: On Thu, Jan 27, 2005 at 08:17:59PM +0100, Mike wrote: > >-----Original Message----- > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >Behalf Of Chris Conn > > > >It would be even less if it is from RAM to disk instead of same-disk to > >same-disk though would it not? > > I don't think so. When a file is moved on the same partition, the only > thing that is changed, are the inodes, nothing more. When you're copying > from ram, the complete file has to be copied. Moving from ram to disk > is faster than from one disk partition to another disk partition, but > not as fast as moving on the same disk partition. As the file size > increases, so does the time to move it. This is not so when you stay > on one disk partition (inode only). Ah! but you still have to put the file on the disk in the first place, so you've saved one move! ;) Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Thu Jan 27 19:27:54 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > I should have so much RAM :) > > If you're happy running your mail spool on a tmpfs (not that I'm > encouraging you, mind you) why not put mqueue there as well ?? Actually, I already do =) Only problem is when you want to reboot the box. And you have to keep a close eye on free RAM since if someone were to hose the box with email it could theoretically be a problem. It has not even come close so far, but still. From what I read here, I might as well put it back on disk since consensus seems to be that the allocation table is modified and no actual copying of files occurs. I will look for other methods to make things more efficient. Thanks for the info, Chris Conn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 27 19:32:22 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:20 2006 Subject: Reject emails to nonexistent addresses? Message-ID: nats wrote: > I agreed to Steve Swaney, milters for sendmail are very handy tools. > I have it running for a year now, and it works like a charm together > with MailScanner and Sendmail. I'm chomping at the bit to enable milter-ahead, but right now we're running on Exchange 5.5, but will be upgrading 2003 in the next couple months. Will that be seamless or is there some configuring I need to take into account on 5.5/2003? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 27 20:07:26 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: Chris, My apologies for being a bit flip, and thanks for being so understanding. On Thu, Jan 27, 2005 at 02:27:54PM -0500, Chris Conn wrote: > > > >I should have so much RAM :) > > > >If you're happy running your mail spool on a tmpfs (not that I'm > >encouraging you, mind you) why not put mqueue there as well ?? > > Actually, I already do =) > > Only problem is when you want to reboot the box. And you have to keep a > close eye on free RAM since if someone were to hose the box with email > it could theoretically be a problem. It has not even come close so far, > but still. You could look at the various throttles to limit incoming traffic. > From what I read here, I might as well put it back on disk since > consensus seems to be that the allocation table is modified and no > actual copying of files occurs. It's efficient, given that having it on disk is about reliability. I would worry that VM/swap type arrangement would not scale as well as an explicit write to disk, assuming you're going to write to disk in the end, because the move would not then be cheap. > I will look for other methods to make > things more efficient. > > Thanks for the info, As I understand it, the usual worry with the configuration you describe is that you might lose the mail. Since losing the mail is generally considered to be the worst thing you can do, the idea is to avoid it. When your mta (sendmail?) receives the mail, it can write it to disk before it finally says "ok, i've got it". Obviously no medium is entirely safe, but ordinary RAM is called 'volatile' for a reason. In the event of a crash, where is the mail ? These considerations may not apply to your setup, but if they do, then the above is the answer to "why not?". I would imagine that you might be able construct a system that keeps the sender waiting as long as possible in the hope of passing the mail along to someone else without having to write it to disk, and _only then_ confirms receipt to the sender, but I don't know about the following sequence: Sender: mail ... rcpt ... data ... blah,blah,blah ... . (the dot on its own!) Server: (goes and delivers to next recipient gets a 2xx) Sender: hangs up before Server can send 2xx Server: now what ? Simply taking delivery seems like a simpler approach. I saw the slashdot of coyotos, the successor to eros, go past the other day, so that kind of thing is still fresh in my mind. Its interesting to think that rather than blocking on a specific write, you could just block on the next system checkpoint, and that if stages further down the pipeline complete in the time available, then you get that "for free". Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 27 20:20:34 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:20 2006 Subject: mqueue.in and mqueue Message-ID: Here I go, replying to myself again (*tsk* *tsk* ;) On Thu, Jan 27, 2005 at 08:07:26PM +0000, paddy wrote: > I would imagine that you might be able construct a system that keeps the > sender waiting as long as possible in the hope of passing the mail > along to someone else without having to write it to disk, and _only then_ > confirms receipt to the sender, but I don't know about the following > sequence: > > Sender: mail ... rcpt ... data ... blah,blah,blah ... > . (the dot on its own!) > Server: (goes and delivers to next recipient gets a 2xx) > Sender: hangs up before Server can send 2xx > Server: now what ? Of course! Its an smtp proxy! I just don't know the details. Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Jan 27 21:31:26 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:20 2006 Subject: Releasing messages that were quarantined because of filetype/name Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have our MailScanner configured to avoid rescanning of released mail for spam via whitelist rules. And I see I can do the same for "Virus Scanning = %rules-dir%/virus.whitelist.rules". But how do I do that for attachments that were quarantined because of filename.rules.conf or filetype.rules.conf ? These files obviously don't accept something like "from: ..... yes". Before I try and fail I wanted to check here. Is maybe this directive Dangerous Content Scanning = yes the right point to use a whitelist rules file? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Thu Jan 27 22:10:23 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:20 2006 Subject: service MailScanner start issue. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am attempting to start MailScanner and am getting the following errors. If anyone has any info, I'd appreciate it. Thanks. I'm running MailScanner-4.38.7 ]# service MailScanner start Starting MailScanner: Global symbol "%Config" requires explicit package name at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 11. Global symbol "%Config" requires explicit package name at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 13. Global symbol "%Config" requires explicit package name at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 13. BEGIN not safe after errors--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 185. Compilation failed in require at /usr/local/lib/perl5/5.8.5/i686-linux/IO/Socket.pm line 17. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/IO/Socket.pm line 17. Compilation failed in require at (eval 9) line 5. at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 749 BEGIN failed--compilation aborted at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 749. Compilation failed in require at /opt/MailScanner/bin/MailScanner line 65. BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner line 65. Sean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bamcomp at YAHOO.COM Fri Jan 28 01:57:22 2005 From: bamcomp at YAHOO.COM (Brett Moss) Date: Thu Jan 12 21:28:20 2006 Subject: install-Clam-SA - SA version Message-ID: hello, clamav was updated to v0.81, is there a reason spamassassin is still at v3.0.1, and not 3.0.2? can i simply download the 3.0.2 file to the perl-tar directory and alter the INSTALL-tar.sh to call 3.0.2? thank you, brett __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Fri Jan 28 06:20:50 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:28:20 2006 Subject: OT - Mailwatch with MySQL 4.x Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and with commercial virus scanners McAfee and F-PROT and is believed to be uninfected. -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Fri Jan 28 07:13:33 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:28:20 2006 Subject: AW: clamav 0.81 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] right that if you running freshclam u get the versionerror with 0.80 and older the updates takes 5 minutes, think thats not to mutch .. ;) dont forget to setup the new clamd.conf and freshclam.conf, new settings inside my 0.81 runs stable, 223 viruses killed the last 14 hours greetings andy >-----Ursprüngliche Nachricht----- >Von: John Berntsen [mailto:john@OMEGADATA.NO] > > >I was using 0.80 and freshclam reported that the functionality >was 3 out of 4 and a upgrade was very much recomended, or >something like that. I believe an upgrade is worth the little >time it takes. > >Med vennlig hilsen / Regards >John Berntsen > > >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn >Sent: 27. januar 2005 19:39 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: clamav 0.81 released > >Hi! > >>>> upgrade is importend to get virusdefinition updates > >>> Does this mean my 0.80 won't get updates anymore? > >> Not at the moment, but they seem to only support older releases for a >limited >> time. > >That limited time isnt weeks but rather months... IOf i am >right only support for .65 and below has been dropped yet. > >Bye, >Raymond. > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list >------------------------ To unsubscribe, email >jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >the body of the email. Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 09:00:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:20 2006 Subject: install-Clam-SA - SA version Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry about that. And yes, you can easily mod it to install 3.0.2 instead of 3.0.1. Brett Moss wrote: >hello, >clamav was updated to v0.81, is there a reason >spamassassin is still at v3.0.1, and not 3.0.2? > >can i simply download the 3.0.2 file to the perl-tar >directory and alter the INSTALL-tar.sh to call 3.0.2? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 28 09:00:39 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:20 2006 Subject: OT - Mailwatch with MySQL 4.x Message-ID: Not really the best place, that'd be the MailWatch list:-). Have a look at the archives at https://lists.sourceforge.net/lists/listinfo/mailwatch-users and look for a fic by Walker Aumann ... makes it possible to run with the latest perl-DBD-mysql... Works like a charm. ... Other than the usual problems with that... Do you have any specific problems? It should just work(tm):) -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tracy Greggs Sent: den 28 januari 2005 07:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT - Mailwatch with MySQL 4.x Wondering if anyone is successfully running Mailscanner with Mailwatch on a RH or Fedora platform with MySQL 4.x ? Need to upgrade to MySQL 4.x to support requested shopping cart. Sorry for the off topic post but this seems perhaps the best place to get an answer to my question :) Fedora FC1 Sendmail 8.12.10 SA 3.0.1 Pyzor MailScanner 4.36.4-1 MailWatch Mysql 3.23.58-4 Tracy Greggs -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and with commercial virus scanners McAfee and F-PROT and is believed to be uninfected. -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Fri Jan 28 09:09:55 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:28:20 2006 Subject: OT - Mailwatch with MySQL 4.x Message-ID: I Have it running on suse9.1 using mysql 4.0.18 Med vennlig hilsen / Regards John Berntsen ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tracy Greggs Sent: 28. januar 2005 07:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT - Mailwatch with MySQL 4.x Wondering if anyone is successfully running Mailscanner with Mailwatch on a RH or Fedora platform with MySQL 4.x ? Need to upgrade to MySQL 4.x to support requested shopping cart. Sorry for the off topic post but this seems perhaps the best place to get an answer to my question :) Fedora FC1 Sendmail 8.12.10 SA 3.0.1 Pyzor MailScanner 4.36.4-1 MailWatch Mysql 3.23.58-4 Tracy Greggs -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and with commercial virus scanners McAfee and F-PROT and is believed to be uninfected. -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From holger.banko at PGAM.COM Fri Jan 28 09:13:19 2005 From: holger.banko at PGAM.COM (Holger Banko) Date: Thu Jan 12 21:28:20 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have one quetion to that: > The following convention was suggested by someone on > this list awhile back which we implemented quite > successfully: > > TO:username1@yourdomain.com RELAY > TO:username2@yourdomain.com RELAY > TO:yourdomain.com ERROR:5.1.1:550 User > unknown I tried to add all valid users to accessdb but I have two entries in mailertabe. All mails incoming from our mailscanner are redirected to our DMZ lotus notes server. # send all email for a special host to another host or to a specific IP: ourdomain.com smtp:[212.95.121.212] ourdomain.de smtp:[212.95.121.212] It seems that this neutralises the accessdb. But when I remove them in mailertable, no mails are forwarded anymore. Dord anybody know where I have to configure this correctly? Holger ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jan 28 09:31:20 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:28:20 2006 Subject: OT - Mailwatch with MySQL 4.x Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy Greggs wrote on Fri, 28 Jan 2005 00:20:50 -0600: > Sorry for the off topic post but this seems perhaps the best place to > get an answer to my question :) > The "best place" is obviously the Mailwatch mailing list ;-) There are no problems with MySQL 4. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 28 09:45:44 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:20 2006 Subject: service MailScanner start issue. Message-ID: Sean no any replies so I'll do something. Apart from the fact this is pretty obviously a Linux system, it owuld be good to know which Linux Dist and I guess you installed via the RPM? You can get some more info if you set both Debug options to yes in MailScanner.conf and run checkmailscanner. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 RedRed!com IT Department wrote: > I am attempting to start MailScanner and am getting the following > errors. If anyone has any info, I'd appreciate it. Thanks. > > I'm running MailScanner-4.38.7 > > ]# service MailScanner start > Starting MailScanner: Global symbol "%Config" requires explicit package > name at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 11. > Global symbol "%Config" requires explicit package name at > /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 13. > Global symbol "%Config" requires explicit package name at > /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 13. > BEGIN not safe after errors--compilation aborted at > /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 185. > Compilation failed in require at > /usr/local/lib/perl5/5.8.5/i686-linux/IO/Socket.pm line 17. > BEGIN failed--compilation aborted at > /usr/local/lib/perl5/5.8.5/i686-linux/IO/Socket.pm line 17. > Compilation failed in require at (eval 9) line 5. > at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 749 > BEGIN failed--compilation aborted at > /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 749. > Compilation failed in require at /opt/MailScanner/bin/MailScanner line 65. > BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner > line 65. > > Sean > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Fri Jan 28 10:05:26 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:20 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think you should be using virtusertable, instead of the access. Access: TO:ourdomain.com RELAY TO:ourdomain.de RELAY Virusertable: username1@ourdomain.com ! username2@ourdomain.de ! @ourdomain.com error:5.1.1:"550 User unknown" @ourdomain.de error:5.1.1:"550 User unknown" Your mailertable seems alright. Adri. > -----Original Message----- > From: Holger Banko [mailto:holger.banko@PGAM.COM] > Sent: 28 January, 2005 10:13 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > > I have one quetion to that: > > > The following convention was suggested by someone on > > this list awhile back which we implemented quite > > successfully: > > > > TO:username1@yourdomain.com RELAY > > TO:username2@yourdomain.com RELAY > > TO:yourdomain.com ERROR:5.1.1:550 User > > unknown > > I tried to add all valid users to accessdb but I have two entries in > mailertabe. All mails incoming from our mailscanner are > redirected to our DMZ > lotus notes server. > > # send all email for a special host to another host or to a > specific IP: > ourdomain.com smtp:[212.95.121.212] > ourdomain.de smtp:[212.95.121.212] > > It seems that this neutralises the accessdb. But when I remove them in > mailertable, no mails are forwarded anymore. > > Dord anybody know where I have to configure this correctly? > > Holger > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gib at TMISNET.COM Fri Jan 28 11:23:44 2005 From: gib at TMISNET.COM (Gib Gilbertson Jr.) Date: Thu Jan 12 21:28:20 2006 Subject: Reject emails to nonexistent addresses? Message-ID: Hi. At 11:05 AM 1/28/2005 +0100, you wrote: >I think you should be using virtusertable, instead of the access. > >Access: > >TO:ourdomain.com RELAY >TO:ourdomain.de RELAY > >Virusertable: > >username1@ourdomain.com ! >username2@ourdomain.de ! >@ourdomain.com error:5.1.1:"550 User unknown" >@ourdomain.de error:5.1.1:"550 User unknown" > >Your mailertable seems alright. > >Adri. The easiest thing to do is install and use milter-ahead with sendmail. It will check ahead to the mail server and accept mail for processing if there is an account on the other server, and reject if there isn't. My mail gateway was handling about 35,000 pieces of mail a day with virtually all of it being addressed to non-existent users at hosted domains on other servers. Once I installed milter-ahead and did away with catchall addresses on the hosted sites this dropped to about 6,000 pieces a day. My 2 cents worth. gib Gib Gilbertson Jr. Tierramiga Info Systems 619-287-8647 Support http://www.tmisnet.com San Diego's "Friendly ISP" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Fri Jan 28 11:29:01 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:28:20 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gib, That would be another way of dropping mail for non-existent users, provided the accepting server doesn't have any catch-all address. It is easier to maintain in a large user environment then the virtusertable, but does have additional overhead checking on the other server. Also mail will not be accepted when the other server is unreachable or down for some reason. Adri. > -----Original Message----- > From: Gib Gilbertson Jr. [mailto:gib@TMISNET.COM] > Sent: 28 January, 2005 12:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Reject emails to nonexistent addresses? > > > Hi. > > At 11:05 AM 1/28/2005 +0100, you wrote: > >I think you should be using virtusertable, instead of the access. > > > >Access: > > > >TO:ourdomain.com RELAY > >TO:ourdomain.de RELAY > > > >Virusertable: > > > >username1@ourdomain.com ! > >username2@ourdomain.de ! > >@ourdomain.com error:5.1.1:"550 User unknown" > >@ourdomain.de error:5.1.1:"550 User unknown" > > > >Your mailertable seems alright. > > > >Adri. > > The easiest thing to do is install and use milter-ahead with > sendmail. It > will check ahead to the mail server and accept mail for > processing if there > is an account on the other server, and reject if there isn't. > > My mail gateway was handling about 35,000 pieces of mail a day with > virtually all of it being addressed to non-existent users at > hosted domains > on other servers. Once I installed milter-ahead and did away > with catchall > addresses on the hosted sites this dropped to about 6,000 > pieces a day. > > My 2 cents worth. > > gib > > > Gib Gilbertson Jr. > Tierramiga Info Systems > 619-287-8647 Support > http://www.tmisnet.com > San Diego's "Friendly ISP" > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Fri Jan 28 12:02:50 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:20 2006 Subject: Stop "Other Bad Content" admin notices for addresses in blacklist Message-ID: >> I've successfully blacklisted recipient addresses using To: in my >> spam.blacklist.rules file. However despite the log showing > ^^^^ ... This is not the same as Other Bad... >You probably have the "keep spam quarantine clean" thing set to yes. >Perhaps make that a ruleset? Or just live with it:-). > No, keep quarantine clean is not set. I guess the content check are still done despite the message being blacklisted? On this basis I've set a ruleset for Notify Senders containing the blacklisted recipients. This should at least stop MS notifying the spammer, which seemed to be happening before! Guess I could also make Send Notices a ruleset to avoid the admin notices, but think I'll just put up with those for now as hopefully I'll get the go ahead to block at the MTA soon :-) Thanks for all your help, Dan. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 12:32:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:20 2006 Subject: Advanced notice of new release Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just to let you folks know that I will be sending out the February release a couple of days early, this weekend. I'm away for 10 days from Wednesday, and I just want to be sure that any teething troubles are fixed well before I go. So if the people who install new releases could keep an eye open this weekend, it would really help. I will leave the January edition on the webserver as well. I'm going to take my OQO on holiday with me. But I only intend to use it for storing photos on, not for reading my mail! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dannyh at aac-services.co.uk Fri Jan 28 13:24:16 2005 From: dannyh at aac-services.co.uk (Dan Harris) Date: Thu Jan 12 21:28:20 2006 Subject: Stop "Other Bad Content" admin notices for addresses in blacklist Message-ID: >> >> I've successfully blacklisted recipient addresses using To: in my >> >> spam.blacklist.rules file. However despite the log showing >> > ^^^^ ... This is not the same as Other Bad... >> >You probably have the "keep spam quarantine clean" thing set to yes. >> >Perhaps make that a ruleset? Or just live with it:-). >> > >> No, keep quarantine clean is not set. I guess the content >> check are still >> done despite the message being blacklisted? On this basis >> I've set a ruleset >> for Notify Senders containing the blacklisted recipients. >> This should at >> least stop MS notifying the spammer, which seemed to be >> happening before! >> Guess I could also make Send Notices a ruleset to avoid the >> admin notices, >> but think I'll just put up with those for now as hopefully >> I'll get the go >> ahead to block at the MTA soon :-) >> > >Seems like some form of delivery is happening anyway. Do you >Definite Spam Is High Scoring = yes >...? And just store Highscoring spam? > Glen, Hope you don't mind but I've copied this back to the list as it may prove of use to others. We have Definite Spam Is High Scoring = yes, and then having tweaked the score for high spam to suit we just delete it. The problem seemed to be with MS content checking happening despite the recipient being on the blacklist, so the bad html or whatever was triggering the Send Notices and Notify Senders actions, generating an admin notice in response to the message that I was trying to avoid ever seeing, and telling the spammer that he'd found a valid address! Making these rulesets gets around this for now (I've tested it and it works ok), but it's hopefully just a temporary kludge until I'm allowed to fix it properly by blocking unknown recipients at the MTA. Thanks again for your help, Dan. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Jan 28 14:05:53 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:21 2006 Subject: AW: clamav 0.81 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gang, I discovered that after I upgraded to Clam 0.81, that I had to upgrade perl module Mail::ClamAV from 0.12 to 0.13. With 0.12 and Clam 0.81, I was getting messages like: WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Current functionality level = 3, required = 4 Mail::ClamAV 0.13 solved this issue. Beware.... Jeff Earickson Colby College On Fri, 28 Jan 2005, Dörfler Andreas wrote: > Date: Fri, 28 Jan 2005 08:13:33 +0100 > From: Dörfler Andreas > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: AW: clamav 0.81 released > > right that > if you running freshclam u get the versionerror with 0.80 and older > the updates takes 5 minutes, think thats not to mutch .. ;) > dont forget to setup the new clamd.conf and freshclam.conf, new settings > inside > my 0.81 runs stable, 223 viruses killed the last 14 hours > > greetings > andy > >> -----Ursprüngliche Nachricht----- >> Von: John Berntsen [mailto:john@OMEGADATA.NO] >> >> >> I was using 0.80 and freshclam reported that the functionality >> was 3 out of 4 and a upgrade was very much recomended, or >> something like that. I believe an upgrade is worth the little >> time it takes. >> >> Med vennlig hilsen / Regards >> John Berntsen >> >> >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn >> Sent: 27. januar 2005 19:39 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: clamav 0.81 released >> >> Hi! >> >>>>> upgrade is importend to get virusdefinition updates >> >>>> Does this mean my 0.80 won't get updates anymore? >> >>> Not at the moment, but they seem to only support older releases for a >> limited >>> time. >> >> That limited time isnt weeks but rather months... IOf i am >> right only support for .65 and below has been dropped yet. >> >> Bye, >> Raymond. >> >> ------------------------ MailScanner list >> ------------------------ To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >> the body of the email. Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list >> ------------------------ To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in >> the body of the email. Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Jan 28 14:18:02 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:21 2006 Subject: service MailScanner start issue. Message-ID: Yes it is a linux distro (RedHat 7.3). I did not use the RPM. This is from the tar.gz and I ran the install.sh. I will set the Debugs and post the results. Thanks. Sean Martin Hepworth wrote: > Sean > > no any replies so I'll do something. > > Apart from the fact this is pretty obviously a Linux system, it owuld be > good to know which Linux Dist and I guess you installed via the RPM? > > You can get some more info if you set both Debug options to yes in > MailScanner.conf and run checkmailscanner. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jamey at teamlightning.com Fri Jan 28 14:31:24 2005 From: jamey at teamlightning.com (Jamey Nelson) Date: Thu Jan 12 21:28:21 2006 Subject: Advanced notice of new release Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Have a great (And safe!) Holiday! It's about time, I think you need the break. -Jamey On Friday 28 January 2005 07:32, Julian Field wrote: > Just to let you folks know that I will be sending out the February > release a couple of days early, this weekend. I'm away for 10 days from > Wednesday, and I just want to be sure that any teething troubles are > fixed well before I go. > > So if the people who install new releases could keep an eye open this > weekend, it would really help. > > I will leave the January edition on the webserver as well. > > I'm going to take my OQO on holiday with me. But I only intend to use it > for storing photos on, not for reading my mail! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Fri Jan 28 14:54:15 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:21 2006 Subject: Reject emails to nonexistent addresses? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Holger Banko wrote: > I have one quetion to that: > > >>The following convention was suggested by someone on >>this list awhile back which we implemented quite >>successfully: >> >>TO:username1@yourdomain.com RELAY >>TO:username2@yourdomain.com RELAY >>TO:yourdomain.com ERROR:5.1.1:550 User >>unknown > > > I tried to add all valid users to accessdb but I have two entries in > mailertabe. All mails incoming from our mailscanner are redirected to our DMZ > lotus notes server. > > # send all email for a special host to another host or to a specific IP: > ourdomain.com smtp:[212.95.121.212] > ourdomain.de smtp:[212.95.121.212] > > It seems that this neutralises the accessdb. But when I remove them in > mailertable, no mails are forwarded anymore. > > Dord anybody know where I have to configure this correctly? > > Holger > Configure your inbound server(s) to be primary MX for your domain. Set your local domain in the "local-host-names" file, and in your sendmail.mc: define(`MAIL_HUB', `your.inside.server.com.') This will allow you to use the access database, yet have local delivery on another machine. And your access file, instead of RELAY, change it to OK, as follows aaa@yourdomain.com OK bbb@yourdomain.com OK ccc@yourdomamain.com OK ... zzz@yourdomain.com OK To:yourdomain.com ERROR:"550 no such user here" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 15:08:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Advanced notice of new release Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jamey Nelson wrote: >It's about time, I think you need the break. > > Is it that obvious? :-) >On Friday 28 January 2005 07:32, Julian Field wrote: > > >>Just to let you folks know that I will be sending out the February >>release a couple of days early, this weekend. I'm away for 10 days from >>Wednesday, and I just want to be sure that any teething troubles are >>fixed well before I go. >> >>So if the people who install new releases could keep an eye open this >>weekend, it would really help. >> >>I will leave the January edition on the webserver as well. >> >>I'm going to take my OQO on holiday with me. But I only intend to use it >>for storing photos on, not for reading my mail! >> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bamcomp at YAHOO.COM Fri Jan 28 16:01:43 2005 From: bamcomp at YAHOO.COM (Brett Moss) Date: Thu Jan 12 21:28:21 2006 Subject: install-Clam-SA - SA version Message-ID: --- Julian Field wrote: > Sorry about that. > And yes, you can easily mod it to install 3.0.2 > instead of 3.0.1. > > Brett Moss wrote: > > >hello, > >clamav was updated to v0.81, is there a reason > >spamassassin is still at v3.0.1, and not 3.0.2? > > > >can i simply download the 3.0.2 file to the > perl-tar > >directory and alter the INSTALL-tar.sh to call > 3.0.2? thank you brett __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Jan 28 16:14:55 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:21 2006 Subject: service MailScanner start issue. Message-ID: OK, I have attached a notepad file that has the output of my ./install.sh. What I did was rm -rf /opt/Mailscanner and rm -rf /usr/src/MailScanner-install-4.38.7. I wanted to start from scratch to make sure I did everything correctly. First issue as you can see in the txt file is that it tells me that I'm not running an RPM based system. Which I most certainly am. RH 7.3. Next it starts checking all the modules and it begins to rebuild a few of them. Why is it rebuilding them? I manually built and installed all of those modules. Then in the File::Temp module build it gives me compilation errors. "Can't locate MailScanner/Config.pm" is the error it gives me stating that it occurs on line 8 or Errno.pm. Why is it looking for MailScanner/Config.pm, there is a perfectly good Config.pm in the same directory that Errno.pm resides. After that, in the MIME::Tools module build, it states that it can't find MIME::Base64 (version 3.03). Why not, a few modules previous, it successfully built MIME::Base64 (version 3.05). Then it states it's falling back to version 2.20 which it also can't find. And again we get the "Can't locate MailScanner/Config.pm" for the Archive::Zip module. Finally it installs MailScanner, but of course it probably doesn't work because half the modules are not installed correctly. Does anyone have any insight as to why this is happening? Did screw up some paths somewhere? Thanks for the help. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] You appear to be running on a system that does not use the RPM packaging system. If you think you can use RPM, then press Ctrl-C right now, make sure the "rpm" and "rpmbuild" programs can be found and run this script again. I will install MailScanner under /opt, from where you can move it if you want. I will need to build the tnef program for you too. Good, you appear to only have 1 copy of Perl installed: /usr/bin/perl Good, I have found GNU tar in /bin/tar. This script will pause for a few seconds after each major step, so do not worry if it appears to stop for a while. If you want it to stop so you can scroll back through the output then press Ctrl-S to stop the output and Ctrl-Q to start it again. If this fails due to dependency checks, and you wish to ignore these problems, you can run ./install.sh --nodeps Setting Perl5 search path Rebuilding all the Perl modules for your version of Perl Oh good, module ExtUtils::MakeMaker version 6.05 is already installed. Oh good, module Net::CIDR version 0.10 is already installed. Attempting to build and install IO-stringy-2.108 Unpacking perl-tar/IO-stringy-2.108.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Checking if your kit is complete... Looks good Writing Makefile for IO-stringy cp lib/IO/Lines.pm blib/lib/IO/Lines.pm cp lib/IO/ScalarArray.pm blib/lib/IO/ScalarArray.pm cp lib/IO/Stringy.pm blib/lib/IO/Stringy.pm cp lib/IO/Wrap.pm blib/lib/IO/Wrap.pm cp lib/IO/Scalar.pm.html blib/lib/IO/Scalar.pm.html cp lib/IO/AtomicFile.pm blib/lib/IO/AtomicFile.pm cp lib/IO/InnerFile.pm blib/lib/IO/InnerFile.pm cp lib/IO/Scalar.pm blib/lib/IO/Scalar.pm cp lib/IO/WrapTie.pm blib/lib/IO/WrapTie.pm Manifying blib/man3/IO::Lines.3 Manifying blib/man3/IO::Stringy.3 Manifying blib/man3/IO::ScalarArray.3 Manifying blib/man3/IO::Wrap.3 Manifying blib/man3/IO::AtomicFile.3 Manifying blib/man3/IO::InnerFile.3 Manifying blib/man3/IO::Scalar.3 Manifying blib/man3/IO::WrapTie.3 PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/IO_Lines..........ok t/IO_Scalar.........ok t/IO_ScalarArray....ok t/IO_WrapTie........ok t/simple............ok t/two...............ok All tests successful. Files=6, Tests=116, 1 wallclock secs ( 0.32 cusr + 0.07 csys = 0.39 CPU) Manifying blib/man3/IO::Lines.3 Manifying blib/man3/IO::Stringy.3 Manifying blib/man3/IO::ScalarArray.3 Manifying blib/man3/IO::Wrap.3 Manifying blib/man3/IO::AtomicFile.3 Manifying blib/man3/IO::InnerFile.3 Manifying blib/man3/IO::Scalar.3 Manifying blib/man3/IO::WrapTie.3 Writing /usr/local/lib/perl5/site_perl/5.8.5/i686-linux/auto/IO-stringy/.packlis t Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p od Attempting to build and install MIME-Base64-3.05 Unpacking perl-tar/MIME-Base64-3.05.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Checking if your kit is complete... Looks good Writing Makefile for MIME::Base64 cp QuotedPrint.pm blib/lib/MIME/QuotedPrint.pm cp Base64.pm blib/lib/MIME/Base64.pm /usr/bin/perl /usr/local/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/local/li b/perl5/5.8.5/ExtUtils/typemap Base64.xs > Base64.xsc && mv Base64.xsc Base64.c cc -c -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_F ILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"3.05\" -DXS_VERSION=\"3 .05\" -fpic "-I/usr/local/lib/perl5/5.8.5/i686-linux/CORE" Base64.c Running Mkbootstrap for MIME::Base64 () chmod 644 Base64.bs rm -f blib/arch/auto/MIME/Base64/Base64.so LD_RUN_PATH="" cc -shared -L/usr/local/lib Base64.o -o blib/arch/auto/MIME/Bas e64/Base64.so chmod 755 blib/arch/auto/MIME/Base64/Base64.so cp Base64.bs blib/arch/auto/MIME/Base64/Base64.bs chmod 644 blib/arch/auto/MIME/Base64/Base64.bs cp decode-qp blib/script/decode-qp /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/decode-qp cp encode-qp blib/script/encode-qp /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/encode-qp cp decode-base64 blib/script/decode-base64 /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/decode-base64 cp encode-base64 blib/script/encode-base64 /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/encode-base64 Manifying blib/man3/MIME::QuotedPrint.3 Manifying blib/man3/MIME::Base64.3 PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/bad-sv..........skipped all skipped: Perl::API needed for this test t/base64..........ok t/quoted-print....ok t/unicode.........ok t/warn............ok All tests successful, 1 test skipped. Files=5, Tests=339, 0 wallclock secs ( 0.08 cusr + 0.03 csys = 0.11 CPU) Files found in blib/arch: installing files in blib/lib into architecture depende nt library tree Writing /usr/local/lib/perl5/5.8.5/i686-linux/auto/MIME/Base64/.packlist Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p od Attempting to build and install TimeDate-1.1301 Unpacking perl-tar/TimeDate-1.1301.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Checking if your kit is complete... Looks good Writing Makefile for TimeDate cp lib/Date/Format.pm blib/lib/Date/Format.pm cp lib/Date/Language/Norwegian.pm blib/lib/Date/Language/Norwegian.pm cp lib/Date/Parse.pm blib/lib/Date/Parse.pm cp lib/Time/Zone.pm blib/lib/Time/Zone.pm cp lib/Date/Language/Czech.pm blib/lib/Date/Language/Czech.pm cp lib/Date/Language.pm blib/lib/Date/Language.pm cp lib/Date/Language/Italian.pm blib/lib/Date/Language/Italian.pm cp lib/Date/Language/Austrian.pm blib/lib/Date/Language/Austrian.pm cp lib/Date/Language/Dutch.pm blib/lib/Date/Language/Dutch.pm cp lib/Date/Language/German.pm blib/lib/Date/Language/German.pm cp lib/Date/Language/French.pm blib/lib/Date/Language/French.pm cp lib/Date/Language/English.pm blib/lib/Date/Language/English.pm Manifying blib/man3/Date::Format.3 Manifying blib/man3/Time::Zone.3 Manifying blib/man3/Date::Parse.3 PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/date.......ok t/format.....ok t/getdate....ok t/lang.......ok All tests successful. Files=4, Tests=404, 1 wallclock secs ( 0.20 cusr + 0.01 csys = 0.21 CPU) Manifying blib/man3/Date::Format.3 Manifying blib/man3/Time::Zone.3 Manifying blib/man3/Date::Parse.3 Writing /usr/local/lib/perl5/site_perl/5.8.5/i686-linux/auto/TimeDate/.packlist Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p od Attempting to build and install MailTools-1.50 Unpacking perl-tar/MailTools-1.50.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Checking for Net::SMTP... not found It is reccomended that you have Net::SMTP version 1.03 or later Look on CPAN for CPAN/modules/by-author/id/GBARR/libnet-x.x.tar.gz Checking for Net::Domain...ok Checking for IO::Handle...ok Checking if your kit is complete... Looks good Writing Makefile for Mail cp Mail/Mailer/rfc822.pm blib/lib/Mail/Mailer/rfc822.pm cp Mail/Cap.pm blib/lib/Mail/Cap.pm cp Mail/Mailer/test.pm blib/lib/Mail/Mailer/test.pm cp Mail/Mailer/mail.pm blib/lib/Mail/Mailer/mail.pm cp Mail/Header.pm blib/lib/Mail/Header.pm cp Mail/Mailer.pm blib/lib/Mail/Mailer.pm cp Mail/Field/Date.pm blib/lib/Mail/Field/Date.pm cp Mail/Send.pm blib/lib/Mail/Send.pm cp Mail/Filter.pm blib/lib/Mail/Filter.pm cp Mail/Field/AddrList.pm blib/lib/Mail/Field/AddrList.pm cp Mail/Mailer/qmail.pm blib/lib/Mail/Mailer/qmail.pm cp Mail/Mailer/sendmail.pm blib/lib/Mail/Mailer/sendmail.pm cp Mail/Field.pm blib/lib/Mail/Field.pm cp Mail/Internet.pm blib/lib/Mail/Internet.pm AutoSplitting blib/lib/Mail/Internet.pm (blib/lib/auto/Mail/Internet) cp Mail/Util.pm blib/lib/Mail/Util.pm AutoSplitting blib/lib/Mail/Util.pm (blib/lib/auto/Mail/Util) cp Mail/Address.pm blib/lib/Mail/Address.pm cp Mail/Mailer/smtp.pm blib/lib/Mail/Mailer/smtp.pm Manifying blib/man3/Mail::Cap.3 Manifying blib/man3/Mail::Header.3 Manifying blib/man3/Mail::Mailer.3 Manifying blib/man3/Mail::Filter.3 Manifying blib/man3/Mail::Send.3 Manifying blib/man3/Mail::Field::AddrList.3 Manifying blib/man3/Mail::Field.3 Manifying blib/man3/Mail::Internet.3 Manifying blib/man3/Mail::Util.3 Manifying blib/man3/Mail::Address.3 PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/extract.....ok t/header......ok t/internet....ok t/mailcap.....ok t/mailer......ok t/require.....ok t/send........ok All tests successful. Files=7, Tests=94, 0 wallclock secs ( 0.12 cusr + 0.07 csys = 0.19 CPU) Writing /usr/local/lib/perl5/site_perl/5.8.5/i686-linux/auto/Mail/.packlist Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p od Oh good, module File::Spec version 0.82 is already installed. Attempting to build and install File-Temp-0.12 Unpacking perl-tar/File-Temp-0.12.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Checking if your kit is complete... Looks good Writing Makefile for File::Temp cp Temp.pm blib/lib/File/Temp.pm Manifying blib/man3/File::Temp.3 PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/mktemp......Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line 127. BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l ine 127. Compilation failed in require at t/mktemp.t line 12. BEGIN failed--compilation aborted at t/mktemp.t line 12. t/mktemp......dubious Test returned status 2 (wstat 512, 0x200) DIED. FAILED tests 1-9 Failed 9/9 tests, 0.00% okay t/posix.......Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line 127. BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l ine 127. Compilation failed in require at t/posix.t line 8. BEGIN failed--compilation aborted at t/posix.t line 8. t/posix.......dubious Test returned status 2 (wstat 512, 0x200) DIED. FAILED tests 1-7 Failed 7/7 tests, 0.00% okay t/security....Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line 127. BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l ine 127. Compilation failed in require at t/security.t line 20. BEGIN failed--compilation aborted at t/security.t line 20. t/security....dubious Test returned status 2 (wstat 512, 0x200) DIED. FAILED tests 1-13 Failed 13/13 tests, 0.00% okay t/tempfile....Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line 127. BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l ine 127. Compilation failed in require at t/tempfile.t line 35. BEGIN failed--compilation aborted at t/tempfile.t line 35. t/tempfile....dubious Test returned status 2 (wstat 512, 0x200) DIED. FAILED tests 1-20 Failed 20/20 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/mktemp.t 2 512 9 18 200.00% 1-9 t/posix.t 2 512 7 14 200.00% 1-7 t/security.t 2 512 13 26 200.00% 1-13 t/tempfile.t 2 512 20 40 200.00% 1-20 Failed 4/4 test scripts, 0.00% okay. 49/49 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 Oh good, module HTML::Tagset version 3.03 is already installed. Oh good, module HTML::Parser version 3.45 is already installed. Attempting to build and install MIME-tools-5.417 Unpacking perl-tar/MIME-tools-5.417.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Checking for module File::Path (version 1)... ok. Checking for module File::Spec (version 0.6)... ok. Checking for module IO::Stringy (version 1.211)... ok. Checking for module MIME::Base64 (version 3.03)... not found. --- Fallback: Checking for module MIME::Base64 (version 2.20)... not found. Checking for module Mail::Field (version 1.05)... ok. Checking for module Mail::Header (version 1.01)... ok. Checking for module Mail::Internet (version 1.0203)... ok. *** The following required modules are missing: MIME::Base64: At least version 2.20 *** Please install them before attempting to use MIME::Tools. Checking if your kit is complete... Looks good Warning: prerequisite MIME::Base64 2.2 not found. We have 2.12. Writing Makefile for MIME-tools cp lib/MIME/Body.pm blib/lib/MIME/Body.pm cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm cp set-version.pl blib/lib/set-version.pl cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm cp lib/MIME/Head.pm blib/lib/MIME/Head.pm cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm cp lib/MIME/Words.pm blib/lib/MIME/Words.pm cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm cp lib/MIME/Decoder/BinHex.pm blib/lib/MIME/Decoder/BinHex.pm cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm cp lib/MIME/Decoder/QuotedPrint.pm blib/lib/MIME/Decoder/QuotedPrint.pm cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm Manifying blib/man3/MIME::Decoder::Gzip64.3 Manifying blib/man3/MIME::Body.3 Manifying blib/man3/MIME::Field::ContDisp.3 Manifying blib/man3/MIME::Parser::Results.3 Manifying blib/man3/MIME::Field::ContType.3 Manifying blib/man3/MIME::Decoder::NBit.3 Manifying blib/man3/MIME::Entity.3 Manifying blib/man3/MIME::Parser::Filer.3 Manifying blib/man3/MIME::Head.3 Manifying blib/man3/MIME::Words.3 Manifying blib/man3/MIME::Field::ParamVal.3 Manifying blib/man3/MIME::Decoder::BinHex.3 Manifying blib/man3/MIME::Field::ConTraEnc.3 Manifying blib/man3/MIME::Tools.3 Manifying blib/man3/MIME::Decoder::Binary.3 Manifying blib/man3/MIME::Decoder.3 Manifying blib/man3/MIME::Decoder::UU.3 Manifying blib/man3/MIME::Decoder::QuotedPrint.3 Manifying blib/man3/MIME::Decoder::Base64.3 Manifying blib/man3/MIME::WordDecoder.3 Manifying blib/man3/MIME::Parser::Reader.3 Manifying blib/man3/MIME::Parser.3 PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Body...........ok t/Decoder........ok t/Entity.........ok t/Gauntlet.......ok t/Head...........ok t/Misc...........FAILED tests 4-5, 7-11 Failed 7/14 tests, 50.00% okay t/Parser.........ok t/Ref............ok t/WordDecoder....ok t/Words..........ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Misc.t 14 7 50.00% 4-5 7-11 Failed 1/10 test scripts, 90.00% okay. 7/231 subtests failed, 96.97% okay. make: *** [test_dynamic] Error 29 Oh good, module Convert::TNEF version 0.17 is already installed. Oh good, module Compress::Zlib version 1.33 is already installed. Attempting to build and install Archive-Zip-1.14 Unpacking perl-tar/Archive-Zip-1.14.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Checking if your kit is complete... Looks good Warning: prerequisite File::Temp 0 not found. Writing Makefile for Archive::Zip cp lib/Archive/Zip.pod blib/lib/Archive/Zip.pod cp lib/Archive/Zip/Tree.pm blib/lib/Archive/Zip/Tree.pm cp lib/Archive/Zip/FAQ.pod blib/lib/Archive/Zip/FAQ.pod cp lib/Archive/Zip.pm blib/lib/Archive/Zip.pm cp lib/Archive/Zip/MockFileHandle.pm blib/lib/Archive/Zip/MockFileHandle.pm cp lib/Archive/Zip/MemberRead.pm blib/lib/Archive/Zip/MemberRead.pm cp lib/Archive/Zip/BufferedFileHandle.pm blib/lib/Archive/Zip/BufferedFileHandle .pm cp crc32 blib/script/crc32 /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/crc32 Manifying blib/man3/Archive::Zip::Tree.3 Manifying blib/man3/Archive::Zip.3 Manifying blib/man3/Archive::Zip::FAQ.3 Manifying blib/man3/Archive::Zip::MemberRead.3 PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/test..............Can't locate MailScanner/Config.pm in @INC (@INC contains: / tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux /Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 2. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin e 132. Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l ine 26. BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. pm line 26. Compilation failed in require at t/test.t line 10. BEGIN failed--compilation aborted at t/test.t line 10. t/test..............dubious Test returned status 2 (wstat 512, 0x200) t/testex............Can't locate MailScanner/Config.pm in @INC (@INC contains: / tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux /Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 2. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin e 132. Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l ine 26. BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. pm line 26. Compilation failed in require at t/testex.t line 11. BEGIN failed--compilation aborted at t/testex.t line 11. t/testex............dubious Test returned status 2 (wstat 512, 0x200) t/testMemberRead....Can't locate MailScanner/Config.pm in @INC (@INC contains: / tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux /Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 2. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin e 132. Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l ine 26. BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. pm line 26. Compilation failed in require at t/testMemberRead.t line 10. BEGIN failed--compilation aborted at t/testMemberRead.t line 10. t/testMemberRead....dubious Test returned status 2 (wstat 512, 0x200) t/testTree..........Can't locate MailScanner/Config.pm in @INC (@INC contains: / tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux /Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 2. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin e 132. Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l ine 26. BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. pm line 26. Compilation failed in require at t/testTree.t line 11. BEGIN failed--compilation aborted at t/testTree.t line 11. t/testTree..........dubious Test returned status 2 (wstat 512, 0x200) t/testUpdate........Can't locate MailScanner/Config.pm in @INC (@INC contains: / tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux /Errno.pm line 8. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno .pm line 8. Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 2. BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin e 132. Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l ine 26. BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. pm line 26. Compilation failed in require at t/testUpdate.t line 11. BEGIN failed--compilation aborted at t/testUpdate.t line 11. t/testUpdate........dubious Test returned status 2 (wstat 512, 0x200) FAILED--5 test scripts could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 Oh good, module Convert::BinHex version 1.119 is already installed. Installing tnef decoder Oh good, I have found the tnef program is in /usr/local/bin. Now to install MailScanner itself. Installing MailScanner into /opt. If you do not want it there, just move it to where you want it and then edit MailScanner.conf and check_mailscanner to set the correct locations. Have just installed version 4.38.7 into /opt/MailScanner-4.38.7. You will need to update the symlink /opt/MailScanner to point to the new version before starting it. For some reason the tnef decoder did not compile properly. As an alternative, in MailScanner.conf set TNEF Expander = internal If you want help setting up MailScanner, please read the MAQ at www.mailscanner.biz/maq/ and buy the MailScanner book at www.mailscanner.info/store ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 28 16:23:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:21 2006 Subject: service MailScanner start issue. Message-ID: Sean this sort of thing can happen on RH/FC systems due to the RH RPM's dumping stuff in odd places, setting paths screwy etc etc. Try and reinstall using the RPM based installer rather than tar based, it might do a better job. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 RedRed!com IT Department wrote: > OK, I have attached a notepad file that has the output of my > ./install.sh. What I did was rm -rf /opt/Mailscanner and rm -rf > /usr/src/MailScanner-install-4.38.7. I wanted to start from scratch to > make sure I did everything correctly. > > First issue as you can see in the txt file is that it tells me that I'm > not running an RPM based system. Which I most certainly am. RH 7.3. > > Next it starts checking all the modules and it begins to rebuild a few > of them. Why is it rebuilding them? I manually built and installed all > of those modules. > > Then in the File::Temp module build it gives me compilation errors. > "Can't locate MailScanner/Config.pm" is the error it gives me stating > that it occurs on line 8 or Errno.pm. Why is it looking for > MailScanner/Config.pm, there is a perfectly good Config.pm in the same > directory that Errno.pm resides. > > After that, in the MIME::Tools module build, it states that it can't > find MIME::Base64 (version 3.03). Why not, a few modules previous, it > successfully built MIME::Base64 (version 3.05). Then it states it's > falling back to version 2.20 which it also can't find. > > And again we get the "Can't locate MailScanner/Config.pm" for the > Archive::Zip module. > > Finally it installs MailScanner, but of course it probably doesn't work > because half the modules are not installed correctly. Does anyone have > any insight as to why this is happening? Did screw up some paths > somewhere? Thanks for the help. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > You appear to be running on a system that does not use the > RPM packaging system. > If you think you can use RPM, then press Ctrl-C right now, > make sure the "rpm" and "rpmbuild" programs can be found > and run this script again. > I will install MailScanner under /opt, from where you can > move it if you want. > I will need to build the tnef program for you too. > > Good, you appear to only have 1 copy of Perl installed: /usr/bin/perl > Good, I have found GNU tar in /bin/tar. > > This script will pause for a few seconds after each major step, > so do not worry if it appears to stop for a while. > If you want it to stop so you can scroll back through the output > then press Ctrl-S to stop the output and Ctrl-Q to start it again. > > > If this fails due to dependency checks, and you wish to ignore > these problems, you can run > ./install.sh --nodeps > > Setting Perl5 search path > > > Rebuilding all the Perl modules for your version of Perl > > Oh good, module ExtUtils::MakeMaker version 6.05 is already installed. > > Oh good, module Net::CIDR version 0.10 is already installed. > > Attempting to build and install IO-stringy-2.108 > Unpacking perl-tar/IO-stringy-2.108.tar.gz > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Checking if your kit is complete... > Looks good > Writing Makefile for IO-stringy > cp lib/IO/Lines.pm blib/lib/IO/Lines.pm > cp lib/IO/ScalarArray.pm blib/lib/IO/ScalarArray.pm > cp lib/IO/Stringy.pm blib/lib/IO/Stringy.pm > cp lib/IO/Wrap.pm blib/lib/IO/Wrap.pm > cp lib/IO/Scalar.pm.html blib/lib/IO/Scalar.pm.html > cp lib/IO/AtomicFile.pm blib/lib/IO/AtomicFile.pm > cp lib/IO/InnerFile.pm blib/lib/IO/InnerFile.pm > cp lib/IO/Scalar.pm blib/lib/IO/Scalar.pm > cp lib/IO/WrapTie.pm blib/lib/IO/WrapTie.pm > Manifying blib/man3/IO::Lines.3 > Manifying blib/man3/IO::Stringy.3 > Manifying blib/man3/IO::ScalarArray.3 > Manifying blib/man3/IO::Wrap.3 > Manifying blib/man3/IO::AtomicFile.3 > Manifying blib/man3/IO::InnerFile.3 > Manifying blib/man3/IO::Scalar.3 > Manifying blib/man3/IO::WrapTie.3 > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/IO_Lines..........ok > t/IO_Scalar.........ok > t/IO_ScalarArray....ok > t/IO_WrapTie........ok > t/simple............ok > t/two...............ok > All tests successful. > Files=6, Tests=116, 1 wallclock secs ( 0.32 cusr + 0.07 csys = 0.39 CPU) > Manifying blib/man3/IO::Lines.3 > Manifying blib/man3/IO::Stringy.3 > Manifying blib/man3/IO::ScalarArray.3 > Manifying blib/man3/IO::Wrap.3 > Manifying blib/man3/IO::AtomicFile.3 > Manifying blib/man3/IO::InnerFile.3 > Manifying blib/man3/IO::Scalar.3 > Manifying blib/man3/IO::WrapTie.3 > Writing /usr/local/lib/perl5/site_perl/5.8.5/i686-linux/auto/IO-stringy/.packlis > t > Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p > od > > > > Attempting to build and install MIME-Base64-3.05 > Unpacking perl-tar/MIME-Base64-3.05.tar.gz > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Checking if your kit is complete... > Looks good > Writing Makefile for MIME::Base64 > cp QuotedPrint.pm blib/lib/MIME/QuotedPrint.pm > cp Base64.pm blib/lib/MIME/Base64.pm > /usr/bin/perl /usr/local/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/local/li > b/perl5/5.8.5/ExtUtils/typemap Base64.xs > Base64.xsc && mv Base64.xsc Base64.c > cc -c -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_F > ILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"3.05\" -DXS_VERSION=\"3 > .05\" -fpic "-I/usr/local/lib/perl5/5.8.5/i686-linux/CORE" Base64.c > Running Mkbootstrap for MIME::Base64 () > chmod 644 Base64.bs > rm -f blib/arch/auto/MIME/Base64/Base64.so > LD_RUN_PATH="" cc -shared -L/usr/local/lib Base64.o -o blib/arch/auto/MIME/Bas > e64/Base64.so > chmod 755 blib/arch/auto/MIME/Base64/Base64.so > cp Base64.bs blib/arch/auto/MIME/Base64/Base64.bs > chmod 644 blib/arch/auto/MIME/Base64/Base64.bs > cp decode-qp blib/script/decode-qp > /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/decode-qp > cp encode-qp blib/script/encode-qp > /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/encode-qp > cp decode-base64 blib/script/decode-base64 > /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/decode-base64 > cp encode-base64 blib/script/encode-base64 > /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/encode-base64 > Manifying blib/man3/MIME::QuotedPrint.3 > Manifying blib/man3/MIME::Base64.3 > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/bad-sv..........skipped > all skipped: Perl::API needed for this test > t/base64..........ok > t/quoted-print....ok > t/unicode.........ok > t/warn............ok > All tests successful, 1 test skipped. > Files=5, Tests=339, 0 wallclock secs ( 0.08 cusr + 0.03 csys = 0.11 CPU) > Files found in blib/arch: installing files in blib/lib into architecture depende > nt library tree > Writing /usr/local/lib/perl5/5.8.5/i686-linux/auto/MIME/Base64/.packlist > Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p > od > > > > Attempting to build and install TimeDate-1.1301 > Unpacking perl-tar/TimeDate-1.1301.tar.gz > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Checking if your kit is complete... > Looks good > Writing Makefile for TimeDate > cp lib/Date/Format.pm blib/lib/Date/Format.pm > cp lib/Date/Language/Norwegian.pm blib/lib/Date/Language/Norwegian.pm > cp lib/Date/Parse.pm blib/lib/Date/Parse.pm > cp lib/Time/Zone.pm blib/lib/Time/Zone.pm > cp lib/Date/Language/Czech.pm blib/lib/Date/Language/Czech.pm > cp lib/Date/Language.pm blib/lib/Date/Language.pm > cp lib/Date/Language/Italian.pm blib/lib/Date/Language/Italian.pm > cp lib/Date/Language/Austrian.pm blib/lib/Date/Language/Austrian.pm > cp lib/Date/Language/Dutch.pm blib/lib/Date/Language/Dutch.pm > cp lib/Date/Language/German.pm blib/lib/Date/Language/German.pm > cp lib/Date/Language/French.pm blib/lib/Date/Language/French.pm > cp lib/Date/Language/English.pm blib/lib/Date/Language/English.pm > Manifying blib/man3/Date::Format.3 > Manifying blib/man3/Time::Zone.3 > Manifying blib/man3/Date::Parse.3 > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/date.......ok > t/format.....ok > t/getdate....ok > t/lang.......ok > All tests successful. > Files=4, Tests=404, 1 wallclock secs ( 0.20 cusr + 0.01 csys = 0.21 CPU) > Manifying blib/man3/Date::Format.3 > Manifying blib/man3/Time::Zone.3 > Manifying blib/man3/Date::Parse.3 > Writing /usr/local/lib/perl5/site_perl/5.8.5/i686-linux/auto/TimeDate/.packlist > Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p > od > > > > Attempting to build and install MailTools-1.50 > Unpacking perl-tar/MailTools-1.50.tar.gz > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Checking for Net::SMTP... not found > > It is reccomended that you have Net::SMTP version 1.03 or later > Look on CPAN for CPAN/modules/by-author/id/GBARR/libnet-x.x.tar.gz > > Checking for Net::Domain...ok > Checking for IO::Handle...ok > Checking if your kit is complete... > Looks good > Writing Makefile for Mail > cp Mail/Mailer/rfc822.pm blib/lib/Mail/Mailer/rfc822.pm > cp Mail/Cap.pm blib/lib/Mail/Cap.pm > cp Mail/Mailer/test.pm blib/lib/Mail/Mailer/test.pm > cp Mail/Mailer/mail.pm blib/lib/Mail/Mailer/mail.pm > cp Mail/Header.pm blib/lib/Mail/Header.pm > cp Mail/Mailer.pm blib/lib/Mail/Mailer.pm > cp Mail/Field/Date.pm blib/lib/Mail/Field/Date.pm > cp Mail/Send.pm blib/lib/Mail/Send.pm > cp Mail/Filter.pm blib/lib/Mail/Filter.pm > cp Mail/Field/AddrList.pm blib/lib/Mail/Field/AddrList.pm > cp Mail/Mailer/qmail.pm blib/lib/Mail/Mailer/qmail.pm > cp Mail/Mailer/sendmail.pm blib/lib/Mail/Mailer/sendmail.pm > cp Mail/Field.pm blib/lib/Mail/Field.pm > cp Mail/Internet.pm blib/lib/Mail/Internet.pm > AutoSplitting blib/lib/Mail/Internet.pm (blib/lib/auto/Mail/Internet) > cp Mail/Util.pm blib/lib/Mail/Util.pm > AutoSplitting blib/lib/Mail/Util.pm (blib/lib/auto/Mail/Util) > cp Mail/Address.pm blib/lib/Mail/Address.pm > cp Mail/Mailer/smtp.pm blib/lib/Mail/Mailer/smtp.pm > Manifying blib/man3/Mail::Cap.3 > Manifying blib/man3/Mail::Header.3 > Manifying blib/man3/Mail::Mailer.3 > Manifying blib/man3/Mail::Filter.3 > Manifying blib/man3/Mail::Send.3 > Manifying blib/man3/Mail::Field::AddrList.3 > Manifying blib/man3/Mail::Field.3 > Manifying blib/man3/Mail::Internet.3 > Manifying blib/man3/Mail::Util.3 > Manifying blib/man3/Mail::Address.3 > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/extract.....ok > t/header......ok > t/internet....ok > t/mailcap.....ok > t/mailer......ok > t/require.....ok > t/send........ok > All tests successful. > Files=7, Tests=94, 0 wallclock secs ( 0.12 cusr + 0.07 csys = 0.19 CPU) > Writing /usr/local/lib/perl5/site_perl/5.8.5/i686-linux/auto/Mail/.packlist > Appending installation info to /usr/local/lib/perl5/5.8.5/i686-linux/perllocal.p > od > > > > Oh good, module File::Spec version 0.82 is already installed. > > Attempting to build and install File-Temp-0.12 > Unpacking perl-tar/File-Temp-0.12.tar.gz > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Checking if your kit is complete... > Looks good > Writing Makefile for File::Temp > cp Temp.pm blib/lib/File/Temp.pm > Manifying blib/man3/File::Temp.3 > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/mktemp......Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi > le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe > rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l > ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo > cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl > 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. > 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca > l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr > /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm > line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line > 127. > BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l > ine 127. > Compilation failed in require at t/mktemp.t line 12. > BEGIN failed--compilation aborted at t/mktemp.t line 12. > t/mktemp......dubious > Test returned status 2 (wstat 512, 0x200) > DIED. FAILED tests 1-9 > Failed 9/9 tests, 0.00% okay > t/posix.......Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi > le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe > rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l > ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo > cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl > 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. > 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca > l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr > /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm > line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line > 127. > BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l > ine 127. > Compilation failed in require at t/posix.t line 8. > BEGIN failed--compilation aborted at t/posix.t line 8. > t/posix.......dubious > Test returned status 2 (wstat 512, 0x200) > DIED. FAILED tests 1-7 > Failed 7/7 tests, 0.00% okay > t/security....Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi > le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe > rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l > ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo > cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl > 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. > 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca > l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr > /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm > line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line > 127. > BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l > ine 127. > Compilation failed in require at t/security.t line 20. > BEGIN failed--compilation aborted at t/security.t line 20. > t/security....dubious > Test returned status 2 (wstat 512, 0x200) > DIED. FAILED tests 1-13 > Failed 13/13 tests, 0.00% okay > t/tempfile....Can't locate MailScanner/Config.pm in @INC (@INC contains: /tmp/Fi > le-Temp-0.12/blib/lib /tmp/File-Temp-0.12/blib/arch /usr/local/lib/perl5/site_pe > rl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/l > ib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/lo > cal/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/local/lib/perl > 5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5. > 8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 /usr/loca > l/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5 /usr > /local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux/Errno.pm > line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm line > 127. > BEGIN failed--compilation aborted at /tmp/File-Temp-0.12/blib/lib/File/Temp.pm l > ine 127. > Compilation failed in require at t/tempfile.t line 35. > BEGIN failed--compilation aborted at t/tempfile.t line 35. > t/tempfile....dubious > Test returned status 2 (wstat 512, 0x200) > DIED. FAILED tests 1-20 > Failed 20/20 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > t/mktemp.t 2 512 9 18 200.00% 1-9 > t/posix.t 2 512 7 14 200.00% 1-7 > t/security.t 2 512 13 26 200.00% 1-13 > t/tempfile.t 2 512 20 40 200.00% 1-20 > Failed 4/4 test scripts, 0.00% okay. 49/49 subtests failed, 0.00% okay. > make: *** [test_dynamic] Error 2 > > > > Oh good, module HTML::Tagset version 3.03 is already installed. > > Oh good, module HTML::Parser version 3.45 is already installed. > > Attempting to build and install MIME-tools-5.417 > Unpacking perl-tar/MIME-tools-5.417.tar.gz > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Checking for module File::Path (version 1)... ok. > Checking for module File::Spec (version 0.6)... ok. > Checking for module IO::Stringy (version 1.211)... ok. > Checking for module MIME::Base64 (version 3.03)... not found. > --- Fallback: Checking for module MIME::Base64 (version 2.20)... not found. > Checking for module Mail::Field (version 1.05)... ok. > Checking for module Mail::Header (version 1.01)... ok. > Checking for module Mail::Internet (version 1.0203)... ok. > > > *** The following required modules are missing: > MIME::Base64: At least version 2.20 > *** Please install them before attempting to use MIME::Tools. > Checking if your kit is complete... > Looks good > Warning: prerequisite MIME::Base64 2.2 not found. We have 2.12. > Writing Makefile for MIME-tools > cp lib/MIME/Body.pm blib/lib/MIME/Body.pm > cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm > cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm > cp set-version.pl blib/lib/set-version.pl > cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm > cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm > cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm > cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm > cp lib/MIME/Head.pm blib/lib/MIME/Head.pm > cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm > cp lib/MIME/Words.pm blib/lib/MIME/Words.pm > cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm > cp lib/MIME/Decoder/BinHex.pm blib/lib/MIME/Decoder/BinHex.pm > cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm > cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm > cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm > cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm > cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm > cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm > cp lib/MIME/Decoder/QuotedPrint.pm blib/lib/MIME/Decoder/QuotedPrint.pm > cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm > cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm > cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm > Manifying blib/man3/MIME::Decoder::Gzip64.3 > Manifying blib/man3/MIME::Body.3 > Manifying blib/man3/MIME::Field::ContDisp.3 > Manifying blib/man3/MIME::Parser::Results.3 > Manifying blib/man3/MIME::Field::ContType.3 > Manifying blib/man3/MIME::Decoder::NBit.3 > Manifying blib/man3/MIME::Entity.3 > Manifying blib/man3/MIME::Parser::Filer.3 > Manifying blib/man3/MIME::Head.3 > Manifying blib/man3/MIME::Words.3 > Manifying blib/man3/MIME::Field::ParamVal.3 > Manifying blib/man3/MIME::Decoder::BinHex.3 > Manifying blib/man3/MIME::Field::ConTraEnc.3 > Manifying blib/man3/MIME::Tools.3 > Manifying blib/man3/MIME::Decoder::Binary.3 > Manifying blib/man3/MIME::Decoder.3 > Manifying blib/man3/MIME::Decoder::UU.3 > Manifying blib/man3/MIME::Decoder::QuotedPrint.3 > Manifying blib/man3/MIME::Decoder::Base64.3 > Manifying blib/man3/MIME::WordDecoder.3 > Manifying blib/man3/MIME::Parser::Reader.3 > Manifying blib/man3/MIME::Parser.3 > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/Body...........ok > t/Decoder........ok > t/Entity.........ok > t/Gauntlet.......ok > t/Head...........ok > t/Misc...........FAILED tests 4-5, 7-11 > Failed 7/14 tests, 50.00% okay > t/Parser.........ok > t/Ref............ok > t/WordDecoder....ok > t/Words..........ok > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > t/Misc.t 14 7 50.00% 4-5 7-11 > Failed 1/10 test scripts, 90.00% okay. 7/231 subtests failed, 96.97% okay. > make: *** [test_dynamic] Error 29 > > > > Oh good, module Convert::TNEF version 0.17 is already installed. > > Oh good, module Compress::Zlib version 1.33 is already installed. > > Attempting to build and install Archive-Zip-1.14 > Unpacking perl-tar/Archive-Zip-1.14.tar.gz > > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Checking if your kit is complete... > Looks good > Warning: prerequisite File::Temp 0 not found. > Writing Makefile for Archive::Zip > cp lib/Archive/Zip.pod blib/lib/Archive/Zip.pod > cp lib/Archive/Zip/Tree.pm blib/lib/Archive/Zip/Tree.pm > cp lib/Archive/Zip/FAQ.pod blib/lib/Archive/Zip/FAQ.pod > cp lib/Archive/Zip.pm blib/lib/Archive/Zip.pm > cp lib/Archive/Zip/MockFileHandle.pm blib/lib/Archive/Zip/MockFileHandle.pm > cp lib/Archive/Zip/MemberRead.pm blib/lib/Archive/Zip/MemberRead.pm > cp lib/Archive/Zip/BufferedFileHandle.pm blib/lib/Archive/Zip/BufferedFileHandle > .pm > cp crc32 blib/script/crc32 > /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/crc32 > Manifying blib/man3/Archive::Zip::Tree.3 > Manifying blib/man3/Archive::Zip.3 > Manifying blib/man3/Archive::Zip::FAQ.3 > Manifying blib/man3/Archive::Zip::MemberRead.3 > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, > 'blib/lib', 'blib/arch')" t/*.t > t/test..............Can't locate MailScanner/Config.pm in @INC (@INC contains: / > tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per > l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u > sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin > ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca > l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li > b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 > /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ > 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux > /Errno.pm line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 > 2. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin > e 132. > Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l > ine 26. > BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. > pm line 26. > Compilation failed in require at t/test.t line 10. > BEGIN failed--compilation aborted at t/test.t line 10. > t/test..............dubious > Test returned status 2 (wstat 512, 0x200) > t/testex............Can't locate MailScanner/Config.pm in @INC (@INC contains: / > tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per > l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u > sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin > ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca > l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li > b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 > /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ > 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux > /Errno.pm line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 > 2. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin > e 132. > Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l > ine 26. > BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. > pm line 26. > Compilation failed in require at t/testex.t line 11. > BEGIN failed--compilation aborted at t/testex.t line 11. > t/testex............dubious > Test returned status 2 (wstat 512, 0x200) > t/testMemberRead....Can't locate MailScanner/Config.pm in @INC (@INC contains: / > tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per > l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u > sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin > ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca > l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li > b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 > /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ > 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux > /Errno.pm line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 > 2. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin > e 132. > Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l > ine 26. > BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. > pm line 26. > Compilation failed in require at t/testMemberRead.t line 10. > BEGIN failed--compilation aborted at t/testMemberRead.t line 10. > t/testMemberRead....dubious > Test returned status 2 (wstat 512, 0x200) > t/testTree..........Can't locate MailScanner/Config.pm in @INC (@INC contains: / > tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per > l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u > sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin > ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca > l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li > b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 > /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ > 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux > /Errno.pm line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 > 2. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin > e 132. > Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l > ine 26. > BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. > pm line 26. > Compilation failed in require at t/testTree.t line 11. > BEGIN failed--compilation aborted at t/testTree.t line 11. > t/testTree..........dubious > Test returned status 2 (wstat 512, 0x200) > t/testUpdate........Can't locate MailScanner/Config.pm in @INC (@INC contains: / > tmp/Archive-Zip-1.14/blib/lib /tmp/Archive-Zip-1.14/blib/arch /usr/local/lib/per > l5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /u > sr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl/5.8.5/i686-lin > ux /usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl /usr/loca > l/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/li > b/perl5/5.8.5 . /usr/local/lib/perl5/5.8.5/i686-linux /usr/local/lib/perl5/5.8.5 > /usr/local/lib/perl5/site_perl/5.8.5/i686-linux /usr/local/lib/perl5/site_perl/ > 5.8.5 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/5.8.5/i686-linux > /Errno.pm line 8. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/i686-linux/Errno > .pm line 8. > Compilation failed in require at /usr/local/lib/perl5/5.8.5/File/Temp.pm line 13 > 2. > BEGIN failed--compilation aborted at /usr/local/lib/perl5/5.8.5/File/Temp.pm lin > e 132. > Compilation failed in require at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip.pm l > ine 26. > BEGIN failed--compilation aborted at /tmp/Archive-Zip-1.14/blib/lib/Archive/Zip. > pm line 26. > Compilation failed in require at t/testUpdate.t line 11. > BEGIN failed--compilation aborted at t/testUpdate.t line 11. > t/testUpdate........dubious > Test returned status 2 (wstat 512, 0x200) > FAILED--5 test scripts could be run, alas--no output ever seen > make: *** [test_dynamic] Error 2 > > > > Oh good, module Convert::BinHex version 1.119 is already installed. > > > Installing tnef decoder > > Oh good, I have found the tnef program is in /usr/local/bin. > > Now to install MailScanner itself. > > Installing MailScanner into /opt. > If you do not want it there, just move it to where you want it > and then edit MailScanner.conf and check_mailscanner > to set the correct locations. > Have just installed version 4.38.7 into /opt/MailScanner-4.38.7. > You will need to update the symlink /opt/MailScanner to point > to the new version before starting it. > > For some reason the tnef decoder did not compile properly. > As an alternative, in MailScanner.conf set > TNEF Expander = internal > > > If you want help setting up MailScanner, please read the MAQ > at www.mailscanner.biz/maq/ and buy the MailScanner book at > www.mailscanner.info/store > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 16:27:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: install-Clam-SA - SA version Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have upgraded it to use 3.0.2 now. Brett Moss wrote: >--- Julian Field wrote: > > > >>Sorry about that. >>And yes, you can easily mod it to install 3.0.2 >>instead of 3.0.1. >> >>Brett Moss wrote: >> >> >> >>>hello, >>>clamav was updated to v0.81, is there a reason >>>spamassassin is still at v3.0.1, and not 3.0.2? >>> >>>can i simply download the 3.0.2 file to the >>> >>> >>perl-tar >> >> >>>directory and alter the INSTALL-tar.sh to call >>> >>> >>3.0.2? >> >> > >thank you > >brett > > > >__________________________________ >Do you Yahoo!? >Yahoo! Mail - Helps protect you from nasty viruses. >http://promotions.yahoo.com/new_mail > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brian.duncan at KMZR.COM Fri Jan 28 16:44:43 2005 From: brian.duncan at KMZR.COM (Duncan, Brian M.) Date: Thu Jan 12 21:28:21 2006 Subject: Removing MULTIPLE subject lines in a message. Message-ID: 200501281328.j0SDSbL06054@venus.KMZR.COM> Received: from abac.com ([28.90.248.212]) by crisscross.iupi.pt (InterMail vK.4.04.00.00 813-535-420 license 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id <75579863733746.EUMI071.cosy@abac.com> for ; Fri, 28 Jan 2005 11:21:00 -0200 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 28 Jan 2005 19:25:00 +0600 Received: from 24.240.198.188 by ami.demagogue.hotmail.msn.com with HTTP;Fri, 28 Jan 2005 14:27:00 +0100 GMT X-Originating-IP: [18.219.66.153] X-Originating-Email: [combat@abac.com] From: "Augusta Wood" , "Augusta Wood" To: mccord@kmzr.com, "Mccord" Subject: {FAILED SC} Spyware Aiert - January 25th Date: Fri, 28 Jan 2005 14:26:00 +0100 Mime-Version: 1.0 Received: from abac.com ([100.144.236.240]) by crisscross.iupi.pt (InterMail vK.4.04.00.00 218-712-387 license 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id <67078592714268.CCLC9817.crisscross.iupi.pt> for ; Fri, 28 Jan 2005 17:26:00 +0400 Subject: Spyware Aiert - January 25th Sender: "Augusta Wood" X-KMZR-MailScanner-Information: X-MailScanner-SpamCheck: spam, SpamAssassin (score=22.075, required 7,autolearn=spam, BAYES_80 2.09, INVALID_TZ_GMT 0.20, LONGWORD 0.30,LONGWORDS 2.26, MR_NOT_ATTRIBUTED_IP 0.20, MR_STRANGE_QUESTION 1.50,MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, NO_RDNS2 0.01,RCVD_IN_DSBL 3.81, RCVD_IN_SORBS 1.00, URIBL_OB_SURBL 3.21,URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46) X-MailScanner-SpamScore: ssssssssssssssssssssss X-MailScanner-From: reevesxfkyy@topteam.bg Return-Path: Reevesxfkyy@topteam.bg X-OriginalArrivalTime: 28 Jan 2005 13:30:17.0277 (UTC) FILETIME=[81717ED0:01C5053D] Brian M. Duncan Katten Muchin Zavis Rosenman 525 West Monroe Street Chicago IL 60661-3693 312-577-8045 brian.duncan@kmzr.com =========================================================== Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Fri Jan 28 17:01:51 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:21 2006 Subject: Special mail handling Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, a customer of our came forward with some special wishes for their mail handling. We are currently migrating them from Tobit David server on Novell to a Linux based Open Exchange, with MailScanner taking care of virus/spam filtering. The old system (through a plugin/addon) had the possibility of special handling of large emails - when an email would contain an unpacked attachment, the plugin would zip the file. Also, from a certain size, the mail (both incoming and outgoing) is held until released for mailing. Is it possible to implement something like this with MailScanner, or some other tool? Tnx, -garry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlist at STARWHITE.NET Fri Jan 28 17:21:31 2005 From: mlist at STARWHITE.NET (Benn Schreiber) Date: Thu Jan 12 21:28:21 2006 Subject: Orphan qf files in mqueue.in on SuSE 9.2 Message-ID: I was running MailScanner on RH9 for quite some time with no problems. I've now moved to SuSE 9.2, and installed 4.37.7-1.suse along with the latest SA. Everything is working quite well except that I'm getting orphaned qf* files in the mqueue.in directory. Based on something I read I changed Queue Scan Interval from 5 to 10, and then 10 to 20, but am still seeing these. I should add that the system is a 2.8Ghz with hyperthreading, and is quite unloaded (gets a couple of hundred emails per day). I'd appreciate any ideas as to how to debug and (hopefully) eliminate these little buggers. Thanks Benn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Jan 28 17:50:31 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:21 2006 Subject: service MailScanner start issue. Message-ID: On Fri, 28 Jan 2005, RedRed!com IT Department wrote: > OK, I have attached a notepad file that has the output of my > ./install.sh. What I did was rm -rf /opt/Mailscanner and rm -rf > /usr/src/MailScanner-install-4.38.7. I wanted to start from scratch to > make sure I did everything correctly. > > First issue as you can see in the txt file is that it tells me that I'm > not running an RPM based system. Which I most certainly am. RH 7.3. The RPM mechanism should, and does, work on RH 7.3. And MailScanner installs nicely with it. I suggest you look at the "./install.sh" script, and try to work out why it believes that your particular system doesn't have RPM. (You can run it as "sh -x ./install.sh" to see what it is doing.) There's something not right, and investigating it should help. Once you have resolved this, then there is a chance that the remaining problems may automatically fix themselves. But see also below. > Next it starts checking all the modules and it begins to rebuild a few > of them. Why is it rebuilding them? I manually built and installed all > of those modules. MS does seem to want to rebuild various modules. In general, on a cleanly running system, you wouldn't need to worry about this. But (see above and below) I suspect that your system has a few peculiarities which are significantly, and adversely, influencing things. Glancing through the log file you attached (most useful!), I saw near the top that it found only one version of perl (good) in "/usr/bin" (good). But then I noticed references to "/usr/local/lib/perl...". This feels inconsistent, as though you might have (or have had) two version of perl: 1. a preferred one in "/usr/bin" and "/usr/lib"; 2. a second one, or its residue, in "/usr/local/bin" and "/usr/local/lib". Do (or did) you have a second perl installation at "/usr/local/bin/perl"? Your MS installation would have detected this and advised against it. Perhaps you then removed that binary so that MS passed this "two version" test, but your perl is still, for some reason, finding the remnants of the non-preferred "/usr/local/" version. So if you have both a "/usr/lib/perl..." and a "/usr/local/lib/perl...", (or remnants) then you should consider trying to remove the "/usr/local" version completely. If you really have and need both these paths on the machine, then you are entering territory outside the recommended norms, where relatively few of us on this list have trodden before. You could probably still succeed, but the chances are that you'll need to get to grips understanding the particular details of your perls on your machine, which only you (not us) can do. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 18:00:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Orphan qf files in mqueue.in on SuSE 9.2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quite possibly a locking problem. What version of sendmail are you running? If 8.13 or later then you will need "Lock Type = posix" in MailScanner.conf. Benn Schreiber wrote: >I was running MailScanner on RH9 for quite some time with no problems. I've >now moved to SuSE 9.2, and installed 4.37.7-1.suse along with the latest SA. > >Everything is working quite well except that I'm getting orphaned qf* files >in the mqueue.in directory. Based on something I read I changed Queue Scan >Interval from 5 to 10, and then 10 to 20, but am still seeing these. > >I should add that the system is a 2.8Ghz with hyperthreading, and is quite >unloaded (gets a couple of hundred emails per day). > >I'd appreciate any ideas as to how to debug and (hopefully) eliminate these >little buggers. > >Thanks > >Benn > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Fri Jan 28 18:00:52 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:28:21 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -zip- && apologies for excessive headers.....(but, it was a long time ago and may be needed for reminder services)...... >>>>>> >>>>>> >>>>>>> We have two mail servers running on Solaris 9 Sparc. Sendmail >>>>>>> 8.12.10 >>>>>>> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier >>>>>>> today, one of our large mailing lists got hit a couple of times and >>>>>>> the servers got a bit busy. However, something went wrong and /tmp >>>>>>> filled up with >>>>>>> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands >>>>>>> were >>>>>>> created in a short time, running /tmp out of i-nodes and thus >>>>>>> effectively stopping MailScanner. >>>>>>> >>>>>>> Killing MailScanner, cleaning /tmp and restarting would then >>>>>>> reproduce >>>>>>> the problem again soon after. I truss'd the output of a few of the >>>>>>> MailScanner processes that were going bad and all they were doing >>>>>>> was >>>>>>> trying to open new files in /tmp. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> We have further discovered that this problem definitely only occurs >>>>>> when >>>>>> MailScanner is set to use SpamAssassin. Switch off SpamAssassin and >>>>>> there are zero problems. So, being relatively unknowledgable about >>>>>> MailScanner, the question that comes up is what is creating these >>>>>> temporary files? It is either SpamAssassin itself or something in >>>>>> MailScanner that gets switched on when you tell it to use >>>>>> SpamAssassin. >>>>>> >>>>>> Can anybody offer any guidance on whether MailScanner itself creates >>>>>> these files? >>>>> >> > > These files are generated by SpamAssassin and not MailScanner itself. So > that is where you need to look. Check you are running a recent > File::Temp module and that your Perl is new enough (I don't think > SpamAssassin supports anything older than about 5.6.1). > > You can easily install a new perl from www.sunfreeware.com and then just > mv /usr/bin/perl /usr/bin/perl.SUN > ln -s /usr/local/bin/perl /usr/bin/perl > This will ensure that the new Perl is always used regardless of the > $PATH. > > My own production MailScanner servers are mostly Solaris boxes and I > have never seen this problem on there, so it's not a general problem. > Let me know if the new perl helps. Hi Julian et al, An update on this situation....... I thought i'd fixed the problem. I updated MIME::Tools and File::Temp with the existing perl 5.6.1 and all was well for the best part of two weeks (during which we didn't have any massive influxs, but did have a couple of inqueues up in the 100-200 mark) until about 45 minutes ago (Friday afternoon/evening.....grrr.......why send massive mailing list mails at that time?!!), when one of the two affected servers exhibited the problem again. Both had inqueues up in the 600s, one survived and got through it all ok, the other got down to 400 and then went bonkers. So, my next step is a new Perl as Julian also suggested and i'll keep the list informed as to the results of this. Cheers Ade -- ___________________________________________________ Ade Fewings MEng School of Informatics, University of Wales, Bangor, Dean Street, Bangor, Gwynedd. LL57 1UT. UK. ade@informatics.bangor.ac.uk www.informatics.bangor.ac.uk/~ade Tel: +44 (0)1248 382736 Fax: +44 (0)1248 361429 ___________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Fri Jan 28 18:06:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ade Fewings wrote: > -zip- && apologies for excessive headers.....(but, it was a long time > ago and may be needed for reminder services)...... > >>>>>>> >>>>>>> >>>>>>>> We have two mail servers running on Solaris 9 Sparc. Sendmail >>>>>>>> 8.12.10 >>>>>>>> utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier >>>>>>>> today, one of our large mailing lists got hit a couple of times >>>>>>>> and >>>>>>>> the servers got a bit busy. However, something went wrong and >>>>>>>> /tmp >>>>>>>> filled up with >>>>>>>> spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands >>>>>>>> were >>>>>>>> created in a short time, running /tmp out of i-nodes and thus >>>>>>>> effectively stopping MailScanner. >>>>>>>> >>>>>>>> Killing MailScanner, cleaning /tmp and restarting would then >>>>>>>> reproduce >>>>>>>> the problem again soon after. I truss'd the output of a few of >>>>>>>> the >>>>>>>> MailScanner processes that were going bad and all they were doing >>>>>>>> was >>>>>>>> trying to open new files in /tmp. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> We have further discovered that this problem definitely only occurs >>>>>>> when >>>>>>> MailScanner is set to use SpamAssassin. Switch off SpamAssassin >>>>>>> and >>>>>>> there are zero problems. So, being relatively unknowledgable about >>>>>>> MailScanner, the question that comes up is what is creating these >>>>>>> temporary files? It is either SpamAssassin itself or something in >>>>>>> MailScanner that gets switched on when you tell it to use >>>>>>> SpamAssassin. >>>>>>> >>>>>>> Can anybody offer any guidance on whether MailScanner itself >>>>>>> creates >>>>>>> these files? >>>>>> >>>>>> >>> >> >> These files are generated by SpamAssassin and not MailScanner itself. So >> that is where you need to look. Check you are running a recent >> File::Temp module and that your Perl is new enough (I don't think >> SpamAssassin supports anything older than about 5.6.1). >> >> You can easily install a new perl from www.sunfreeware.com and then just >> mv /usr/bin/perl /usr/bin/perl.SUN >> ln -s /usr/local/bin/perl /usr/bin/perl >> This will ensure that the new Perl is always used regardless of the >> $PATH. >> >> My own production MailScanner servers are mostly Solaris boxes and I >> have never seen this problem on there, so it's not a general problem. >> Let me know if the new perl helps. > > > > Hi Julian et al, > > An update on this situation....... > > I thought i'd fixed the problem. I updated MIME::Tools and File::Temp > with the existing perl 5.6.1 and all was well for the best part of two > weeks (during which we didn't have any massive influxs, but did have a > couple of inqueues up in the 100-200 mark) until about 45 minutes ago > (Friday afternoon/evening.....grrr.......why send massive mailing list > mails at that time?!!), when one of the two affected servers exhibited > the problem again. Both had inqueues up in the 600s, one survived and > got through it all ok, the other got down to 400 and then went bonkers. > So, my next step is a new Perl as Julian also suggested and i'll keep > the list informed as to the results of this. What is your SpamAssassin Timeout set to? Set it to 100 at least and then see if things improve. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nboddie at MY-NETWORK.COM Fri Jan 28 18:25:15 2005 From: nboddie at MY-NETWORK.COM (Ned Boddie) Date: Thu Jan 12 21:28:21 2006 Subject: ?? SPAM : Why is this marked as SPAM - any clue? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, I've whitelited this email address as it indicates in the headers, but it's still tagged as spam, any clue why? The header from one of the offending messages is listed below: Return-Path: Received: from bisukexc01.local.bond.co.uk (mail.bond.co.uk [217.205.148.231]) by ns.my-network.com (8.12.8/8.12.8) with ESMTP id j0SHJw4U018979 for ; Fri, 28 Jan 2005 11:19:59 -0600 Received: from bisukexc01.local.bond.co.uk (unverified) by bisukexc01.local.bond.co.uk (Content Technologies SMTPRS 4.3.14) with ESMTP id for ; Fri, 28 Jan 2005 17:18:03 +0000 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Disposition-Notification-To: "Daniel Richardson" Subject: RE: ?? SPAM : Have you seen this? Date: Fri, 28 Jan 2005 17:18:03 -0000 Message-ID: <7A9411E3192F944DAB0515939386CF010188FC69@bisukexc01.local.bond.co.uk> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ?? SPAM : Have you seen this? Thread-Index: AcUFO89wIN0+0K4+TRaDU9lVeNaQwwAIUIHg From: "Daniel Richardson" To: "Ned Boddie" X-my-network-MailScanner-Information: Please contact the ISP for more information X-my-network-MailScanner: Found to be clean X-my-network-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-4.9, required 5, autolearn=not spam, BAYES_00 -4.90) X-MailScanner-From: drichardson@bond.co.uk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.my-network.com id j0SHJw4U018979 TIA, Ned ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Fri Jan 28 18:46:51 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:21 2006 Subject: ?? SPAM : Why is this marked as SPAM - any clue? Message-ID: Ned, Could be me the way today's going, but it looks more like your e-mail's being tagged as Spam? In your full header on this post to the List it's showing a score of 6.XXXX over 5 and therefore tagging this post as Spam. Since the header you provided below is in response to an e-mail from somewhere (presumably you) when they replied it just picked up that tagging and therefore you see it. The header shows it's fine and not tagged, but then again that's the reply inbound to you - not your original send to them. Or I could be completely nuts... David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ned Boddie > Sent: Friday, January 28, 2005 1:25 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: ?? SPAM : Why is this marked as SPAM - any clue? > > > Hi All, > > I've whitelited this email address as it indicates in the > headers, but it's still tagged as spam, any clue why? > > The header from one of the offending messages is listed below: > > Return-Path: > Received: from bisukexc01.local.bond.co.uk (mail.bond.co.uk > [217.205.148.231]) > by ns.my-network.com (8.12.8/8.12.8) with ESMTP id j0SHJw4U018979 > for ; Fri, 28 Jan 2005 11:19:59 -0600 > Received: from bisukexc01.local.bond.co.uk (unverified) by > bisukexc01.local.bond.co.uk (Content Technologies SMTPRS > 4.3.14) with > ESMTP id for > ; Fri, 28 Jan 2005 17:18:03 +0000 > X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 > content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: text/plain; charset="us-ascii" > Disposition-Notification-To: "Daniel Richardson" > > Subject: RE: ?? SPAM : Have you seen this? > Date: Fri, 28 Jan 2005 17:18:03 -0000 > Message-ID: > <7A9411E3192F944DAB0515939386CF010188FC69@bisukexc01.local.bond.co.uk> > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: ?? SPAM : Have you seen this? > Thread-Index: AcUFO89wIN0+0K4+TRaDU9lVeNaQwwAIUIHg > From: "Daniel Richardson" > To: "Ned Boddie" > X-my-network-MailScanner-Information: Please contact the ISP > for more information > X-my-network-MailScanner: Found to be clean > X-my-network-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=-4.9, required 5, autolearn=not spam, > BAYES_00 -4.90) > X-MailScanner-From: drichardson@bond.co.uk > Content-Transfer-Encoding: 8bit > X-MIME-Autoconverted: from quoted-printable to 8bit by > ns.my-network.com id j0SHJw4U018979 > > TIA, > > Ned > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nboddie at MY-NETWORK.COM Fri Jan 28 18:53:34 2005 From: nboddie at MY-NETWORK.COM (Ned Boddie) Date: Thu Jan 12 21:28:21 2006 Subject: ?? SPAM : Re: Why is this marked as SPAM - any clue? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Duh, OK I'm an idiot, you're exactly right - thanks for pointing out my bad :( > Ned, > > Could be me the way today's going, but it looks more > like your e-mail's being tagged as Spam? In your full header > on this post to the List it's showing a score of 6.XXXX over > 5 and therefore tagging this post as Spam. > > Since the header you provided below is in response to > an e-mail from somewhere (presumably you) when they replied > it just picked up that tagging and therefore you see it. > > The header shows it's fine and not tagged, but then > again that's the reply inbound to you - not your original > send to them. > > Or I could be completely nuts... > > David J. Duffner > VP Operations > NWC Corporation > www.nwcxpress.com > > > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ned Boddie >> Sent: Friday, January 28, 2005 1:25 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: ?? SPAM : Why is this marked as SPAM - any clue? >> >> >> Hi All, >> >> I've whitelited this email address as it indicates in the >> headers, but it's still tagged as spam, any clue why? >> >> The header from one of the offending messages is listed below: >> >> Return-Path: >> Received: from bisukexc01.local.bond.co.uk (mail.bond.co.uk >> [217.205.148.231]) >> by ns.my-network.com (8.12.8/8.12.8) with ESMTP id j0SHJw4U018979 >> for ; Fri, 28 Jan 2005 11:19:59 -0600 >> Received: from bisukexc01.local.bond.co.uk (unverified) by >> bisukexc01.local.bond.co.uk (Content Technologies SMTPRS >> 4.3.14) with >> ESMTP id for >> ; Fri, 28 Jan 2005 17:18:03 +0000 >> X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 >> content-class: urn:content-classes:message >> MIME-Version: 1.0 >> Content-Type: text/plain; charset="us-ascii" >> Disposition-Notification-To: "Daniel Richardson" >> >> Subject: RE: ?? SPAM : Have you seen this? >> Date: Fri, 28 Jan 2005 17:18:03 -0000 >> Message-ID: >> <7A9411E3192F944DAB0515939386CF010188FC69@bisukexc01.local.bond.co.uk> >> X-MS-Has-Attach: >> X-MS-TNEF-Correlator: >> Thread-Topic: ?? SPAM : Have you seen this? >> Thread-Index: AcUFO89wIN0+0K4+TRaDU9lVeNaQwwAIUIHg >> From: "Daniel Richardson" >> To: "Ned Boddie" >> X-my-network-MailScanner-Information: Please contact the ISP >> for more information >> X-my-network-MailScanner: Found to be clean >> X-my-network-MailScanner-SpamCheck: not spam (whitelisted), >> SpamAssassin (score=-4.9, required 5, autolearn=not spam, >> BAYES_00 -4.90) >> X-MailScanner-From: drichardson@bond.co.uk >> Content-Transfer-Encoding: 8bit >> X-MIME-Autoconverted: from quoted-printable to 8bit by >> ns.my-network.com id j0SHJw4U018979 >> >> TIA, >> >> Ned >> >> ------------------------ MailScanner list >> ------------------------ To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' >> in the body of the email. Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Message scanned by MailScanner, and is believed to be clean. >> CONFIDENTIALITY NOTICE: This transmission intended for the >> specified destination and person. If this is not you, this >> e-mail must be deleted immediately. www.nwcweb.com >> > > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Fri Jan 28 18:52:42 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:21 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Is it possible to copy the passwd and shadow passwd files from one Linux machine to another to duplicate the user accounts from one server on the other? It's something I haven't done before and was wondering if it would just work. I need to setup a temp mail server so I can work on the production mail server without interrupting service. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Jan 28 18:58:58 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:21 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Hello, > > Is it possible to copy the passwd and shadow passwd files from one Linux > machine to another to duplicate the user accounts from one server on the > other? It's something I haven't done before and was wondering if it > would just work. I need to setup a temp mail server so I can work on the > production mail server without interrupting service. > Rod, Sure can do. But make sure the 2 boxes have the same Linux release because some accounts do change from time to time. I'd also recommend rebooting the server after swapping the passwd/shadow files... just in case... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From rgreen at TRAYERPRODUCTS.COM Fri Jan 28 19:02:06 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:21 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > Rodney Green wrote: > >> Hello, >> >> Is it possible to copy the passwd and shadow passwd files from one Linux >> machine to another to duplicate the user accounts from one server on the >> other? It's something I haven't done before and was wondering if it >> would just work. I need to setup a temp mail server so I can work on the >> production mail server without interrupting service. >> > > Rod, > > Sure can do. But make sure the 2 boxes have the same Linux release > because some accounts do change from time to time. > > I'd also recommend rebooting the server after swapping the passwd/shadow > files... just in case... > > Denis > Thanks Denis! Both machines have the same Linux release so I'm good to go with that. This will be a lot easier than having to setup all of the accounts on the temp server. Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Fri Jan 28 19:03:16 2005 From: webalizer at NWCWEB.COM (Dave Duffner - NWCWEB.com) Date: Thu Jan 12 21:28:21 2006 Subject: ?? SPAM : Re: Why is this marked as SPAM - any clue? Message-ID: Ned, We aims to please! Also you might want to try what we did, as we're using a MailScanner/SpamAssassin combo as well on a Linux/Ensim based server setup: We actually changed the settings so that if MS got ahold of it prior to SA scoping it out, it tags it as [MS-SPAM]. If it makes it past MS's review and then SA decides it's over the score limits, SA tags it as [SPAM-SA]. That way we could get a real grip on which program was doing what to the e-mail and if any mods, learns, etc. were needed. They way we've got things config'ed, essentially [MS-SPAM] is mostly notifications passed to the user that it's UCE and allows them to determine if they want to read it or dump it. [SPAM-SA] is pure sludge, so the Ensim setup allows the user to dump it without ever seeing it at all. If they choose to have it all dumped into their mailbox, they optionally can filter it by those tags. We use this on the Admin side with catch-all boxes to snag the really bad stuff and train the combo to tag it a bit better overall. Rudimentary, the pro's have more ways of doing it, but for entry & mid-level Admins it's a nice basic option easy to control. David J. Duffner VP Operations NWC Corporation www.nwcxpress.com > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ned Boddie > Sent: Friday, January 28, 2005 1:54 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: ?? SPAM : Re: Why is this marked as SPAM - any clue? > > > Duh, OK I'm an idiot, you're exactly right - thanks for > pointing out my bad :( > > > Ned, > > > > Could be me the way today's going, but it looks > more like your > > e-mail's being tagged as Spam? In your full header on this post to > > the List it's showing a score of 6.XXXX over 5 and > therefore tagging > > this post as Spam. > > > > Since the header you provided below is in response to an > > e-mail from somewhere (presumably you) when they replied it just > > picked up that tagging and therefore you see it. > > > > The header shows it's fine and not tagged, but then again > > that's the reply inbound to you - not your original send to them. > > > > Or I could be completely nuts... > > > > David J. Duffner > > VP Operations > > NWC Corporation > > www.nwcxpress.com > > > > > > > >> -----Original Message----- > >> From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Ned Boddie > >> Sent: Friday, January 28, 2005 1:25 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: ?? SPAM : Why is this marked as SPAM - any clue? > >> > >> > >> Hi All, > >> > >> I've whitelited this email address as it indicates in the headers, > >> but it's still tagged as spam, any clue why? > >> > >> The header from one of the offending messages is listed below: > >> > >> Return-Path: > >> Received: from bisukexc01.local.bond.co.uk (mail.bond.co.uk > >> [217.205.148.231]) > >> by ns.my-network.com (8.12.8/8.12.8) with ESMTP id > j0SHJw4U018979 > >> for ; Fri, 28 Jan 2005 11:19:59 -0600 > >> Received: from bisukexc01.local.bond.co.uk (unverified) by > >> bisukexc01.local.bond.co.uk (Content Technologies SMTPRS > >> 4.3.14) with > >> ESMTP id > for > >> ; Fri, 28 Jan 2005 17:18:03 +0000 > >> X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 > >> content-class: urn:content-classes:message > >> MIME-Version: 1.0 > >> Content-Type: text/plain; charset="us-ascii" > >> Disposition-Notification-To: "Daniel Richardson" > >> > >> Subject: RE: ?? SPAM : Have you seen this? > >> Date: Fri, 28 Jan 2005 17:18:03 -0000 > >> Message-ID: > >> > <7A9411E3192F944DAB0515939386CF010188FC69@bisukexc01.local.bond.co.uk > >> > > >> X-MS-Has-Attach: > >> X-MS-TNEF-Correlator: > >> Thread-Topic: ?? SPAM : Have you seen this? > >> Thread-Index: AcUFO89wIN0+0K4+TRaDU9lVeNaQwwAIUIHg > >> From: "Daniel Richardson" > >> To: "Ned Boddie" > >> X-my-network-MailScanner-Information: Please contact the ISP > >> for more information > >> X-my-network-MailScanner: Found to be clean > >> X-my-network-MailScanner-SpamCheck: not spam (whitelisted), > >> SpamAssassin (score=-4.9, required 5, autolearn=not spam, > >> BAYES_00 -4.90) > >> X-MailScanner-From: drichardson@bond.co.uk > >> Content-Transfer-Encoding: 8bit > >> X-MIME-Autoconverted: from quoted-printable to 8bit by > >> ns.my-network.com id j0SHJw4U018979 > >> > >> TIA, > >> > >> Ned > >> > >> ------------------------ MailScanner list > >> ------------------------ To unsubscribe, email > >> jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the > >> body of the email. Before posting, read the MAQ > >> (http://www.mailscanner.biz/maq/) and the archives > >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Message scanned by MailScanner, and is believed to be clean. > >> CONFIDENTIALITY NOTICE: This transmission intended for > the specified > >> destination and person. If this is not you, this > >> e-mail must be deleted immediately. www.nwcweb.com > >> > > > > > > -- > > Message scanned by MailScanner, and is believed to be clean. > > CONFIDENTIALITY NOTICE: This transmission intended for the > specified > > destination and person. If this is not you, this > > e-mail must be deleted immediately. www.nwcweb.com > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Message scanned by MailScanner, and is believed to be clean. > CONFIDENTIALITY NOTICE: This transmission intended for the > specified destination and person. If this is not you, this > e-mail must be deleted immediately. www.nwcweb.com > -- Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.nwcweb.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Fri Jan 28 19:11:47 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:21 2006 Subject: ?? SPAM : Why is this marked as SPAM - any clue? Message-ID: You are all getting quite high scores with listings in a number of black lists Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlist at STARWHITE.NET Fri Jan 28 19:13:41 2005 From: mlist at STARWHITE.NET (Benn Schreiber) Date: Thu Jan 12 21:28:21 2006 Subject: Orphan qf files in mqueue.in on SuSE 9.2 Message-ID: Thanks, Julian. Yes, it's 8.13. I saw the note in the .conf file but it said "probably need to change it to posix", but "probably" threw me off. ;( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Fri Jan 28 19:29:55 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:21 2006 Subject: is it normal to have have serveral sendmail proccess running after install of spamassassin Message-ID: I am new to sendmail, and spamassassin. When I do a ps-aux I noticed I have a few sendmail process's running. they look something like this sendmail: server [61.191.231.216] cmd read Is this normal? They eventauly timeout from what I can see. Thanks David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 19:35:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: is it normal to have have serveral sendmail proccess running after install of spamassassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes quite normal. It's receiving mail from several different places at once. David Ballengee wrote: > I am new to sendmail, and spamassassin. > > When I do a ps-aux I noticed I have a few sendmail process's running. > > they look something like this > > sendmail: server [61.191.231.216] cmd read > > Is this normal? > > They eventauly timeout from what I can see. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Fri Jan 28 19:34:31 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:21 2006 Subject: is it normal to have have serveral sendmail proccess running after install of spamassassin Message-ID: thanks Julian Field wrote: > Yes quite normal. It's receiving mail from several different places at > once. > > David Ballengee wrote: > >> I am new to sendmail, and spamassassin. >> >> When I do a ps-aux I noticed I have a few sendmail process's running. >> >> they look something like this >> >> sendmail: server [61.191.231.216] cmd read >> >> Is this normal? >> >> They eventauly timeout from what I can see. > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Fri Jan 28 20:00:50 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:21 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Denis Beauchemin wrote: > >> Rodney Green wrote: >> >>> Hello, >>> >>> Is it possible to copy the passwd and shadow passwd files from one Linux >>> machine to another to duplicate the user accounts from one server on the >>> other? It's something I haven't done before and was wondering if it >>> would just work. I need to setup a temp mail server so I can work on the >>> production mail server without interrupting service. >>> >> >> Rod, >> >> Sure can do. But make sure the 2 boxes have the same Linux release >> because some accounts do change from time to time. >> >> I'd also recommend rebooting the server after swapping the passwd/shadow >> files... just in case... >> >> Denis >> > > Thanks Denis! Both machines have the same Linux release so I'm good to > go with that. This will be a lot easier than having to setup all of the > accounts on the temp server. > > Rod Denis, I copied the shadow and the passwd files, just those two files, to the temp server and rebooted. I wasn't able to logon after that. I ran the Red Hat rescue and restored the original passwd and shadow files and can now logon again. Were there other files that needed to be copied too? Thanks again, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidb at UNIQUEPHOTO.COM Fri Jan 28 20:09:44 2005 From: davidb at UNIQUEPHOTO.COM (David Ballengee) Date: Thu Jan 12 21:28:21 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] yes just copy the actual users. leave all the "system users alone" Rodney Green wrote: > Rodney Green wrote: > >> Denis Beauchemin wrote: >> >>> Rodney Green wrote: >>> >>>> Hello, >>>> >>>> Is it possible to copy the passwd and shadow passwd files from one >>>> Linux >>>> machine to another to duplicate the user accounts from one server >>>> on the >>>> other? It's something I haven't done before and was wondering if it >>>> would just work. I need to setup a temp mail server so I can work >>>> on the >>>> production mail server without interrupting service. >>>> >>> >>> Rod, >>> >>> Sure can do. But make sure the 2 boxes have the same Linux release >>> because some accounts do change from time to time. >>> >>> I'd also recommend rebooting the server after swapping the >>> passwd/shadow >>> files... just in case... >>> >>> Denis >>> >> >> Thanks Denis! Both machines have the same Linux release so I'm good to >> go with that. This will be a lot easier than having to setup all of the >> accounts on the temp server. >> >> Rod > > > Denis, > > I copied the shadow and the passwd files, just those two files, to the > temp server and rebooted. I wasn't able to logon after that. I ran the > Red Hat rescue and restored the original passwd and shadow files and can > now logon again. Were there other files that needed to be copied too? > > Thanks again, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- David Ballengee IT Supervisor Unique Photo (973)377-5555x259 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Fri Jan 28 20:16:25 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:28:21 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Ballengee wrote: > yes > > just copy the actual users. > > leave all the "system users alone" > > > > Rodney Green wrote: > >> Rodney Green wrote: >> >>> Denis Beauchemin wrote: >>> >>>> Rodney Green wrote: >>>> >>>>> Hello, >>>>> >>>>> Is it possible to copy the passwd and shadow passwd files from one >>>>> Linux >>>>> machine to another to duplicate the user accounts from one server >>>>> on the >>>>> other? It's something I haven't done before and was wondering if it >>>>> would just work. I need to setup a temp mail server so I can work >>>>> on the >>>>> production mail server without interrupting service. >>>>> >>>> >>>> Rod, >>>> >>>> Sure can do. But make sure the 2 boxes have the same Linux release >>>> because some accounts do change from time to time. >>>> >>>> I'd also recommend rebooting the server after swapping the >>>> passwd/shadow >>>> files... just in case... >>>> >>>> Denis >>>> >>> >>> Thanks Denis! Both machines have the same Linux release so I'm good to >>> go with that. This will be a lot easier than having to setup all of the >>> accounts on the temp server. >>> >>> Rod >> >> >> >> Denis, >> >> I copied the shadow and the passwd files, just those two files, to the >> temp server and rebooted. I wasn't able to logon after that. I ran the >> Red Hat rescue and restored the original passwd and shadow files and can >> now logon again. Were there other files that needed to be copied too? >> >> Thanks again, >> Rod >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > David Ballengee > IT Supervisor > Unique Photo > (973)377-5555x259 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Okay, I see. Thanks David! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Jan 28 20:26:57 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:21 2006 Subject: service MailScanner start issue. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Duh, I guess I haven't had enough coffee today, or maybe I've had too much. LOL Anyway, I did install perl-5.8.6 and it installed in the /usr/local/ prefix. So I moved everything down to the /usr prefix. Is there somewhere that I need to change this so that the PERL5PATH points to /usr/lib instead of /usr/local/lib? This may very well be my issue. Thanks. Sean David Lee wrote: > The RPM mechanism should, and does, work on RH 7.3. And MailScanner > installs nicely with it. > > I suggest you look at the "./install.sh" script, and try to work out why > it believes that your particular system doesn't have RPM. (You can > run it > as "sh -x ./install.sh" to see what it is doing.) There's something not > right, and investigating it should help. > > Once you have resolved this, then there is a chance that the remaining > problems may automatically fix themselves. But see also below. > > MS does seem to want to rebuild various modules. In general, on a > cleanly > running system, you wouldn't need to worry about this. But (see above > and > below) I suspect that your system has a few peculiarities which are > significantly, and adversely, influencing things. > > Glancing through the log file you attached (most useful!), I saw near the > top that it found only one version of perl (good) in "/usr/bin" (good). > But then I noticed references to "/usr/local/lib/perl...". This feels > inconsistent, as though you might have (or have had) two version of perl: > 1. a preferred one in "/usr/bin" and "/usr/lib"; > 2. a second one, or its residue, in "/usr/local/bin" and > "/usr/local/lib". > > Do (or did) you have a second perl installation at "/usr/local/bin/perl"? > Your MS installation would have detected this and advised against it. > Perhaps you then removed that binary so that MS passed this "two version" > test, but your perl is still, for some reason, finding the remnants of > the > non-preferred "/usr/local/" version. > > So if you have both a "/usr/lib/perl..." and a "/usr/local/lib/perl...", > (or remnants) then you should consider trying to remove the "/usr/local" > version completely. > > If you really have and need both these paths on the machine, then you are > entering territory outside the recommended norms, where relatively few of > us on this list have trodden before. You could probably still succeed, > but the chances are that you'll need to get to grips understanding the > particular details of your perls on your machine, which only you (not us) > can do. > > Hope that helps. > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : University of Durham : > : http://www.dur.ac.uk/t.d.lee/ South Road : > : Durham : > : Phone: +44 191 334 2752 U.K. : > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jamey at teamlightning.com Fri Jan 28 20:41:24 2005 From: jamey at teamlightning.com (Jamey Nelson) Date: Thu Jan 12 21:28:21 2006 Subject: Advanced notice of new release Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, not really NEED the break ... deserve is the better work for it :) On Friday 28 January 2005 10:08, Julian Field wrote: > Jamey Nelson wrote: > >It's about time, I think you need the break. > > Is it that obvious? :-) > > >On Friday 28 January 2005 07:32, Julian Field wrote: > >>Just to let you folks know that I will be sending out the February > >>release a couple of days early, this weekend. I'm away for 10 days from > >>Wednesday, and I just want to be sure that any teething troubles are > >>fixed well before I go. > >> > >>So if the people who install new releases could keep an eye open this > >>weekend, it would really help. > >> > >>I will leave the January edition on the webserver as well. > >> > >>I'm going to take my OQO on holiday with me. But I only intend to use it > >>for storing photos on, not for reading my mail! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Fri Jan 28 22:05:00 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:21 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] password, group and shadow manual added users should be enough. Koen Rodney Green wrote: > David Ballengee wrote: > >> yes >> >> just copy the actual users. >> >> leave all the "system users alone" >> >> >> >> Rodney Green wrote: >> >>> Rodney Green wrote: >>> >>>> Denis Beauchemin wrote: >>>> >>>>> Rodney Green wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> Is it possible to copy the passwd and shadow passwd files from one >>>>>> Linux >>>>>> machine to another to duplicate the user accounts from one server >>>>>> on the >>>>>> other? It's something I haven't done before and was wondering if it >>>>>> would just work. I need to setup a temp mail server so I can work >>>>>> on the >>>>>> production mail server without interrupting service. >>>>>> >>>>> >>>>> Rod, >>>>> >>>>> Sure can do. But make sure the 2 boxes have the same Linux release >>>>> because some accounts do change from time to time. >>>>> >>>>> I'd also recommend rebooting the server after swapping the >>>>> passwd/shadow >>>>> files... just in case... >>>>> >>>>> Denis >>>>> >>>> >>>> Thanks Denis! Both machines have the same Linux release so I'm good to >>>> go with that. This will be a lot easier than having to setup all of >>>> the >>>> accounts on the temp server. >>>> >>>> Rod >>> >>> >>> >>> >>> Denis, >>> >>> I copied the shadow and the passwd files, just those two files, to the >>> temp server and rebooted. I wasn't able to logon after that. I ran the >>> Red Hat rescue and restored the original passwd and shadow files and >>> can >>> now logon again. Were there other files that needed to be copied too? >>> >>> Thanks again, >>> Rod >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> David Ballengee >> IT Supervisor >> Unique Photo >> (973)377-5555x259 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > Okay, I see. Thanks David! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 22:22:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I need to ask a quick favour. I need someone with 8.5 x 11 inch paper. Please can you download http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf (or extract it from the 4.38 distribution). I would then like you to print it with the smallest margins you can set. Does it look okay? Is there anything important missed off the top/bottom/sides? Where would be the best place to remove the extra bit from the top or bottom so that it would print better on USA paper sizes? Many thanks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Jan 28 22:30:28 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: I printed it on a black and white laser with .1 specified on all sides. I think it defaulted to minimum margins which I assume are .15 top and bottom, and .5 left and right. It looks good on my print. Julian Field wrote: > I need to ask a quick favour. > > I need someone with 8.5 x 11 inch paper. > Please can you download > http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf > (or extract it from the 4.38 distribution). > > I would then like you to print it with the smallest margins you can set. > > Does it look okay? > Is there anything important missed off the top/bottom/sides? > > Where would be the best place to remove the extra bit from the top or > bottom so that it would print better on USA paper sizes? > > Many thanks! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.crossan at valleypres.org Fri Jan 28 22:31:11 2005 From: john.crossan at valleypres.org (John Crossan) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favor Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Printed fine on a LaserJet 5SI nx but while your picture looks fine the hand picture on top is very jagged and blurry on black and white. John Crossan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Friday, January 28, 2005 2:23 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Someone in the USA with a printer? I need a quick favour I need to ask a quick favour. I need someone with 8.5 x 11 inch paper. Please can you download http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf (or extract it from the 4.38 distribution). I would then like you to print it with the smallest margins you can set. Does it look okay? Is there anything important missed off the top/bottom/sides? Where would be the best place to remove the extra bit from the top or bottom so that it would print better on USA paper sizes? Many thanks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 22:31:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you then try printing http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer-US-Letter.pdf and let me know if the crop I have done prints okay or not. Julian Field wrote: > I need to ask a quick favour. > > I need someone with 8.5 x 11 inch paper. > Please can you download > http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf > (or extract it from the 4.38 distribution). > > I would then like you to print it with the smallest margins you can set. > > Does it look okay? > Is there anything important missed off the top/bottom/sides? > > Where would be the best place to remove the extra bit from the top or > bottom so that it would print better on USA paper sizes? > > Many thanks! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ds at CARIBENET.COM Fri Jan 28 22:33:38 2005 From: ds at CARIBENET.COM (Dirk Enrique Seiffert) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not really USA but Colombia - We use lettersize, too. Printed just straight forward without adjustments from acroread, looks perfect. Best wishes Enrique El Vie 28 Ene 2005 17:22, Julian Field escribió: > I need to ask a quick favour. > > I need someone with 8.5 x 11 inch paper. > Please can you download > http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf > (or extract it from the 4.38 distribution). > > I would then like you to print it with the smallest margins you can set. > > Does it look okay? > Is there anything important missed off the top/bottom/sides? > > Where would be the best place to remove the extra bit from the top or > bottom so that it would print better on USA paper sizes? > > Many thanks! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 22:36:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is the US-Letter version better than printing the original, or should I not bother with the US Letter version at all? Dirk Enrique Seiffert wrote: >Not really USA but Colombia - We use lettersize, too. Printed just straight >forward without adjustments from acroread, looks perfect. > >Best wishes > >Enrique > >El Vie 28 Ene 2005 17:22, Julian Field escribió: > > >>I need to ask a quick favour. >> >>I need someone with 8.5 x 11 inch paper. >>Please can you download >>http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf >>(or extract it from the 4.38 distribution). >> >>I would then like you to print it with the smallest margins you can set. >> >>Does it look okay? >>Is there anything important missed off the top/bottom/sides? >> >>Where would be the best place to remove the extra bit from the top or >>bottom so that it would print better on USA paper sizes? >> >>Many thanks! >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Jan 28 22:36:12 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: The cropping looks fine also. Julian Field wrote: > Can you then try printing > > http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer-US-Letter.pdf > > and let me know if the crop I have done prints okay or not. > > Julian Field wrote: > >> I need to ask a quick favour. >> >> I need someone with 8.5 x 11 inch paper. >> Please can you download >> http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf >> (or extract it from the 4.38 distribution). >> >> I would then like you to print it with the smallest margins you can set. >> >> Does it look okay? >> Is there anything important missed off the top/bottom/sides? >> >> Where would be the best place to remove the extra bit from the top or >> bottom so that it would print better on USA paper sizes? >> >> Many thanks! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 22:45:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is it significantly better than the original version? In other words, should I bother with the special US Letter version at all? RedRed!com IT Department wrote: > The cropping looks fine also. > > Julian Field wrote: > >> Can you then try printing >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer-US-Letter.pdf >> >> >> and let me know if the crop I have done prints okay or not. >> >> Julian Field wrote: >> >>> I need to ask a quick favour. >>> >>> I need someone with 8.5 x 11 inch paper. >>> Please can you download >>> http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf >>> (or extract it from the 4.38 distribution). >>> >>> I would then like you to print it with the smallest margins you can >>> set. >>> >>> Does it look okay? >>> Is there anything important missed off the top/bottom/sides? >>> >>> Where would be the best place to remove the extra bit from the top or >>> bottom so that it would print better on USA paper sizes? >>> >>> Many thanks! >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Fri Jan 28 22:48:31 2005 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: I don't think it really made a difference. It looked exactly the same minus a quarter of an inch or so off the top. Julian Field wrote: > Is it significantly better than the original version? > In other words, should I bother with the special US Letter version at all? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jan 28 22:54:47 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:21 2006 Subject: Which Version? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How do I know which version of ClamAV I am running? Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jan 28 22:58:04 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:21 2006 Subject: Which Version? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't worry, I found out how clamscan -V Ta Lance Lance Haig wrote: > How do I know which version of ClamAV I am running? > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 28 22:54:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thankyou. I'll scrap the US Letter version. RedRed!com IT Department wrote: > I don't think it really made a difference. It looked exactly the same > minus a quarter of an inch or so off the top. > > Julian Field wrote: > >> Is it significantly better than the original version? >> In other words, should I bother with the special US Letter version at >> all? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Sat Jan 29 01:34:45 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:28:21 2006 Subject: blocked ietf drafts. Message-ID: hi all. i read the FAQs and the mailing list archives but i cant find any thing about the filename rules like ietf. i received many drafts a day from ietf and IAB community and the draft are like this draft-ietf-mpls-nodeid-subobject-04.txt draft-ignjatic-msec-mikey-rsa-r-00.txt draft-ietf-crisp-iris-dchk-02.txt are .txt all of them. i add a line in virus.scanning.rules FromOrTo: *@ietf.org no FromOrTo: *@ops.ietf.org no but nothing always this draft received by the subject {Blocked Content} and i need to go to spool to copy to my folder. do you have a solution for that ? is possible to allow this kind of filenames ? thanks a lot. ps: i use MailScanner-4.33.3 under Freebsd 5.3 with clamav viruscan. Pablo Allietti LACNIC -------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Sat Jan 29 05:42:29 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:21 2006 Subject: blocked ietf drafts. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pablo Allietti wrote: >hi all. i read the FAQs and the mailing list archives but i cant find >any thing about the filename rules like ietf. > >i received many drafts a day from ietf and IAB community and the draft >are like this > >draft-ietf-mpls-nodeid-subobject-04.txt >draft-ignjatic-msec-mikey-rsa-r-00.txt >draft-ietf-crisp-iris-dchk-02.txt > > >are .txt all of them. > >i add a line in virus.scanning.rules > >FromOrTo: *@ietf.org no >FromOrTo: *@ops.ietf.org no > >but nothing always this draft received by the subject {Blocked Content} >and i need to go to spool to copy to my folder. > >do you have a solution for that ? is possible to allow this kind of >filenames ? > > > The following is in MailScanner.conf. Could this be the problem? # Do you want to allow messages whose body is stored somewhere else on the # internet, which is downloaded separately by the user's email package? # There is no way to guarantee that the file fetched by the user's email # package is free from viruses, as MailScanner never sees it. # This feature is dangerous as it can allow viruses to be fetched from # other Internet sites by a user's email package. The user would just # think it was a normal email attachment and would have been scanned by # MailScanner. # It is only currently supported by Netscape 6 anyway, and the only people # who it are the IETF. So I would strongly advise leaving this switched off. # This can also be the filename of a ruleset. Allow External Message Bodies = no Mark Nienberg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jan 29 10:59:29 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:21 2006 Subject: Missing PGP signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Umm Julian, Not exactly a teething problem, but the PGP signature for 4.38.9-1 is missing here http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/ - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Sat Jan 29 15:15:36 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:28:21 2006 Subject: blocked ietf drafts. Message-ID: On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: > Pablo Allietti wrote: i do this change to yes. but nothing happend always messages mark as Blocked Content. :( another idea? thnaks > > >hi all. i read the FAQs and the mailing list archives but i cant find > >any thing about the filename rules like ietf. > > > >i received many drafts a day from ietf and IAB community and the draft > >are like this > > > >draft-ietf-mpls-nodeid-subobject-04.txt > >draft-ignjatic-msec-mikey-rsa-r-00.txt > >draft-ietf-crisp-iris-dchk-02.txt > > > > > >are .txt all of them. > > > >i add a line in virus.scanning.rules > > > >FromOrTo: *@ietf.org no > >FromOrTo: *@ops.ietf.org no > > > >but nothing always this draft received by the subject {Blocked Content} > >and i need to go to spool to copy to my folder. > > > >do you have a solution for that ? is possible to allow this kind of > >filenames ? > > > > > > > The following is in MailScanner.conf. Could this be the problem? > > # Do you want to allow messages whose body is stored somewhere else on the > # internet, which is downloaded separately by the user's email package? > # There is no way to guarantee that the file fetched by the user's email > # package is free from viruses, as MailScanner never sees it. > # This feature is dangerous as it can allow viruses to be fetched from > # other Internet sites by a user's email package. The user would just > # think it was a normal email attachment and would have been scanned by > # MailScanner. > # It is only currently supported by Netscape 6 anyway, and the only people > # who it are the IETF. So I would strongly advise leaving this switched off. > # This can also be the filename of a ruleset. > Allow External Message Bodies = no > > Mark Nienberg > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- Pablo Allietti LACNIC -------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 29 14:15:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: blocked ietf drafts. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The IETF use obscure features of some RFC's for no apparent reason. Their favourite is the "External Message Body" which no-one else in the world uses, nor have ever used. Fortunately the IETF usually also put links in their messages to where you can download the messages from a web server, which is what you should do. Pablo Allietti wrote: >On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: > > >>Pablo Allietti wrote: >> >> > >i do this change to yes. but nothing happend always messages mark as >Blocked Content. :( > >another idea? > >thnaks > > > >>>hi all. i read the FAQs and the mailing list archives but i cant find >>>any thing about the filename rules like ietf. >>> >>>i received many drafts a day from ietf and IAB community and the draft >>>are like this >>> >>>draft-ietf-mpls-nodeid-subobject-04.txt >>>draft-ignjatic-msec-mikey-rsa-r-00.txt >>>draft-ietf-crisp-iris-dchk-02.txt >>> >>> >>>are .txt all of them. >>> >>>i add a line in virus.scanning.rules >>> >>>FromOrTo: *@ietf.org no >>>FromOrTo: *@ops.ietf.org no >>> >>>but nothing always this draft received by the subject {Blocked Content} >>>and i need to go to spool to copy to my folder. >>> >>>do you have a solution for that ? is possible to allow this kind of >>>filenames ? >>> >>> >>> >>> >>> >>The following is in MailScanner.conf. Could this be the problem? >> >># Do you want to allow messages whose body is stored somewhere else on the >># internet, which is downloaded separately by the user's email package? >># There is no way to guarantee that the file fetched by the user's email >># package is free from viruses, as MailScanner never sees it. >># This feature is dangerous as it can allow viruses to be fetched from >># other Internet sites by a user's email package. The user would just >># think it was a normal email attachment and would have been scanned by >># MailScanner. >># It is only currently supported by Netscape 6 anyway, and the only people >># who it are the IETF. So I would strongly advise leaving this switched off. >># This can also be the filename of a ruleset. >>Allow External Message Bodies = no >> >>Mark Nienberg >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >---end quoted text--- > >-- > > >Pablo Allietti >LACNIC >-------------- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 29 14:16:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: Missing PGP signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ooh, thanks for that one. Forgot to put the signatures on there. I'll fix it right now. Dhawal Doshy wrote: > Umm Julian, > > Not exactly a teething problem, but the PGP signature for 4.38.9-1 is > missing here http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/ -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Sat Jan 29 15:29:04 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:28:21 2006 Subject: blocked ietf drafts. Message-ID: On Sat, Jan 29, 2005 at 02:15:19PM +0000, Julian Field wrote: > The IETF use obscure features of some RFC's for no apparent reason. > Their favourite is the "External Message Body" which no-one else in the > world uses, nor have ever used. > > Fortunately the IETF usually also put links in their messages to where > you can download the messages from a web server, which is what you > should do. yes julian i can download from the webserver, but in my company all of us received this messages and need to deliver correctly for your mailboxes. is any way to do this? > > Pablo Allietti wrote: > > >On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: > > > > > >>Pablo Allietti wrote: > >> > >> > > > >i do this change to yes. but nothing happend always messages mark as > >Blocked Content. :( > > > >another idea? > > > >thnaks > > > > > > > >>>hi all. i read the FAQs and the mailing list archives but i cant find > >>>any thing about the filename rules like ietf. > >>> > >>>i received many drafts a day from ietf and IAB community and the draft > >>>are like this > >>> > >>>draft-ietf-mpls-nodeid-subobject-04.txt > >>>draft-ignjatic-msec-mikey-rsa-r-00.txt > >>>draft-ietf-crisp-iris-dchk-02.txt > >>> > >>> > >>>are .txt all of them. > >>> > >>>i add a line in virus.scanning.rules > >>> > >>>FromOrTo: *@ietf.org no > >>>FromOrTo: *@ops.ietf.org no > >>> > >>>but nothing always this draft received by the subject {Blocked Content} > >>>and i need to go to spool to copy to my folder. > >>> > >>>do you have a solution for that ? is possible to allow this kind of > >>>filenames ? > >>> > >>> > >>> > >>> > >>> > >>The following is in MailScanner.conf. Could this be the problem? > >> > >># Do you want to allow messages whose body is stored somewhere else on the > >># internet, which is downloaded separately by the user's email package? > >># There is no way to guarantee that the file fetched by the user's email > >># package is free from viruses, as MailScanner never sees it. > >># This feature is dangerous as it can allow viruses to be fetched from > >># other Internet sites by a user's email package. The user would just > >># think it was a normal email attachment and would have been scanned by > >># MailScanner. > >># It is only currently supported by Netscape 6 anyway, and the only people > >># who it are the IETF. So I would strongly advise leaving this switched > >>off. > >># This can also be the filename of a ruleset. > >>Allow External Message Bodies = no > >> > >>Mark Nienberg > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >---end quoted text--- > > > >-- > > > > > >Pablo Allietti > >LACNIC > >-------------- > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- Pablo Allietti LACNIC -------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 29 14:26:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:21 2006 Subject: blocked ietf drafts. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You cannot safely scan messages with external bodies, which is why MailScanner blocks them. You are asking for trouble if you allow them. Pablo Allietti wrote: >On Sat, Jan 29, 2005 at 02:15:19PM +0000, Julian Field wrote: > > >>The IETF use obscure features of some RFC's for no apparent reason. >>Their favourite is the "External Message Body" which no-one else in the >>world uses, nor have ever used. >> >>Fortunately the IETF usually also put links in their messages to where >>you can download the messages from a web server, which is what you >>should do. >> >> > >yes julian i can download from the webserver, but in my company all of >us received this messages and need to deliver correctly for your >mailboxes. is any way to do this? > > > > >>Pablo Allietti wrote: >> >> >> >>>On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: >>> >>> >>> >>> >>>>Pablo Allietti wrote: >>>> >>>> >>>> >>>> >>>i do this change to yes. but nothing happend always messages mark as >>>Blocked Content. :( >>> >>>another idea? >>> >>>thnaks >>> >>> >>> >>> >>> >>>>>hi all. i read the FAQs and the mailing list archives but i cant find >>>>>any thing about the filename rules like ietf. >>>>> >>>>>i received many drafts a day from ietf and IAB community and the draft >>>>>are like this >>>>> >>>>>draft-ietf-mpls-nodeid-subobject-04.txt >>>>>draft-ignjatic-msec-mikey-rsa-r-00.txt >>>>>draft-ietf-crisp-iris-dchk-02.txt >>>>> >>>>> >>>>>are .txt all of them. >>>>> >>>>>i add a line in virus.scanning.rules >>>>> >>>>>FromOrTo: *@ietf.org no >>>>>FromOrTo: *@ops.ietf.org no >>>>> >>>>>but nothing always this draft received by the subject {Blocked Content} >>>>>and i need to go to spool to copy to my folder. >>>>> >>>>>do you have a solution for that ? is possible to allow this kind of >>>>>filenames ? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>The following is in MailScanner.conf. Could this be the problem? >>>> >>>># Do you want to allow messages whose body is stored somewhere else on the >>>># internet, which is downloaded separately by the user's email package? >>>># There is no way to guarantee that the file fetched by the user's email >>>># package is free from viruses, as MailScanner never sees it. >>>># This feature is dangerous as it can allow viruses to be fetched from >>>># other Internet sites by a user's email package. The user would just >>>># think it was a normal email attachment and would have been scanned by >>>># MailScanner. >>>># It is only currently supported by Netscape 6 anyway, and the only people >>>># who it are the IETF. So I would strongly advise leaving this switched >>>>off. >>>># This can also be the filename of a ruleset. >>>>Allow External Message Bodies = no >>>> >>>>Mark Nienberg >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>---end quoted text--- >>> >>>-- >>> >>> >>>Pablo Allietti >>>LACNIC >>>-------------- >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >---end quoted text--- > >-- > > >Pablo Allietti >LACNIC >-------------- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Sat Jan 29 15:43:07 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:28:22 2006 Subject: blocked ietf drafts. Message-ID: On Sat, Jan 29, 2005 at 02:26:13PM +0000, Julian Field wrote: i think MailScanner block this messages for the name of the file with .-..- etc. ietf only send txts in the bodies not external bodies. i think i not explain very well. :) > You cannot safely scan messages with external bodies, which is why > MailScanner blocks them. You are asking for trouble if you allow them. > > Pablo Allietti wrote: > > >On Sat, Jan 29, 2005 at 02:15:19PM +0000, Julian Field wrote: > > > > > >>The IETF use obscure features of some RFC's for no apparent reason. > >>Their favourite is the "External Message Body" which no-one else in the > >>world uses, nor have ever used. > >> > >>Fortunately the IETF usually also put links in their messages to where > >>you can download the messages from a web server, which is what you > >>should do. > >> > >> > > > >yes julian i can download from the webserver, but in my company all of > >us received this messages and need to deliver correctly for your > >mailboxes. is any way to do this? > > > > > > > > > >>Pablo Allietti wrote: > >> > >> > >> > >>>On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: > >>> > >>> > >>> > >>> > >>>>Pablo Allietti wrote: > >>>> > >>>> > >>>> > >>>> > >>>i do this change to yes. but nothing happend always messages mark as > >>>Blocked Content. :( > >>> > >>>another idea? > >>> > >>>thnaks > >>> > >>> > >>> > >>> > >>> > >>>>>hi all. i read the FAQs and the mailing list archives but i cant find > >>>>>any thing about the filename rules like ietf. > >>>>> > >>>>>i received many drafts a day from ietf and IAB community and the draft > >>>>>are like this > >>>>> > >>>>>draft-ietf-mpls-nodeid-subobject-04.txt > >>>>>draft-ignjatic-msec-mikey-rsa-r-00.txt > >>>>>draft-ietf-crisp-iris-dchk-02.txt > >>>>> > >>>>> > >>>>>are .txt all of them. > >>>>> > >>>>>i add a line in virus.scanning.rules > >>>>> > >>>>>FromOrTo: *@ietf.org no > >>>>>FromOrTo: *@ops.ietf.org no > >>>>> > >>>>>but nothing always this draft received by the subject {Blocked Content} > >>>>>and i need to go to spool to copy to my folder. > >>>>> > >>>>>do you have a solution for that ? is possible to allow this kind of > >>>>>filenames ? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>The following is in MailScanner.conf. Could this be the problem? > >>>> > >>>># Do you want to allow messages whose body is stored somewhere else on > >>>>the > >>>># internet, which is downloaded separately by the user's email package? > >>>># There is no way to guarantee that the file fetched by the user's email > >>>># package is free from viruses, as MailScanner never sees it. > >>>># This feature is dangerous as it can allow viruses to be fetched from > >>>># other Internet sites by a user's email package. The user would just > >>>># think it was a normal email attachment and would have been scanned by > >>>># MailScanner. > >>>># It is only currently supported by Netscape 6 anyway, and the only > >>>>people > >>>># who it are the IETF. So I would strongly advise leaving this switched > >>>>off. > >>>># This can also be the filename of a ruleset. > >>>>Allow External Message Bodies = no > >>>> > >>>>Mark Nienberg > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>---end quoted text--- > >>> > >>>-- > >>> > >>> > >>>Pablo Allietti > >>>LACNIC > >>>-------------- > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >---end quoted text--- > > > >-- > > > > > >Pablo Allietti > >LACNIC > >-------------- > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- Pablo Allietti LACNIC -------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 29 14:42:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: blocked ietf drafts. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What does the AttachmentWarning.txt in the messages say? Pablo Allietti wrote: >On Sat, Jan 29, 2005 at 02:26:13PM +0000, Julian Field wrote: > >i think MailScanner block this messages for the name of the file with >.-..- etc. ietf only send txts in the bodies not external bodies. i >think i not explain very well. :) > > > >>You cannot safely scan messages with external bodies, which is why >>MailScanner blocks them. You are asking for trouble if you allow them. >> >>Pablo Allietti wrote: >> >> >> >>>On Sat, Jan 29, 2005 at 02:15:19PM +0000, Julian Field wrote: >>> >>> >>> >>> >>>>The IETF use obscure features of some RFC's for no apparent reason. >>>>Their favourite is the "External Message Body" which no-one else in the >>>>world uses, nor have ever used. >>>> >>>>Fortunately the IETF usually also put links in their messages to where >>>>you can download the messages from a web server, which is what you >>>>should do. >>>> >>>> >>>> >>>> >>>yes julian i can download from the webserver, but in my company all of >>>us received this messages and need to deliver correctly for your >>>mailboxes. is any way to do this? >>> >>> >>> >>> >>> >>> >>>>Pablo Allietti wrote: >>>> >>>> >>>> >>>> >>>> >>>>>On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Pablo Allietti wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>i do this change to yes. but nothing happend always messages mark as >>>>>Blocked Content. :( >>>>> >>>>>another idea? >>>>> >>>>>thnaks >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>>hi all. i read the FAQs and the mailing list archives but i cant find >>>>>>>any thing about the filename rules like ietf. >>>>>>> >>>>>>>i received many drafts a day from ietf and IAB community and the draft >>>>>>>are like this >>>>>>> >>>>>>>draft-ietf-mpls-nodeid-subobject-04.txt >>>>>>>draft-ignjatic-msec-mikey-rsa-r-00.txt >>>>>>>draft-ietf-crisp-iris-dchk-02.txt >>>>>>> >>>>>>> >>>>>>>are .txt all of them. >>>>>>> >>>>>>>i add a line in virus.scanning.rules >>>>>>> >>>>>>>FromOrTo: *@ietf.org no >>>>>>>FromOrTo: *@ops.ietf.org no >>>>>>> >>>>>>>but nothing always this draft received by the subject {Blocked Content} >>>>>>>and i need to go to spool to copy to my folder. >>>>>>> >>>>>>>do you have a solution for that ? is possible to allow this kind of >>>>>>>filenames ? >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>The following is in MailScanner.conf. Could this be the problem? >>>>>> >>>>>># Do you want to allow messages whose body is stored somewhere else on >>>>>>the >>>>>># internet, which is downloaded separately by the user's email package? >>>>>># There is no way to guarantee that the file fetched by the user's email >>>>>># package is free from viruses, as MailScanner never sees it. >>>>>># This feature is dangerous as it can allow viruses to be fetched from >>>>>># other Internet sites by a user's email package. The user would just >>>>>># think it was a normal email attachment and would have been scanned by >>>>>># MailScanner. >>>>>># It is only currently supported by Netscape 6 anyway, and the only >>>>>>people >>>>>># who it are the IETF. So I would strongly advise leaving this switched >>>>>>off. >>>>>># This can also be the filename of a ruleset. >>>>>>Allow External Message Bodies = no >>>>>> >>>>>>Mark Nienberg >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>---end quoted text--- >>>>> >>>>>-- >>>>> >>>>> >>>>>Pablo Allietti >>>>>LACNIC >>>>>-------------- >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>>Professional Support Services at www.MailScanner.biz >>>>MailScanner thanks transtec Computers for their support >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>---end quoted text--- >>> >>>-- >>> >>> >>>Pablo Allietti >>>LACNIC >>>-------------- >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >---end quoted text--- > >-- > > >Pablo Allietti >LACNIC >-------------- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Sat Jan 29 16:06:05 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:28:22 2006 Subject: blocked ietf drafts. Message-ID: On Sat, Jan 29, 2005 at 02:42:50PM +0000, Julian Field wrote: > What does the AttachmentWarning.txt in the messages say? ohhhh. i not read the attachment warning. At Fri Jan 28 22:04:47 2005 the virus scanner said: External message bodies cannot be scanned and are removed That is the problem External Body. :( sorry for not read this. i feel like a dumb... in this case, setting External Body = no solve the problem? or i dont have a solution for that? > > Pablo Allietti wrote: > > >On Sat, Jan 29, 2005 at 02:26:13PM +0000, Julian Field wrote: > > > >i think MailScanner block this messages for the name of the file with > >.-..- etc. ietf only send txts in the bodies not external bodies. i > >think i not explain very well. :) > > > > > > > >>You cannot safely scan messages with external bodies, which is why > >>MailScanner blocks them. You are asking for trouble if you allow them. > >> > >>Pablo Allietti wrote: > >> > >> > >> > >>>On Sat, Jan 29, 2005 at 02:15:19PM +0000, Julian Field wrote: > >>> > >>> > >>> > >>> > >>>>The IETF use obscure features of some RFC's for no apparent reason. > >>>>Their favourite is the "External Message Body" which no-one else in the > >>>>world uses, nor have ever used. > >>>> > >>>>Fortunately the IETF usually also put links in their messages to where > >>>>you can download the messages from a web server, which is what you > >>>>should do. > >>>> > >>>> > >>>> > >>>> > >>>yes julian i can download from the webserver, but in my company all of > >>>us received this messages and need to deliver correctly for your > >>>mailboxes. is any way to do this? > >>> > >>> > >>> > >>> > >>> > >>> > >>>>Pablo Allietti wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>Pablo Allietti wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>i do this change to yes. but nothing happend always messages mark as > >>>>>Blocked Content. :( > >>>>> > >>>>>another idea? > >>>>> > >>>>>thnaks > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>>hi all. i read the FAQs and the mailing list archives but i cant find > >>>>>>>any thing about the filename rules like ietf. > >>>>>>> > >>>>>>>i received many drafts a day from ietf and IAB community and the > >>>>>>>draft > >>>>>>>are like this > >>>>>>> > >>>>>>>draft-ietf-mpls-nodeid-subobject-04.txt > >>>>>>>draft-ignjatic-msec-mikey-rsa-r-00.txt > >>>>>>>draft-ietf-crisp-iris-dchk-02.txt > >>>>>>> > >>>>>>> > >>>>>>>are .txt all of them. > >>>>>>> > >>>>>>>i add a line in virus.scanning.rules > >>>>>>> > >>>>>>>FromOrTo: *@ietf.org no > >>>>>>>FromOrTo: *@ops.ietf.org no > >>>>>>> > >>>>>>>but nothing always this draft received by the subject {Blocked > >>>>>>>Content} > >>>>>>>and i need to go to spool to copy to my folder. > >>>>>>> > >>>>>>>do you have a solution for that ? is possible to allow this kind of > >>>>>>>filenames ? > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>The following is in MailScanner.conf. Could this be the problem? > >>>>>> > >>>>>># Do you want to allow messages whose body is stored somewhere else on > >>>>>>the > >>>>>># internet, which is downloaded separately by the user's email > >>>>>>package? > >>>>>># There is no way to guarantee that the file fetched by the user's > >>>>>>email > >>>>>># package is free from viruses, as MailScanner never sees it. > >>>>>># This feature is dangerous as it can allow viruses to be fetched from > >>>>>># other Internet sites by a user's email package. The user would just > >>>>>># think it was a normal email attachment and would have been scanned > >>>>>>by > >>>>>># MailScanner. > >>>>>># It is only currently supported by Netscape 6 anyway, and the only > >>>>>>people > >>>>>># who it are the IETF. So I would strongly advise leaving this > >>>>>>switched > >>>>>>off. > >>>>>># This can also be the filename of a ruleset. > >>>>>>Allow External Message Bodies = no > >>>>>> > >>>>>>Mark Nienberg > >>>>>> > >>>>>>------------------------ MailScanner list ------------------------ > >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>>'leave mailscanner' in the body of the email. > >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>>> > >>>>>>Support MailScanner development - buy the book off the website! > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>---end quoted text--- > >>>>> > >>>>>-- > >>>>> > >>>>> > >>>>>Pablo Allietti > >>>>>LACNIC > >>>>>-------------- > >>>>> > >>>>>------------------------ MailScanner list ------------------------ > >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>>'leave mailscanner' in the body of the email. > >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>>> > >>>>>Support MailScanner development - buy the book off the website! > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>-- > >>>>Julian Field > >>>>www.MailScanner.info > >>>>Buy the MailScanner book at www.MailScanner.info/store > >>>>Professional Support Services at www.MailScanner.biz > >>>>MailScanner thanks transtec Computers for their support > >>>> > >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> > >>>>------------------------ MailScanner list ------------------------ > >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>>'leave mailscanner' in the body of the email. > >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>---end quoted text--- > >>> > >>>-- > >>> > >>> > >>>Pablo Allietti > >>>LACNIC > >>>-------------- > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >>> > >>> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >---end quoted text--- > > > >-- > > > > > >Pablo Allietti > >LACNIC > >-------------- > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- Pablo Allietti LACNIC -------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 29 15:02:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: blocked ietf drafts. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] From the MailScanner.conf file: # It is only currently supported by Netscape 6 anyway, and the only people # who use it are the IETF. So I would strongly advise leaving this switched off. # This can also be the filename of a ruleset. Allow External Message Bodies = no So you could set this to yes, but then any virus that was delivered to your site via an external message body would get through and not be scanned. I would advise your users to just use the web links in the messages to get the documents, and explain to them the danger of allowing External Message Bodies. Pablo Allietti wrote: >On Sat, Jan 29, 2005 at 02:42:50PM +0000, Julian Field wrote: > > >>What does the AttachmentWarning.txt in the messages say? >> >> > >ohhhh. i not read the attachment warning. > > >At Fri Jan 28 22:04:47 2005 the virus scanner said: > External message bodies cannot be scanned and are removed > > >That is the problem External Body. :( sorry for not read this. i feel >like a dumb... > >in this case, setting External Body = no solve the problem? or i dont >have a solution for that? > > > > > >>Pablo Allietti wrote: >> >> >> >>>On Sat, Jan 29, 2005 at 02:26:13PM +0000, Julian Field wrote: >>> >>>i think MailScanner block this messages for the name of the file with >>>.-..- etc. ietf only send txts in the bodies not external bodies. i >>>think i not explain very well. :) >>> >>> >>> >>> >>> >>>>You cannot safely scan messages with external bodies, which is why >>>>MailScanner blocks them. You are asking for trouble if you allow them. >>>> >>>>Pablo Allietti wrote: >>>> >>>> >>>> >>>> >>>> >>>>>On Sat, Jan 29, 2005 at 02:15:19PM +0000, Julian Field wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>The IETF use obscure features of some RFC's for no apparent reason. >>>>>>Their favourite is the "External Message Body" which no-one else in the >>>>>>world uses, nor have ever used. >>>>>> >>>>>>Fortunately the IETF usually also put links in their messages to where >>>>>>you can download the messages from a web server, which is what you >>>>>>should do. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>yes julian i can download from the webserver, but in my company all of >>>>>us received this messages and need to deliver correctly for your >>>>>mailboxes. is any way to do this? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Pablo Allietti wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>On Fri, Jan 28, 2005 at 09:42:29PM -0800, Mark Nienberg wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>Pablo Allietti wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>i do this change to yes. but nothing happend always messages mark as >>>>>>>Blocked Content. :( >>>>>>> >>>>>>>another idea? >>>>>>> >>>>>>>thnaks >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>hi all. i read the FAQs and the mailing list archives but i cant find >>>>>>>>>any thing about the filename rules like ietf. >>>>>>>>> >>>>>>>>>i received many drafts a day from ietf and IAB community and the >>>>>>>>>draft >>>>>>>>>are like this >>>>>>>>> >>>>>>>>>draft-ietf-mpls-nodeid-subobject-04.txt >>>>>>>>>draft-ignjatic-msec-mikey-rsa-r-00.txt >>>>>>>>>draft-ietf-crisp-iris-dchk-02.txt >>>>>>>>> >>>>>>>>> >>>>>>>>>are .txt all of them. >>>>>>>>> >>>>>>>>>i add a line in virus.scanning.rules >>>>>>>>> >>>>>>>>>FromOrTo: *@ietf.org no >>>>>>>>>FromOrTo: *@ops.ietf.org no >>>>>>>>> >>>>>>>>>but nothing always this draft received by the subject {Blocked >>>>>>>>>Content} >>>>>>>>>and i need to go to spool to copy to my folder. >>>>>>>>> >>>>>>>>>do you have a solution for that ? is possible to allow this kind of >>>>>>>>>filenames ? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>The following is in MailScanner.conf. Could this be the problem? >>>>>>>> >>>>>>>># Do you want to allow messages whose body is stored somewhere else on >>>>>>>>the >>>>>>>># internet, which is downloaded separately by the user's email >>>>>>>>package? >>>>>>>># There is no way to guarantee that the file fetched by the user's >>>>>>>>email >>>>>>>># package is free from viruses, as MailScanner never sees it. >>>>>>>># This feature is dangerous as it can allow viruses to be fetched from >>>>>>>># other Internet sites by a user's email package. The user would just >>>>>>>># think it was a normal email attachment and would have been scanned >>>>>>>>by >>>>>>>># MailScanner. >>>>>>>># It is only currently supported by Netscape 6 anyway, and the only >>>>>>>>people >>>>>>>># who it are the IETF. So I would strongly advise leaving this >>>>>>>>switched >>>>>>>>off. >>>>>>>># This can also be the filename of a ruleset. >>>>>>>>Allow External Message Bodies = no >>>>>>>> >>>>>>>>Mark Nienberg >>>>>>>> >>>>>>>>------------------------ MailScanner list ------------------------ >>>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>>'leave mailscanner' in the body of the email. >>>>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>>> >>>>>>>>Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>---end quoted text--- >>>>>>> >>>>>>>-- >>>>>>> >>>>>>> >>>>>>>Pablo Allietti >>>>>>>LACNIC >>>>>>>-------------- >>>>>>> >>>>>>>------------------------ MailScanner list ------------------------ >>>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>>'leave mailscanner' in the body of the email. >>>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>>> >>>>>>>Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>-- >>>>>>Julian Field >>>>>>www.MailScanner.info >>>>>>Buy the MailScanner book at www.MailScanner.info/store >>>>>>Professional Support Services at www.MailScanner.biz >>>>>>MailScanner thanks transtec Computers for their support >>>>>> >>>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>---end quoted text--- >>>>> >>>>>-- >>>>> >>>>> >>>>>Pablo Allietti >>>>>LACNIC >>>>>-------------- >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>-- >>>>Julian Field >>>>www.MailScanner.info >>>>Buy the MailScanner book at www.MailScanner.info/store >>>>Professional Support Services at www.MailScanner.biz >>>>MailScanner thanks transtec Computers for their support >>>> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>---end quoted text--- >>> >>>-- >>> >>> >>>Pablo Allietti >>>LACNIC >>>-------------- >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >---end quoted text--- > >-- > > >Pablo Allietti >LACNIC >-------------- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Sat Jan 29 20:50:37 2005 From: steve.swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:22 2006 Subject: milter-ahead Message-ID: Anthony asked me to please post the informational message below to the list. We've had great result using the application. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -----Original Message----- From: Anthony Howe [mailto:achowe@snert.com] Sent: Saturday, January 29, 2005 12:56 PM To: Steve Swaney BTW if you are posting to the MailScanner list, which I just had a quick search through, you might want to comment: milter-ahead functionality was originally implemented in milter-sender, then broken out into a separate milter, because some people just didn't want the call-back and supplemental tests of milter-sender (though they can all be set on/off now). Anyone using milter-sender does NOT need milter-ahead, since the functionality is included as an option MxCallAhead. Changes relavent to call-ahead are made to both milters pretty much at the same time. -- Anthony C Howe http://www.snert.com/ "Once...we were here." - Last of The Mohicans -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sun Jan 30 11:32:24 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:22 2006 Subject: Special mail handling Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Garry Glendown wrote: > Hi, > > a customer of our came forward with some special wishes for their mail > handling. We are currently migrating them from Tobit David server on > Novell to a Linux based Open Exchange, with MailScanner taking care of > virus/spam filtering. > > The old system (through a plugin/addon) had the possibility of special > handling of large emails - when an email would contain an unpacked > attachment, the plugin would zip the file. Also, from a certain size, > the mail (both incoming and outgoing) is held until released for mailing. > > Is it possible to implement something like this with MailScanner, or > some other tool? Nobody? I checked the docs/config files some more, but are at a loss as they don't seem to be too detailed ... One thing, the Maximum Message Size or Attachment Size could probably be used to block the messages, but I would require them not just to be blocked, but also a notification to be sent to an admin account ... (and of course need an easy [=GUI] way of releasing th message if OK; No, not for me, but can't require the customer to teach several people on how to use a Unix shell) The other option is probably using the custom functions, but again, the documentation I found is not really that helpful ... also, I'd rather program something in C than Perl ... ;) Tnx, -garry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 30 12:14:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: Special mail handling Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Garry Glendown wrote: > Garry Glendown wrote: > >> Hi, >> >> a customer of our came forward with some special wishes for their mail >> handling. We are currently migrating them from Tobit David server on >> Novell to a Linux based Open Exchange, with MailScanner taking care of >> virus/spam filtering. >> >> The old system (through a plugin/addon) had the possibility of special >> handling of large emails - when an email would contain an unpacked >> attachment, the plugin would zip the file. Also, from a certain size, >> the mail (both incoming and outgoing) is held until released for >> mailing. >> >> Is it possible to implement something like this with MailScanner, or >> some other tool? > > > Nobody? > > I checked the docs/config files some more, but are at a loss as they > don't seem to be too detailed ... > > One thing, the Maximum Message Size or Attachment Size could probably be > used to block the messages, but I would require them not just to be > blocked, but also a notification to be sent to an admin account ... (and > of course need an easy [=GUI] way of releasing th message if OK; No, not > for me, but can't require the customer to teach several people on how to > use a Unix shell) > > The other option is probably using the custom functions, but again, the > documentation I found is not really that helpful ... also, I'd rather > program something in C than Perl ... ;) MailScanner can't do this at the moment. It is quite possible it could be done with a Custom Function, but it wouldn't be trivial to write. I have a policy that MailScanner doesn't mess with a message more than it really has to. I will look into implementing it, as it is a good idea! Just not one that anyone much has asked for before. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Jan 31 09:09:25 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:22 2006 Subject: Phishing exception list? Message-ID: Is there any way to build an exception list so that mailscanner does not scan email from certain addressess for phishing fraud? Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Jan 31 09:12:27 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:22 2006 Subject: Phishing exception list? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is already done... Julian made it in the last varsion of MailScanner (4.38.9). But is not using "emails from certain addressess"... You must use the "safe site" addressess... ----- Original Message ----- From: "Carinus Carelse" To: Sent: Monday, January 31, 2005 7:09 AM Subject: Phishing exception list? > Is there any way to build an exception list so that mailscanner does not > scan email from certain addressess for phishing fraud? > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 31 09:13:25 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:22 2006 Subject: Phishing exception list? Message-ID: Carinus in the latest version (4.38-9) you can populate a file with the list of domains/ip-addresses where the phishing code will ignore. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > Is there any way to build an exception list so that mailscanner does not > scan email from certain addressess for phishing fraud? > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jim at SASHBOX.NET Mon Jan 31 09:16:01 2005 From: jim at SASHBOX.NET (Jim Barry) Date: Thu Jan 12 21:28:22 2006 Subject: Phishing exception list? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. From the MailScanner Conf file: # Do you want to check for "Phishing" attacks? # These are attacks that look like a genuine email message from your bank, # which contain a link to click on to take you to the web site where you # will be asked to type in personal information such as your account number # or credit card details. # Except it is not the real bank's web site at all, it is a very good copy # of it run by thieves who want to steal your personal information or # credit card details. # These can be spotted because the real address of the link in the message # is not the same as the text that appears to be the link. # Note: This does cause extra load, particularly on systems receiving lots # of spam such as secondary MX hosts. # This can also be the filename of a ruleset. Find Phishing Fraud = yes Define a custom ruleset to omit specific From/To addresse/domains/IPs from the phishing checks. On Mon, January 31, 2005 4:09 am, Carinus Carelse said: > Is there any way to build an exception list so that mailscanner does not > scan email from certain addressess for phishing fraud? > > Carinus > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Mon Jan 31 11:29:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:22 2006 Subject: Special mail handling Message-ID: For the "GUI release" you could perhaps use MailWatch (and then look at USER_FILTERS perhaps, if you want "sectioned admin"). http://mailwatch.sf.net It perhaps wouldn't be infeasible to dream up an automatic quarantine or notif handler for the rest. Perhaps not really worth the effort:-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Garry Glendown > Sent: den 30 januari 2005 12:32 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Special mail handling > > > Garry Glendown wrote: > > Hi, > > > > a customer of our came forward with some special wishes for > their mail > > handling. We are currently migrating them from Tobit David server on > > Novell to a Linux based Open Exchange, with MailScanner > taking care of > > virus/spam filtering. > > > > The old system (through a plugin/addon) had the possibility > of special > > handling of large emails - when an email would contain an unpacked > > attachment, the plugin would zip the file. Also, from a > certain size, > > the mail (both incoming and outgoing) is held until > released for mailing. > > > > Is it possible to implement something like this with MailScanner, or > > some other tool? > > Nobody? > > I checked the docs/config files some more, but are at a loss as they > don't seem to be too detailed ... > > One thing, the Maximum Message Size or Attachment Size could > probably be > used to block the messages, but I would require them not just to be > blocked, but also a notification to be sent to an admin > account ... (and > of course need an easy [=GUI] way of releasing th message if > OK; No, not > for me, but can't require the customer to teach several > people on how to > use a Unix shell) > > The other option is probably using the custom functions, but > again, the > documentation I found is not really that helpful ... also, I'd rather > program something in C than Perl ... ;) > > Tnx, -garry > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Jan 31 14:01:41 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting ? Message-ID: Hi, I would like to know more about whitelisting. How do I implement it? How does it affect the scanning? Can i whitelist something for spam and then still have it scanned for viruses? Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 31 14:45:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Carinus Carelse wrote: >Hi, > >I would like to know more about whitelisting. How do I implement it? > > Read about "rulesets" in the MAQ, the FAQ, the Book and /etc/MailScanner/rules/* >How does it affect the scanning? Can i whitelist something for spam and >then still have it scanned for viruses? > > Yes you can. You can have independent rulesets for as many configuration options as you like. I, of course, recommend that you buy a copy of the book. There is a very good administration guide in there, which gives you examples of all of this. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 31 14:49:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting ? Message-ID: Carinus Depends where you whitelist.... If you look at the MailScanner.conf file (or it's documentation at http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.5.html) you will see lots of places where rule files can be used. Here you can do all sorts of things including whitelist style things. It depends on what you want to stop for certain users/ip-addresses/ranges. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > Hi, > > I would like to know more about whitelisting. How do I implement it? > How does it affect the scanning? Can i whitelist something for spam and > then still have it scanned for viruses? > > Carinus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Mon Jan 31 15:13:27 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:22 2006 Subject: service MailScanner start issue. Message-ID: On Fri, 28 Jan 2005, RedRed!com IT Department wrote: > Duh, I guess I haven't had enough coffee today, or maybe I've had too > much. LOL > > Anyway, I did install perl-5.8.6 and it installed in the /usr/local/ > prefix. So I moved everything down to the /usr prefix. Is there > somewhere that I need to change this so that the PERL5PATH points to > /usr/lib instead of /usr/local/lib? This may very well be my issue. > Thanks. For "plug-and-play" usage, MS much prefers that the machine has just one perl installation which has been cleanly installed and maintained. It is possible to run on machines with two (or more?) perl installations that are each clean (and I've done so), but it perhaps won't "plug-and-play". If you then start diddling and moving around bits of perl, its libraries and its modules, that is almost certainly asking for trouble. (As perl modules build, they often know, and need to know, where they (and each other are); moving them confuses them mightily.) Consider cleaning out all remanants of all perls and, after checking that all traces of all perls really have gone, then re-install a single perl of your choice into a single location of your choice ("/usr" probably preferred to "/usr/local") and maintain it cleanly there. Then, and only then, return to MS, which should then cleanly install. Sorry if that sounds a bit harsh! (Much in life is multitudinous and subtle shades of grey. But MS's preferences for a single, clean perl is a more blatant black and white issue.) Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 31 15:31:35 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:22 2006 Subject: service MailScanner start issue. Message-ID: David Lee wrote: > On Fri, 28 Jan 2005, RedRed!com IT Department wrote: > >> Duh, I guess I haven't had enough coffee today, or maybe I've had too >> much. LOL >> >> Anyway, I did install perl-5.8.6 and it installed in the /usr/local/ >> prefix. So I moved everything down to the /usr prefix. Is there >> somewhere that I need to change this so that the PERL5PATH points to >> /usr/lib instead of /usr/local/lib? This may very well be my issue. >> Thanks. > > > For "plug-and-play" usage, MS much prefers that the machine has just one > perl installation which has been cleanly installed and maintained. It is > possible to run on machines with two (or more?) perl installations that > are each clean (and I've done so), but it perhaps won't "plug-and-play". > If you then start diddling and moving around bits of perl, its libraries > and its modules, that is almost certainly asking for trouble. > > (As perl modules build, they often know, and need to know, where they (and > each other are); moving them confuses them mightily.) > > Consider cleaning out all remanants of all perls and, after checking that > all traces of all perls really have gone, then re-install a single perl of > your choice into a single location of your choice ("/usr" probably > preferred to "/usr/local") and maintain it cleanly there. > > Then, and only then, return to MS, which should then cleanly install. > > Sorry if that sounds a bit harsh! (Much in life is multitudinous and > subtle shades of grey. But MS's preferences for a single, clean perl is a > more blatant black and white issue.) > > Hope that helps. > > -- > > : David Lee David assumes you are running a Linux flavour as some O/S's (the BSD's, FreeBSD in particular) are quite happy with two perls....one that with the base O/S (getting less required) and one from the ports tree. There's even a little script to switch from one to the other. BUT when you install MS you have to point it at the actual perl being used rather than relying on the sym link to cope (install.sh --perl=/usr/local/bin/perl). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Jan 31 15:34:30 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting ? Message-ID: Ok you pirate how much for the book and where do I get it. I will definitely buy a copy. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carinus.carelse at MRC.AC.ZA Mon Jan 31 15:43:59 2005 From: carinus.carelse at MRC.AC.ZA (Carinus Carelse) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting another query Message-ID: Well even if I buy the book it's gonna take a while for it to get to me here in africa. I was wondering if anyone could give me some help with the whitelisting this so long so I can implement it. 1) I have a to: domain which domain.com. Which I want to whitelist for spam but I still want the virus checking to happen can someone please give me a config example. I have the new version of Mailscanner installed. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Jan 31 15:46:34 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello! This is a little of topic, but is there a way I can create a default signature for all messages wrote by a single user in my server? I use this user for all "automatic messages" generated by my ERP, and I would like to put a message like "this is an automatic mail, don't replay, etc, etc..". I'm using sendmail... Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jan 31 15:49:58 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting another query Message-ID: If you whitelist for spam checks, the emails will still be virus scanned unless you have a rule that overrides that. Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Carinus Carelse Sent: Monday, January 31, 2005 9:44 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Whitelisting another query Well even if I buy the book it's gonna take a while for it to get to me here in africa. I was wondering if anyone could give me some help with the whitelisting this so long so I can implement it. 1) I have a to: domain which domain.com. Which I want to whitelist for spam but I still want the virus checking to happen can someone please give me a config example. I have the new version of Mailscanner installed. Carinus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jan 31 15:52:14 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: Create a ruleset for Signing messages ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Roger Jochem Sent: Monday, January 31, 2005 9:47 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Offtopic Hello! This is a little of topic, but is there a way I can create a default signature for all messages wrote by a single user in my server? I use this user for all "automatic messages" generated by my ERP, and I would like to put a message like "this is an automatic mail, don't replay, etc, etc..". I'm using sendmail... Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Jan 31 15:54:02 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you have any example of how I do that? I never did that before... Thanks! Roger Jochem ----- Original Message ----- From: "Mike Kercher" To: Sent: Monday, January 31, 2005 1:52 PM Subject: Re: Offtopic > Create a ruleset for Signing messages > > ________________________________ > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Roger Jochem > Sent: Monday, January 31, 2005 9:47 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Offtopic > > > Hello! > > This is a little of topic, but is there a way I can create a default > signature for all messages wrote by a single user in my server? I use this > user for all "automatic messages" generated by my ERP, and I would like to > put a message like "this is an automatic mail, don't replay, etc, etc..". > > I'm using sendmail... > > Regards > > Roger Jochem > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jan 31 16:07:25 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: Roger Jochem wrote: > Do you have any example of how I do that? I never did that before... > > Thanks! > > Roger Jochem > > ----- Original Message ----- > From: "Mike Kercher" > To: > Sent: Monday, January 31, 2005 1:52 PM > Subject: Re: Offtopic > > >> Create a ruleset for Signing messages >> >> ________________________________ >> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf >> Of Roger Jochem >> Sent: Monday, January 31, 2005 9:47 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Offtopic >> >> >> Hello! >> >> This is a little of topic, but is there a way I can create a default >> signature for all messages wrote by a single user in my server? I use >> this user for all "automatic messages" generated by my ERP, and I >> would like to put a message like "this is an automatic mail, don't >> replay, etc, etc..". >> >> I'm using sendmail... >> >> Regards >> >> Roger Jochem # Set where to find the HTML and text versions that will be added to the # end of all clean messages, if "Sign Clean Messages" is set. # These can also be the filenames of rulesets. Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt # Add the "Inline HTML Signature" or "Inline Text Signature" to the end # of uninfected messages? # This can also be the filename of a ruleset. Sign Clean Messages = %rules-dir%/sig.rules /etc/MailScanner/rules/sig.rules From: your_user@domain.tld yes FromTo: default no Give that a shot. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Jan 31 16:12:17 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. I will give it a try... ----- Original Message ----- From: "Mike Kercher" To: Sent: Monday, January 31, 2005 2:07 PM Subject: Re: Offtopic > Roger Jochem wrote: > > Do you have any example of how I do that? I never did that before... > > > > Thanks! > > > > Roger Jochem > > > > ----- Original Message ----- > > From: "Mike Kercher" > > To: > > Sent: Monday, January 31, 2005 1:52 PM > > Subject: Re: Offtopic > > > > > >> Create a ruleset for Signing messages > >> > >> ________________________________ > >> > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >> On Behalf > >> Of Roger Jochem > >> Sent: Monday, January 31, 2005 9:47 AM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Offtopic > >> > >> > >> Hello! > >> > >> This is a little of topic, but is there a way I can create a default > >> signature for all messages wrote by a single user in my server? I use > >> this user for all "automatic messages" generated by my ERP, and I > >> would like to put a message like "this is an automatic mail, don't > >> replay, etc, etc..". > >> > >> I'm using sendmail... > >> > >> Regards > >> > >> Roger Jochem > > # Set where to find the HTML and text versions that will be added to the > > # end of all clean messages, if "Sign Clean Messages" is set. > # These can also be the filenames of rulesets. > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > > # Add the "Inline HTML Signature" or "Inline Text Signature" to the end > # of uninfected messages? > # This can also be the filename of a ruleset. > Sign Clean Messages = %rules-dir%/sig.rules > > /etc/MailScanner/rules/sig.rules > > From: your_user@domain.tld yes > FromTo: default no > > Give that a shot. > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 31 16:14:23 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting another query Message-ID: Carinus Have a look at the First example in the etc/rules/EXAMPLE file. It will get you started...if not solve the problem. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Carinus Carelse wrote: > Well even if I buy the book it's gonna take a while for it to get to me > here in africa. I was wondering if anyone could give me some help with > the whitelisting this so long so I can implement it. > > 1) I have a *to:* domain which domain.com. Which I want to whitelist > for spam but I still want the virus checking to happen can someone > please give me a config example. I have the new version of Mailscanner > installed. > > Carinus > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jan 31 16:42:12 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:22 2006 Subject: upgrade to Compress-Zlib-1.34 recommended Message-ID: Gang, I've been keeping my eye out for this one... A new version of Compress-Zlib has been released at CPAN. Version 1.33 used zlib 1.1.4. Version 1.34 of Compress-Zlib uses zlib 1.2.2. Version 1.2.1 had a security vulnerability that 1.2.2 repaired (I don't know if this vulnerability was in 1.1.4). For more info, see: http://www.zlib.net http://archives.neohapsis.com/archives/bugtraq/2004-08/0370.html http://search.cpan.org/~pmqs/Compress-Zlib-1.34/ I would urge you to (a) upgrade zlib, (b) upgrade Compress-Zlib perl module, (c) make sure that OpenSSH is using zlib 1.2.2 (offtopic to MailScanner, but good security). Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 31 16:52:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] $39.95 (US Dollars). There is a picture of the book on http://www.mailscanner.info/ then just click on the book and it will take you to the purchasing site. Thankyou! Carinus Carelse wrote: >Ok you pirate how much for the book and where do I get it. I will definitely buy >a copy. > >Carinus > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Mon Jan 31 17:01:31 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:28:22 2006 Subject: TNEF decoding errors Message-ID: All, Just recently I've been seeing lots of messages along the line of... "Corrupt TNEF winmail.dat that cannot be analysed in message " Has anyone else seen a sharp increase? Which TNEF decoder are you all running? Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Jan 31 17:24:08 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It worked fine... Thanks ----- Original Message ----- From: "Mike Kercher" To: Sent: Monday, January 31, 2005 2:07 PM Subject: Re: Offtopic > Roger Jochem wrote: > > Do you have any example of how I do that? I never did that before... > > > > Thanks! > > > > Roger Jochem > > > > ----- Original Message ----- > > From: "Mike Kercher" > > To: > > Sent: Monday, January 31, 2005 1:52 PM > > Subject: Re: Offtopic > > > > > >> Create a ruleset for Signing messages > >> > >> ________________________________ > >> > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >> On Behalf > >> Of Roger Jochem > >> Sent: Monday, January 31, 2005 9:47 AM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Offtopic > >> > >> > >> Hello! > >> > >> This is a little of topic, but is there a way I can create a default > >> signature for all messages wrote by a single user in my server? I use > >> this user for all "automatic messages" generated by my ERP, and I > >> would like to put a message like "this is an automatic mail, don't > >> replay, etc, etc..". > >> > >> I'm using sendmail... > >> > >> Regards > >> > >> Roger Jochem > > # Set where to find the HTML and text versions that will be added to the > > # end of all clean messages, if "Sign Clean Messages" is set. > # These can also be the filenames of rulesets. > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > > # Add the "Inline HTML Signature" or "Inline Text Signature" to the end > # of uninfected messages? > # This can also be the filename of a ruleset. > Sign Clean Messages = %rules-dir%/sig.rules > > /etc/MailScanner/rules/sig.rules > > From: your_user@domain.tld yes > FromTo: default no > > Give that a shot. > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 31 17:26:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: TNEF decoding errors Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would probably advise using the internal one these days. TNEF messages are now so rare that the cost of the extra load in running the slower one is far less than the benefit of it reading more different types of TNEF. Pentland G. wrote: >All, > >Just recently I've been seeing lots of messages along the line of... > >"Corrupt TNEF winmail.dat that cannot be analysed in message " > >Has anyone else seen a sharp increase? > >Which TNEF decoder are you all running? > >Gary > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 31 18:10:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] May I recommend a copy of the book, so that you learn to understand all this stuff? Roger Jochem wrote: >It worked fine... > >Thanks > >----- Original Message ----- >From: "Mike Kercher" >To: >Sent: Monday, January 31, 2005 2:07 PM >Subject: Re: Offtopic > > > > >>Roger Jochem wrote: >> >> >>>Do you have any example of how I do that? I never did that before... >>> >>>Thanks! >>> >>>Roger Jochem >>> >>>----- Original Message ----- >>>From: "Mike Kercher" >>>To: >>>Sent: Monday, January 31, 2005 1:52 PM >>>Subject: Re: Offtopic >>> >>> >>> >>> >>>>Create a ruleset for Signing messages >>>> >>>>________________________________ >>>> >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>>On Behalf >>>>Of Roger Jochem >>>>Sent: Monday, January 31, 2005 9:47 AM >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Offtopic >>>> >>>> >>>>Hello! >>>> >>>>This is a little of topic, but is there a way I can create a default >>>>signature for all messages wrote by a single user in my server? I use >>>>this user for all "automatic messages" generated by my ERP, and I >>>>would like to put a message like "this is an automatic mail, don't >>>>replay, etc, etc..". >>>> >>>>I'm using sendmail... >>>> >>>>Regards >>>> >>>>Roger Jochem >>>> >>>> >># Set where to find the HTML and text versions that will be added to the >> >># end of all clean messages, if "Sign Clean Messages" is set. >># These can also be the filenames of rulesets. >>Inline HTML Signature = %report-dir%/inline.sig.html >>Inline Text Signature = %report-dir%/inline.sig.txt >> >># Add the "Inline HTML Signature" or "Inline Text Signature" to the end >># of uninfected messages? >># This can also be the filename of a ruleset. >>Sign Clean Messages = %rules-dir%/sig.rules >> >>/etc/MailScanner/rules/sig.rules >> >>From: your_user@domain.tld yes >>FromTo: default no >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Mon Jan 31 18:24:54 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:28:22 2006 Subject: Offtopic Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It is a good recomendation! I will do it soon... Regards Roger Jochem ----- Original Message ----- From: "Julian Field" To: Sent: Monday, January 31, 2005 4:10 PM Subject: Re: Offtopic > May I recommend a copy of the book, so that you learn to understand all > this stuff? > > Roger Jochem wrote: > > >It worked fine... > > > >Thanks > > > >----- Original Message ----- > >From: "Mike Kercher" > >To: > >Sent: Monday, January 31, 2005 2:07 PM > >Subject: Re: Offtopic > > > > > > > > > >>Roger Jochem wrote: > >> > >> > >>>Do you have any example of how I do that? I never did that before... > >>> > >>>Thanks! > >>> > >>>Roger Jochem > >>> > >>>----- Original Message ----- > >>>From: "Mike Kercher" > >>>To: > >>>Sent: Monday, January 31, 2005 1:52 PM > >>>Subject: Re: Offtopic > >>> > >>> > >>> > >>> > >>>>Create a ruleset for Signing messages > >>>> > >>>>________________________________ > >>>> > >>>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >>>>On Behalf > >>>>Of Roger Jochem > >>>>Sent: Monday, January 31, 2005 9:47 AM > >>>>To: MAILSCANNER@JISCMAIL.AC.UK > >>>>Subject: Offtopic > >>>> > >>>> > >>>>Hello! > >>>> > >>>>This is a little of topic, but is there a way I can create a default > >>>>signature for all messages wrote by a single user in my server? I use > >>>>this user for all "automatic messages" generated by my ERP, and I > >>>>would like to put a message like "this is an automatic mail, don't > >>>>replay, etc, etc..". > >>>> > >>>>I'm using sendmail... > >>>> > >>>>Regards > >>>> > >>>>Roger Jochem > >>>> > >>>> > >># Set where to find the HTML and text versions that will be added to the > >> > >># end of all clean messages, if "Sign Clean Messages" is set. > >># These can also be the filenames of rulesets. > >>Inline HTML Signature = %report-dir%/inline.sig.html > >>Inline Text Signature = %report-dir%/inline.sig.txt > >> > >># Add the "Inline HTML Signature" or "Inline Text Signature" to the end > >># of uninfected messages? > >># This can also be the filename of a ruleset. > >>Sign Clean Messages = %rules-dir%/sig.rules > >> > >>/etc/MailScanner/rules/sig.rules > >> > >>From: your_user@domain.tld yes > >>FromTo: default no > >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlist at STARWHITE.NET Mon Jan 31 18:36:24 2005 From: mlist at STARWHITE.NET (Benn Schreiber) Date: Thu Jan 12 21:28:22 2006 Subject: Orphan qf files in mqueue.in on SuSE 9.2 Message-ID: Just to close this off cleanly. This definitely corrected the problem. Looks like "probably need to change it to posix" is "definitely need to change it to posix", at least on Suse 9.2. Thanks again Benn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 31 20:10:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I were to install a Wiki on the MailScanner site, would someone (or several of you) be prepared to take on the job of converting the current FAQ-o-matic to a Wiki? It's basically a cut and paste job. It's the content that matters, not precisely who created the FAQ addition. Any volunteers please? I can get a Wiki set up pretty quickly if you are prepared to do it. Thanks folks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 31 20:08:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:22 2006 Subject: OT: Linux passwd/shadow files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Rodney Green wrote: > >> Denis Beauchemin wrote: >> >>> Rodney Green wrote: >>> >>>> Hello, >>>> >>>> Is it possible to copy the passwd and shadow passwd files from one >>>> Linux >>>> machine to another to duplicate the user accounts from one server on >>>> the >>>> other? It's something I haven't done before and was wondering if it >>>> would just work. I need to setup a temp mail server so I can work on >>>> the >>>> production mail server without interrupting service. >>>> >>> >>> Rod, >>> >>> Sure can do. But make sure the 2 boxes have the same Linux release >>> because some accounts do change from time to time. >>> >>> I'd also recommend rebooting the server after swapping the passwd/shadow >>> files... just in case... >>> >>> Denis >>> >> >> Thanks Denis! Both machines have the same Linux release so I'm good to >> go with that. This will be a lot easier than having to setup all of the >> accounts on the temp server. >> >> Rod > > > Denis, > > I copied the shadow and the passwd files, just those two files, to the > temp server and rebooted. I wasn't able to logon after that. I ran the > Red Hat rescue and restored the original passwd and shadow files and can > now logon again. Were there other files that needed to be copied too? > > Thanks again, > Rod I using Redhat or Fedora, you might need the group files also. Redhat creates a new group by default with each new user. -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jan 31 20:21:50 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:22 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > If I were to install a Wiki on the MailScanner site, would someone (or > several of you) be prepared to take on the job of converting the current > FAQ-o-matic to a Wiki? > > It's basically a cut and paste job. It's the content that matters, not > precisely who created the FAQ addition. > > Any volunteers please? > > I can get a Wiki set up pretty quickly if you are prepared to do it. > > Thanks folks! > > Personally I have never posted to one (Rarely having anything sensible to say ;-) ) but I would be happy to help (Assuming it's as straight forward as it looks). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Mon Jan 31 20:24:46 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:28:22 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, On Monday, January 31, 2005 9:21 PM [GMT+1=CET], Drew Marshall wrote: > Julian Field wrote: > >> If I were to install a Wiki on the MailScanner site, would someone >> (or several of you) be prepared to take on the job of converting the >> current FAQ-o-matic to a Wiki? >> >> It's basically a cut and paste job. It's the content that matters, >> not precisely who created the FAQ addition. >> >> Any volunteers please? >> >> I can get a Wiki set up pretty quickly if you are prepared to do it. >> >> Thanks folks! >> >> > Personally I have never posted to one (Rarely having anything sensible > to say ;-) ) but I would be happy to help (Assuming it's as straight > forward as it looks). Me too! -- Regards, Wietse ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lou.baccari at HP.COM Mon Jan 31 20:23:30 2005 From: lou.baccari at HP.COM (Baccari, Lou) Date: Thu Jan 12 21:28:22 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: I available. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: Monday, January 31, 2005 3:22 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Volunteers to convert FAQ to a Wiki? Julian Field wrote: > If I were to install a Wiki on the MailScanner site, would someone (or > several of you) be prepared to take on the job of converting the > current FAQ-o-matic to a Wiki? > > It's basically a cut and paste job. It's the content that matters, not > precisely who created the FAQ addition. > > Any volunteers please? > > I can get a Wiki set up pretty quickly if you are prepared to do it. > > Thanks folks! > > Personally I have never posted to one (Rarely having anything sensible to say ;-) ) but I would be happy to help (Assuming it's as straight forward as it looks). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 31 20:34:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:22 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Is the US-Letter version better than printing the original, or should I > not bother with the US Letter version at all? > > Dirk Enrique Seiffert wrote: > >> Not really USA but Colombia - We use lettersize, too. Printed just >> straight forward without adjustments from acroread, looks perfect. >> >> Best wishes >> >> Enrique >> >> El Vie 28 Ene 2005 17:22, Julian Field escribió: >> >> >>> I need to ask a quick favour. >>> >>> I need someone with 8.5 x 11 inch paper. >>> Please can you download >>> http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf >>> (or extract it from the 4.38 distribution). >>> >>> I would then like you to print it with the smallest margins you can set. >>> >>> Does it look okay? >>> Is there anything important missed off the top/bottom/sides? >>> >>> Where would be the best place to remove the extra bit from the top or >>> bottom so that it would print better on USA paper sizes? >>> >>> Many thanks! My acrobat is set to reduce to fit, and it just leaves a little whitespace around the edges. And except for the top picture, it looks great on a Color Laserjet. But on another subject, what is that ruleset editor on the last screenshot on page 2? Is that also from Mailwatch? I might just have to give Mailwatch a go! -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 31 20:40:22 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > $39.95 (US Dollars). There is a picture of the book on > http://www.mailscanner.info/ then just click on the book and it will > take you to the purchasing site. > > Thankyou! > > Carinus Carelse wrote: > >> Ok you pirate how much for the book and where do I get it. I will >> definitely buy >> a copy. >> >> Carinus I think a $40 book to support free software worth many thousands of dollars is a small price to pay. Will be ordering mine even if the evil overlords will not pony up and reimburse me. I was just waiting for it to stable up a bit... Maybe if there was a way to get updated content if you purchased a copy? -- "If you have ever eaten crow, It don't taste like chicken!!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cconn at ABACOM.COM Mon Jan 31 20:56:09 2005 From: cconn at ABACOM.COM (Chris Conn) Date: Thu Jan 12 21:28:22 2006 Subject: [Clamav-users] Ignoring options on 0.81 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mario Alberto Cruz Gartner wrote: > Hi! > I was using 0.80 and getting excellents results with it. > Today i upgraded to 0.81 but when the clamdscan is called (from the > MailScanner program) it says: > > WARNING: Ignoring option --unzip: please edit clamd.conf instead. > WARNING: Ignoring option --unarj: please edit clamd.conf instead. > WARNING: Ignoring option --unrar: please edit clamd.conf instead. > WARNING: Ignoring option --tar: please edit clamd.conf instead. > WARNING: Ignoring option --lha: please edit clamd.conf instead. > WARNING: Ignoring option --unzip: please edit clamd.conf instead. > WARNING: Ignoring option -r: please edit clamd.conf instead. > > And the MailScanner lets pass the messages without importance of their > virus state. > > Then i go to the configuration of the MailScanner clamav wrapper, and > erase the 6 options with the clamdscan was called. But, the "-r > option" it's not being called from anywhere that i can see. Hello, This should have been asked in the MailScanner list. Nevertheless, you are using clamdscan instead of clamscan (as do I since it is much more efficient). The -r option you refer to is actually in the /usr/lib/MailScanner/MailScanner/SweepViruses.pm file; you have to remove the -r that is called from there manually. Not a very clean way of doing things (and you have to re-do it if you upgrade MailScanner), but necessary to run clamdscan. The older clamav took the -r without complaints, but the new one does not. MailScanner folks does not seem to take into consideration that clamdscan is better than Mail::ClamAV, which is better than plain old clamscan. So I hope you (and I) don't get too much flak for this OT post. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 31 22:03:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: Someone in the USA with a printer? I need a quick favour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Julian Field wrote: > >> Is the US-Letter version better than printing the original, or should >> I not bother with the US Letter version at all? >> >> Dirk Enrique Seiffert wrote: >> >>> Not really USA but Colombia - We use lettersize, too. Printed just >>> straight forward without adjustments from acroread, looks perfect. >>> >>> Best wishes >>> >>> Enrique >>> >>> El Vie 28 Ene 2005 17:22, Julian Field escribió: >>> >>> >>>> I need to ask a quick favour. >>>> >>>> I need someone with 8.5 x 11 inch paper. >>>> Please can you download >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/MailScannerFlyer.pdf >>>> (or extract it from the 4.38 distribution). >>>> >>>> I would then like you to print it with the smallest margins you can >>>> set. >>>> >>>> Does it look okay? >>>> Is there anything important missed off the top/bottom/sides? >>>> >>>> Where would be the best place to remove the extra bit from the top or >>>> bottom so that it would print better on USA paper sizes? >>>> >>>> Many thanks! >>> > My acrobat is set to reduce to fit, and it just leaves a little > whitespace around the edges. And except for the top picture, it looks > great on a Color Laserjet. Great. Many thanks for that. > > But on another subject, what is that ruleset editor on the last > screenshot on page 2? Is that also from Mailwatch? > I might just have to give Mailwatch a go! The ruleset editor is a sneak preview of a product to come... (I'm not going to tell you any more, you will find out soon enough anyway :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 31 22:04:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:22 2006 Subject: Whitelisting ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Julian Field wrote: > >> $39.95 (US Dollars). There is a picture of the book on >> http://www.mailscanner.info/ then just click on the book and it will >> take you to the purchasing site. >> >> Thankyou! >> >> Carinus Carelse wrote: >> >>> Ok you pirate how much for the book and where do I get it. I will >>> definitely buy >>> a copy. >>> >>> Carinus >> > I think a $40 book to support free software worth many thousands of > dollars is a small price to pay. Will be ordering mine even if the evil > overlords will not pony up and reimburse me. I was just waiting for it > to stable up a bit... > Maybe if there was a way to get updated content if you purchased a copy? > That's not very easy. But I have only just updated it, it is accurate up to and including 4.37. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Jan 31 22:33:21 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:28:22 2006 Subject: Why does MailScanner not like my Football club? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have mail I recieve from a football club mailing list and it is stopped under the "Other Bad Content Detected" I am not sure if Julian has something against "Spurs" :-) Anyway why would a message be marked as "Other Bad Content Detected" and can I stop it being blocked? Thanks again Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jim at jameswest.com Mon Jan 31 23:15:31 2005 From: Jim at jameswest.com (Jim West) Date: Thu Jan 12 21:28:22 2006 Subject: Volunteers to convert FAQ to a Wiki? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wiki's rock! I use one on my domain. I'll help where I can! - Jim > If I were to install a Wiki on the MailScanner site, would someone (or > several of you) be prepared to take on the job of converting the current > FAQ-o-matic to a Wiki? > > It's basically a cut and paste job. It's the content that matters, not > precisely who created the FAQ addition. > > Any volunteers please? > > I can get a Wiki set up pretty quickly if you are prepared to do it. > > Thanks folks! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website!