From MailScanner at ecs.soton.ac.uk Sat Jan 1 12:58:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: An express checkout? [was: Re: Postfix and Mailscanner sitting in a tree k-iss-ing] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] paddy wrote: >Upon reflection I can't see a 'simple criteria' that's cheap enough to be >a no-brainer to use unless you can do some processing before the incoming mail >first goes to disk. > > The message has not been received until it has hit the disk. So you're proposing working on a message using partial information to start with, to try to guess the spammy state of it. > (My first choice would be originating IP. I did briefly, in desperation, > consider size). Anything else is just equivalent to what MailScanner > already does (dispatch RBL queries early, etc) only my suggestions > were weaker :) > > I already split incoming and outgoing mail on my site. Surely just having separate servers for mail going in different directions is the easiest. > I'm also imagining that any processing before the mail hits disk > is at a premium in a DoS/highload situation, although that may not be the > case if the cpu is not the bottleneck ... > > Interesting thought. Would only work with some MTA's though, it depends on how they write the messages to disk. We're assuming here that a message's metadata gets written first, and potentially long before the message body. >I don't think the express checkout idea is necessarily a totally lost cause: > > sure, the cost of scheduling can easily drown the value, but a system > where the order of operations effects the cost is a promising target. > > One of the major factors here, which I don't think you have commented on, is that scanning the queue directory at all is a very expensive operation when the queue is large. Which is why I have the "emergency queue-clearing mode". Just looking at all the queue files at all can take a long time and involve loads of i/o. So the cost of the express checkout tests may well swamp any performance gain you get. > the original intention - differential QoS based on approximate spamminess - > still seems good. The problem is implementing it at acceptable costs. > (remember Magnus Pike?) > > Oh yes. One of my great aunts lived next door to him in Hammersmith. Very funny guy. MailScanner, in a way, already tries to do quite a lot of the checking you mention above if you let it. If you have a good RBL such as SBL+XBL, and use a config like this: Spam List = SBL+XBL Check SpamAssassin If On Spam List = no Spam Lists To Reach High Score = 1 High Scoring Spam Actions = delete (the 3rd setting is just so I can use the High scoring action to delete RBL hits, which will probably fit in to your site policy rather better than using the normal scoring action) Doing this will completely get rid of any messages hitting the RBL without any operation on the message body at all. It is all done based on the content of the headers/envelope. > > I also had this vague idea that using directories for the elevator in the > CriticalQueue condition might be cheaper than sorting by date, but the > problem is obvious .... > >What I realise is: > > I don't really understand the trade-off between batch size and MaxChildren > > I'd certainly appreciate it if you, or anyone for that matter :), could help > me with this. Since they are both limits, I imagine that describing the > limiting conditions will help. > > Smaller batches make virus scanning less efficient, but produce a more "responsive" system under load. The message bandwidth is less (less messages/hour) but the message latency (delay through MS) can be a lot less. So if you inject a message one end, it pops out the other end sooner. The cost is that you can't inject so many messages/hour. MaxChildren should be set so that all the available resources are being used all the time. Set it too high and the machine will spend too much of its time context-switching between children, and too little time actually doing useful work. Set it too low and there will be times when at least one of the i/o, disk or net will be idle, which wastes resources. My initial estimates of 5 per CPU, and possibly 8 per hyper-threaded CPU, were based on some early testing I did on a dual-cpu box I've got. 5 per cpu gave very good throughput, and the system wasn't context-switching excessively. If you have a quiet machine, by all means set it to less. I assume that MailScanner will be running 100% or nearly 100%. After all, if the machine is quiet, who cares if I waste a few resources. No-one else wanted them anyway. > I'm just re-reading the notes in the conf file. > > Does a mailscanner child really consume ~20MB ? Why ? > > If you are running SpamAssassin it can easily be double that. Perl processes are big, as the Perl compiler is very big and needs to be in each process (so you can use cool things like "eval" in your program). Ram is very cheap anyway. > based on your 'try 5 children per CPU' comment, I'm guessing that more > children = more cpu heavy (which makes sense anyway). > (must fix my CPU utlisation logging! :) > > Is there even a BatchSize type option? Is MailScanner even batch-oriented > in the way I had imagined? is MaxUnscannedMessagesPerScan it ? > > There are 4 options there: Max Unscanned Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 This stops batches getting too big by picking up several huge messages all in the same batch. Total batch size = number of messages * average message size So you need to limit both the number of messages and the message size to have control of that calculation. > I'm also amused to discover (see previous mail) I have > > Max Normal Queue Size = 5000 > > I would recommend lowering that, it's pretty big. Try about 1000 or so. > This reminds me of the 'per-user spamsassasin' thread tonight. There are > already so many options, no doubt for each one there is somebody who > really needs it, but nobody could really need them all (could they?), > and the idea that anybody needs a new one should at least attract a > little skepticism. But then, I expect I'm preaching to the priest ! > > would any of the options make sense in multiple units? > for (over)simplified example: 5000 mails or 5 mails per GHz of cpu > perhaps this is best left to admin and configuration tools? > > It's not as simple as just CPU speed. It's a lot more complex than that. >And it's easy to think you (I mean me, of course!) know what going on, until .... > >I wish you a Very Happy New Year ! > > Happy New Year to you too! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 13:18:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: MailScanner ANNOUNCE Stable 4.37 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable release, 4.37.7. The main new features this month include: -- More phishing net improvements -- Spam/MCP archive kept clean of viruses so infected spam cannot be recovered by your users -- Arbitrary headers can be added to non-/low-scoring/high-scoring spam to ease upgrading of other systems to MailScanner -- Sendmail split queues supported Download as usual from www.mailscanner.info The full Change Log is: * New Features and Improvements * - When stripping HTML messages to plain text, the contents of script and style tags are omitted. - Phishing net improved to ignore email addresses. - Now supports split sendmail queues where any incoming mqueue.in directory can have qf, df, xf, tf subdirectories, each containing the appropriate type of file for each message. This will greatly speed operation on big queues as the directories will be less than half the size of a combined queue directory. - New option "Keep Spam And MCP Archive Clean" which forces it to virus scan all spam that is quarantined. Any spam (or MCP messages) found to be virus- infected are removed from the quarantine, so you can safely let your users have access to the spam archive safe in the knowledge that they cannot get any viruses out of it. Note: This feature is disabled by default, as most people won't want the performance hit of all the extra scanning, as they don't their users access to the spam quarantine anyway. - Changed Postfix handling so that "Archive Mail" feature creates files with unique names so that re-used message-ids don't cause overwriting of older files in the same day with the same message-id. - Spam and MCP actions (and of course their non- and high-scoring- alternatives can now include extra headers which are added in each case. These entire headers must be contained in double quotes. So for example, you can have Spam Actions = header "X-Spam-Status: yes" deliver and the message will be delivered but with the extra header X-Spam-Status: yes added to the message. * Fixes * - Fixed sendmail and ZMailer problem where subject lines starting with a line-break were not tagged correctly. - Fixed minor problems with multi-line Subject: headers. - Fixed bugs with some MTAs when keeping spam archive clean. - %vars% in MailScanner.conf are now handled properly in "other" settings. - Fixed problem with correctly removing Phishing frauds from badly formatted html with missing tags before corresponding . - Fixed problem with message duplication on some sendmail systems. - Worked around Perl bug causing crashes with a few bounces from Hotmail. - Fixed problems stopping SPF checks working properly. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From Felix.Schwarz at WEB.DE Sat Jan 1 17:11:59 2005 From: Felix.Schwarz at WEB.DE (Felix Schwarz) Date: Thu Jan 12 21:28:04 2006 Subject: SpamAssassin preferences for every domain Message-ID: Hi Julian, Julian Field wrote: > Amavis (in all 4 split versions) runs at delivery time, so all the > resolution email address ---> user name has been done by the MTA. > MailScanner fits in before this resolution has been done, so would have > to do all the resolution itself, which is "hard". It varies hugely > between different MTAs and is impractical to implement in MailScanner. Different SpamAssassin preferences would be apply on a from/envelope base (not on a "real user" base). > You can change the threshold scores, delivery actions, and black+white > lists per user and per domain within MailScanner anyway. If you take a > look at the Bayes scores in the most recent SA release, you will see > they don't actually have a huge effect any more anyway, as the system > has been largely defeated by spammers. I'm quite suprised to see that Bayes is not very useful to many people. I searched my private mailbox and found that most of my spam mail are tagged with Bayes_99 (403/435 spam mails within the last two days) or at least BAYES_9x (426/435 mails). Because it worked so well I raised the score for Bayes_99 to 4.00 some months ago (1 or 2 two false positives within the last month). I would like to know how useful is Bayes to you all? Is my bayes filter only exceptionally well trained? -- Felix ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Sat Jan 1 17:14:58 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:04 2006 Subject: [OT] sendmail equivalent of zmailer's MaxSameIpSource ?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Probably better than what we're doing, at least for a single server for realtime blocking. I did something similar earlier in my career and it wasn't pretty - our primary routes went down and I had all the mail flowing through a single T1... the server got clogged up with attachments, connections started crawling and I ended up firewalling every major ISP in the United States :) You might want to resolve those addresses too and check against major providers. I regularly have few hundred connections from legit ISP's (especially foreigners) on production servers so you might want to have an exclusion list and some sort of a backend db to track these drops over time (most of the folks we block are notorious repeat offenders or open relays and such). -Vlad paddy wrote: >netstat -n | grep :25 | cut -c45-65 | sed 's/:.*//' | sort | uniq -c | egrep "^ *[0-9]{2}" > >then I'm thinking, poor man's snort: > >tcpdump -s0 -w host $IP > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 17:23:58 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I was just looking around for a frontend for MS - came across the Webmin module, but the last beta is from February... is it working nicely, or are there any better programs? Tnx, -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 18:31:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] To start with, check out MailWatch. There is also a new product due out very soon, join the announcement list and you will get to hear about it. Should only be a few more weeks (hopefully!) :) Garry Glendown wrote: > Hi, > > I was just looking around for a frontend for MS - came across the Webmin > module, but the last beta is from February... is it working nicely, or > are there any better programs? > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 18:37:18 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > To start with, check out MailWatch. Nope, sorry, I meant a tool to allow easier configuration for non-CLI-phile users ;) -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Jan 1 18:45:03 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Garry Glendown wrote: > Julian Field wrote: > >> To start with, check out MailWatch. > > > Nope, sorry, I meant a tool to allow easier configuration for > non-CLI-phile users ;) No offence, but if you can't configure it using MailScanner.conf you shouldn't be using it ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 18:49:30 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: > Garry Glendown wrote: > >> Julian Field wrote: >> >>> To start with, check out MailWatch. >> Nope, sorry, I meant a tool to allow easier configuration for >> non-CLI-phile users ;) > No offence, but if you can't configure it using MailScanner.conf you > shouldn't be using it _I_ can, and I even _do_ (imagine!), but I'm not looking for using it myself, but for a customer site that doesn't have people that should be messing with the main config, but still I want to give the the possibility of modifying site-specific parts (e.g. per-user black/whitelist, file filter, etc.) -gg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 18:53:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: > Garry Glendown wrote: > >> Julian Field wrote: >> >>> To start with, check out MailWatch. >> >> >> >> Nope, sorry, I meant a tool to allow easier configuration for >> non-CLI-phile users ;) > > > > No offence, but if you can't configure it using MailScanner.conf you > shouldn't be using it Now, now. That was not called for. A GUI tool for configuring it is very much needed, and something will appear in the next few weeks. In the mean time, read MailScanner.conf from start to finish, making a few notes as you go along. If in doubt, leave a setting alone. My supplied defaults are all pretty sane, you shouldn't need to tweak more than 3 or 4 settings in the whole file to start with. Don't try playing with all the settings until you really know what you are doing, change as little as possible for now. The comments above each setting in MailScanner.conf do explain basically how to use each of them, but the MAQ and the FAQ (and the book of course) do explain the more advanced ones, along with how to use rulesets and such subjects. The configuration system is extremely flexible and you can do some very clever things with it. Just don't try to do it all at once! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 18:56:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Garry Glendown wrote: > _I_ can, and I even _do_ (imagine!), but I'm not looking for using it > myself, but for a customer site that doesn't have people that should be > messing with the main config, but still I want to give the the > possibility of modifying site-specific parts (e.g. per-user > black/whitelist, file filter, etc.) The new package should do this for you very nicely. But no more info until it's ready for release. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marco at XSSNET.COM Sat Jan 1 18:52:13 2005 From: marco at XSSNET.COM (Marco Benton - BOFH) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | To start with, check out MailWatch. | There is also a new product due out very soon, join the announcement | list and you will get to hear about it. Should only be a few more weeks | (hopefully!) :) | i am dying of anticipation! can this frontend support multiple instances of MS running on the same server? i'm a CLI freak but some of my customers may like a GUI. :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB1vFd2+PYgoYkw8ERAh7MAKCC51qp3yvDGOZoGKoCsE3er/qjFgCgoPhO qA901Hq0QnKk9FSVaikbEkQ= =cmIP -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From garry at GLENDOWN.DE Sat Jan 1 19:18:51 2005 From: garry at GLENDOWN.DE (Garry Glendown) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Garry Glendown wrote: > >> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >> myself, but for a customer site that doesn't have people that should be >> messing with the main config, but still I want to give the the >> possibility of modifying site-specific parts (e.g. per-user >> black/whitelist, file filter, etc.) > The new package should do this for you very nicely. But no more info > until it's ready for release. Tnx, looking forward to it! ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sat Jan 1 19:24:08 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Hi! > can this frontend support multiple instances of MS running on the same > server? i'm a CLI freak but some of my customers may like a GUI. :) Why would you want multiple instances? You can run 1 instance with rulesets, per customer, what do you wanna do wthat cant be done with 1 instance ? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marco at XSSNET.COM Sat Jan 1 19:39:21 2005 From: marco at XSSNET.COM (Marco Benton) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raymond Dijkxhoorn wrote: | Hi! | |> can this frontend support multiple instances of MS running on the |> same server? i'm a CLI freak but some of my customers may like a |> GUI. :) | | | Why would you want multiple instances? You can run 1 instance with | rulesets, per customer, what do you wanna do wthat cant be done | with 1 instance ? for different mail queues that are seperate... under *very* rare situations a site may want multiple queues with multiple priorites and multiple rules for each queue. MS can do 1 queue (unless i am completely wrong) w/ multiple rules. like a multi-homed server with oodles of IP addresses all having their own Sendmail instance and queue priorites and such. i know this sounds insane but i've done this and works well. i'm sure i'll be flamed for saying this. :) - -- Marco Benton - BOFH, BSMFH BOFH excuse #256: The cause of the problem is: That would be because the software doesn't work. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB1vxp2+PYgoYkw8ERAjcIAKDCnfPNNxnMBgM1UtNtz+jQD1iwOQCdFQBw T3J3gD5qZf/F4w2oyckNeAQ= =3/m2 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 1 19:58:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marco Benton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Raymond Dijkxhoorn wrote: > > | Hi! > | > |> can this frontend support multiple instances of MS running on the > |> same server? i'm a CLI freak but some of my customers may like a > |> GUI. :) > | > | > | Why would you want multiple instances? You can run 1 instance with > | rulesets, per customer, what do you wanna do wthat cant be done > | with 1 instance ? > > > for different mail queues that are seperate... under *very* rare > situations a site may want multiple queues with multiple priorites and > multiple rules for each queue. MS can do 1 queue (unless i am > completely wrong) w/ multiple rules. like a multi-homed server with > oodles of IP addresses all having their own Sendmail instance and > queue priorites and such. MS can do multiple queues. Read the docs about the incoming queue dir setting. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sat Jan 1 20:01:23 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Hi! >> | Why would you want multiple instances? You can run 1 instance with >> | rulesets, per customer, what do you wanna do wthat cant be done >> | with 1 instance ? >> for different mail queues that are seperate... under *very* rare >> situations a site may want multiple queues with multiple priorites and >> multiple rules for each queue. MS can do 1 queue (unless i am >> completely wrong) w/ multiple rules. like a multi-homed server with >> oodles of IP addresses all having their own Sendmail instance and >> queue priorites and such. > MS can do multiple queues. Read the docs about the incoming queue dir > setting. We even use seperate outgoing queues for some domains (thanks Julian), that could also be done with some custom rulesets, on one instance ... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marco at XSSNET.COM Sat Jan 1 20:45:11 2005 From: marco at XSSNET.COM (Marco Benton) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raymond Dijkxhoorn wrote: | | We even use seperate outgoing queues for some domains (thanks | Julian), that could also be done with some custom rulesets, on one | instance ... | that's all fine and nice... but like i said, under very rare situations... i may have mis-spoke when saying 1 queue, i meant it acts like it's 1 queue. lets move on... i have tried what is in the doco (and as Julian pointed out) and priority was unacceptable under ridiculous load of say one queue having 16,000 msgs to be processed and another queue barely empty... you can have a High priority msg waiting for quite some time even tho the rest of the msgs are Normal priority. and which ruleset can do this may i ask (just went through the MailScanner manual again)? unless queueing priority was fixed recently that didnt end up in the changelog? there were other reasons as well but i cant remember as it was a long time ago. and i again reiterate using rulesets... i never said i didnt try nor said it couldnt be done, i am doing amazing things with rulesets. so instead of saying "yeah it works for me woohoo!!!..." try giving me an example of what i said in the previous email/post? :) - -- Marco Benton - BOFH, BSMFH BOFH excuse #256: The cause of the problem is: That would be because the software doesn't work. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB1wvW2+PYgoYkw8ERAmawAJkBWbeBuwx0xrqWipibP1LWQyrXBQCgyGKs ONONmkqUq3tZH51nF2xPUP0= =jc4K -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Sat Jan 1 21:04:11 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:04 2006 Subject: [OT] sendmail equivalent of zmailer's MaxSameIpSource ?? Message-ID: On Sat, Jan 01, 2005 at 12:14:58PM -0500, Vlad Mazek wrote: > Probably better than what we're doing, at least for a single server for > realtime blocking. I did something similar earlier in my career and it > wasn't pretty - our primary routes went down and I had all the mail > flowing through a single T1... the server got clogged up with > attachments, connections started crawling and I ended up firewalling > every major ISP in the United States :) > > You might want to resolve those addresses too and check against major > providers. I regularly have few hundred connections from legit ISP's > (especially foreigners) on production servers so you might want to have > an exclusion list and some sort of a backend db to track these drops > over time (most of the folks we block are notorious repeat offenders or > open relays and such). Vlad, That is such a cool name. I wish I was called Vlad! First I should say this: I just read the part of the snort FAQ where it points out the dangers of combining automated firewalling response with a spoofed source. :) I'm not on top of this yet! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! PLEASE DO _NOT_ USE THE QUOTED SCRIPT TO FEED YOUR FIREWALL !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I have not had time to check that netstat's idea (from /proc/net) of a connection is spoof-proof. That said, I can return to my ordinary verbose conversational maner: I confess I can't follow this, although the war-story element comes through loud and clear. Although I (half-)joke about firewalling the world out of existence, I am extremely reticent about using such devices, not least because the boxes in question are in a cupboard 3000 miles away (I must say, the valueweb reboot service is good). I _do_, currently, intend to implement a simple 'maximum connections from a single souce' service that allows transactions to continue at that maximum level from that source, and I plan to post my solution here when I have it, if for no other reason than you cannot buy peer-review (okay, so I wish to share :). It might be better to return a 4xx smtp code, rather than than just drop the connection. If anyone can explain why this is so, I'm all ears. Based on a philosphy of limiting the number of connections, rather than firewalling sources entirely, I see no obvious reason to discriminate beteween sources, but I'd happily be persuaded otherwise: all grist to the mill. I'm currently looking at the snort related options, to see what I can learn. Happy new year! Regards, Paddy > Vlad reminded me that: > paddy wrote: > > >netstat -n | grep :25 | cut -c45-65 | sed 's/:.*//' | sort | uniq -c | > >egrep "^ *[0-9]{2}" > > > >then I'm thinking, poor man's snort: > > > >tcpdump -s0 -w host $IP -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Sat Jan 1 21:29:57 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Julian, Seems like Marco has a good point, no doubt the info-dept on planet-secret has already heard, but just in case I'll throw my (must-be-negative-karma-by-now;) weight behind this: it is inevitable that admins will do stuff like this on a single box. even if one ignores that, some admins have too deal with more than one box. Regards, Paddy On Sat, Jan 01, 2005 at 03:45:11PM -0500, Marco Benton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Raymond Dijkxhoorn wrote: > > | > | We even use seperate outgoing queues for some domains (thanks > | Julian), that could also be done with some custom rulesets, on one > | instance ... > | > > that's all fine and nice... but like i said, under very rare > situations... i may have mis-spoke when saying 1 queue, i meant it > acts like it's 1 queue. lets move on... > > i have tried what is in the doco (and as Julian pointed out) and > priority was unacceptable under ridiculous load of say one queue > having 16,000 msgs to be processed and another queue barely empty... > you can have a High priority msg waiting for quite some time even tho > the rest of the msgs are Normal priority. and which ruleset can do > this may i ask (just went through the MailScanner manual again)? > unless queueing priority was fixed recently that didnt end up in the > changelog? > > there were other reasons as well but i cant remember as it was a long > time ago. > > and i again reiterate using rulesets... i never said i didnt try nor > said it couldnt be done, i am doing amazing things with rulesets. so > instead of saying "yeah it works for me woohoo!!!..." try giving me > an example of what i said in the previous email/post? :) > > - -- > > Marco Benton - BOFH, BSMFH > > BOFH excuse #256: The cause of the problem is: That would be because > the software doesn't work. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (GNU/Linux) > > iD8DBQFB1wvW2+PYgoYkw8ERAmawAJkBWbeBuwx0xrqWipibP1LWQyrXBQCgyGKs > ONONmkqUq3tZH51nF2xPUP0= > =jc4K > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Sun Jan 2 09:05:36 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Hi list! I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root of my filesystem. When I delete them, they keep coming back. Shouldn't they be in the homedir of the root user? Thanx! Remco ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 2 11:27:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, but where is the home dir of the root user, according to /etc/passwd? Remco Barendse wrote: > Hi list! > > I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root > of my filesystem. > > When I delete them, they keep coming back. Shouldn't they be in the > homedir of the root user? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Sun Jan 2 11:56:03 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: on RH you have to change the /etc/crontab HOME to /root if you run the updates in cron.daily. Maybe on other linux dist. is it the same. Koen Julian Field wrote: Yes, but where is the home dir of the root user, according to /etc/passwd? Remco Barendse wrote: Hi list! I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root of my filesystem. When I delete them, they keep coming back. Shouldn't they be in the homedir of the root user? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Koen Teugels N.V. NEXIS S.A. Chaussee de Namur 79 1300 Wavre Belgium Visit us at http://www.nexis.be e-mail : kte@nexis.be tel.: +32 (0)10 81.81.81 fax: +32 (0)10 81.81.80 visit us at : http://www.nexis.be ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/JPEG 13KB. ] [ Unable to print this part. ] From kte at NEXIS.BE Sun Jan 2 12:00:41 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: sorry about the html signature Message-ID: Just forget to remove it sometimes sorry Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Sun Jan 2 12:01:24 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / no html signature Message-ID: on RH you have to change the /etc/crontab HOME to /root if you run the updates in cron.daily. Maybe on other linux dist. is it the same. Koen Julian Field wrote: Yes, but where is the home dir of the root user, according to /etc/passwd? Remco Barendse wrote: Hi list! I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root of my filesystem. When I delete them, they keep coming back. Shouldn't they be in the homedir of the root user? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Sun Jan 2 17:19:44 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: This is from /etc/passwd root:x:0:0:root:/root:/bin/bash cron:x:16:16:cron:/var/spool/cron:/bin/false Guess that's not it, nor the root of the cron user? I have this behaviour on a gentoo box and on a RHEL box. On Sun, 2 Jan 2005, Julian Field wrote: > Yes, but where is the home dir of the root user, according to /etc/passwd? > > Remco Barendse wrote: > >> Hi list! >> >> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the root >> of my filesystem. >> >> When I delete them, they keep coming back. Shouldn't they be in the >> homedir of the root user? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Mon Jan 3 00:29:04 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:04 2006 Subject: An express checkout? [was: Re: Postfix and Mailscanner sitting in a tree k-iss-ing] Message-ID: On Sat, Jan 01, 2005 at 12:58:13PM +0000, Julian Field wrote: > paddy wrote: > > >Upon reflection I can't see a 'simple criteria' that's cheap enough to be > >a no-brainer to use unless you can do some processing before the incoming > >mail > >first goes to disk. > > > > > The message has not been received until it has hit the disk. Being excessively pedantic for a moment: I would put the moment of receipt at the transmission of the 2xx packet responding to the DATA command. Best practice would be that the message is either already commited to non-volatile storage, or is already delivered elsewhere. So, yes! Agreed. > So you're > proposing working on a message using partial information to start with, > to try to guess the spammy state of it. I normally start from the assumption that a test of spaminess is turing-equivalent - that it takes a human being to say what they consider to be spam. Amusingly, shortly after I first read this I came accross a 'not-spam' message in my spam folder, examined the headers to see which rules it had hit, and came to the conclusion 'looks like spam, is spam'. So, my theory is somewhat at odds with my practice. Thanks to Larry McVoy for helping me to feel comfortable with that ;) Trying to guess spamminess from partial info is not new, but for-all-I-know using that information to prioritise workload, rather than outright reject email may be (prior art in mailscanner, etc excepted ;) > > (My first choice would be originating IP. I did briefly, in desperation, > > consider size). Anything else is just equivalent to what MailScanner > > already does (dispatch RBL queries early, etc) only my suggestions > > were weaker :) > > > > > I already split incoming and outgoing mail on my site. Surely just > having separate servers for mail going in different directions is the > easiest. I'm sorry, I don't follow this. A DoS can pick a single server or MX group, and potentially hammer them into the ground. While there are certainly resources outside the bounds of MailScanner that deal with such problems, as you have already indicated, MailScanner does not live on an island where such problems can be totally ignored. It may be that the particular concern that I have chosen is not, in fact, a consideration for mailscanner, and I just haven't seen the light yet. My outgoing mail is a fraction of my incoming mail - neglible in fact. (Although, I appreciate, you may find that hard to believe ;) > > I'm also imagining that any processing before the mail hits disk > > is at a premium in a DoS/highload situation, although that may not be the > > case if the cpu is not the bottleneck ... > > > > > Interesting thought. Would only work with some MTA's though, That postfix thing just keeps haunting this thread! Sendmail is familiar territory to me and I imagine it wouldn't be to diffcult to arrange a milter that caches certain info and makes it available to a mailscanner process later in the pipeline. I spent a little time looking into postfix (I really wanted to write a program called 'prim':) and the same hook appears to exist there. I'd expect to find the possibility in most modern general purpose MTAs, although I wouldn't expect it to be trivial to set up. > it depends on how they write the messages to disk. I don't follow you here. My objective would be to grab the relevent info before it hits disk at all if I could. My speculation on grabbing the buffers still in RAM after a disk commit, was ... interesting, but a bit random - might work though :) > We're assuming here that a > message's metadata gets written first, and potentially long before the > message body. so it could be hard to know when to grab the buffers ? > >I don't think the express checkout idea is necessarily a totally lost > >cause: > > > > sure, the cost of scheduling can easily drown the value, but a system > > where the order of operations effects the cost is a promising target. > > > > > One of the major factors here, which I don't think you have commented > on, is that scanning the queue directory at all is a very expensive > operation when the queue is large. Which is why I have the "emergency > queue-clearing mode". Just looking at all the queue files at all can > take a long time and involve loads of i/o. So the cost of the express > checkout tests may well swamp any performance gain you get. Absolutely. Which is why I'm looking so desperately to avoid that cost. The whole idea doesn't work if you have to read all the files. > > the original intention - differential QoS based on approximate spamminess > > - > > still seems good. The problem is implementing it at acceptable costs. > > (remember Magnus Pike?) > > > > > Oh yes. One of my great aunts lived next door to him in Hammersmith. Cool! > Very funny guy. Absolutely! > MailScanner, in a way, already tries to do quite a lot of the checking > you mention above if you let it. If you have a good RBL such as SBL+XBL, > and use a config like this: > > Spam List = SBL+XBL > Check SpamAssassin If On Spam List = no > Spam Lists To Reach High Score = 1 > High Scoring Spam Actions = delete > > (the 3rd setting is just so I can use the High scoring action to delete > RBL hits, which will probably fit in to your site policy rather better > than using the normal scoring action) > > Doing this will completely get rid of any messages hitting the RBL > without any operation on the message body at all. It is all done based > on the content of the headers/envelope. I started with a pair of RBLs, i think. then just ORBS, then switched to SPAMCOP. SpamCop has given me headaches with mailling-lists. I plan to switch to SBL+XBL, but I regard this as quite a big move. I call the RBL our 'backstop' - its saved me several times in the last year or so. I vaguely recall that when SA times out, we fall back to just RBLs, and that sometimes, thats precisely why I have a long queue anyway. I have been reticent to employ Check SpamAssassin If On Spam List = no because I like to see a score, but I might look at the possibility of a custom function if there is not already a high-load cut-out on this config option. I like that idea! > > > > I also had this vague idea that using directories for the elevator in > > the > > CriticalQueue condition might be cheaper than sorting by date, but the > > problem is obvious .... > > > >What I realise is: > > > > I don't really understand the trade-off between batch size and MaxChildren > > > > I'd certainly appreciate it if you, or anyone for that matter :), could > > help > > me with this. Since they are both limits, I imagine that describing the > > limiting conditions will help. > > > > > Smaller batches make virus scanning less efficient, but produce a more > "responsive" system under load. The message bandwidth is less (less > messages/hour) but the message latency (delay through MS) can be a lot > less. So if you inject a message one end, it pops out the other end > sooner. The cost is that you can't inject so many messages/hour. So, quite counter-intuitively, I suspect that I'd be happier with smaller batches and more children under what for me is 'high load'. ;) > MaxChildren should be set so that all the available resources are being > used all the time. Set it too high and the machine will spend too much > of its time context-switching between children, and too little time > actually doing useful work. Set it too low and there will be times when > at least one of the i/o, disk or net will be idle, which wastes resources. > > My initial estimates of 5 per CPU, and possibly 8 per hyper-threaded > CPU, were based on some early testing I did on a dual-cpu box I've got. > 5 per cpu gave very good throughput, and the system wasn't > context-switching excessively. If you have a quiet machine, by all means > set it to less. I assume that MailScanner will be running 100% or nearly > 100%. After all, if the machine is quiet, who cares if I waste a few > resources. No-one else wanted them anyway. I have a quiet box, except when its not! > > I'm just re-reading the notes in the conf file. > > > > Does a mailscanner child really consume ~20MB ? Why ? > > > > > If you are running SpamAssassin it can easily be double that. I didn't want to say anything! :) > Perl > processes are big, as the Perl compiler is very big and needs to be in > each process (so you can use cool things like "eval" in your program). Ah! Yes, one word: eval! Perl is clearly the language of choice for this problem-space. How vital is eval? I confess I've been promised bigger boxes for the new year, and I'm getting by on raq3's now, so it isn't a big question. probably the answer is that programmer time is worth more. > Ram is very cheap anyway. No, my boss is cheap (God, I hope he doesn't read this :) RAM is like my overdraft limit: not enough but I have to live with it. > > based on your 'try 5 children per CPU' comment, I'm guessing that more > > children = more cpu heavy (which makes sense anyway). > > (must fix my CPU utlisation logging! :) > > > > Is there even a BatchSize type option? Is MailScanner even batch-oriented > > in the way I had imagined? is MaxUnscannedMessagesPerScan it ? > > > > > There are 4 options there: > Max Unscanned Bytes Per Scan = 100000000 > Max Unsafe Bytes Per Scan = 50000000 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > This stops batches getting too big by picking up several huge messages > all in the same batch. > Total batch size = number of messages * average message size > So you need to limit both the number of messages and the message size to > have control of that calculations Gosh! is that 100MB Max Unscanned Bytes Per Scan, I always read it as 10 ! I take it this is a chunk of the ~20MB we've been talking about. Call me lazy ('cos I can always go off and figure it out for myself), but how much memory does a second mailscanner child consume, before it starts to read data? > > I'm also amused to discover (see previous mail) I have > > > > Max Normal Queue Size = 5000 > > > > > I would recommend lowering that, it's pretty big. Try about 1000 or so. You can say that again! 5000 won't kill this box: with mailscanner it'll chew through them eventually, but it'll take a month of sundays! 1000 sounds much more reasonable! I seem to have made a poor adjustment sometime in the past :) > > This reminds me of the 'per-user spamsassasin' thread tonight. There are > > already so many options, no doubt for each one there is somebody who > > really needs it, but nobody could really need them all (could they?), > > and the idea that anybody needs a new one should at least attract a > > little skepticism. But then, I expect I'm preaching to the priest ! > > > > would any of the options make sense in multiple units? > > for (over)simplified example: 5000 mails or 5 mails per GHz of cpu > > perhaps this is best left to admin and configuration tools? > > > > > It's not as simple as just CPU speed. It's a lot more complex than that. best left to admin and configuration tools, then. Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Mon Jan 3 01:05:46 2005 From: dmehler26 at woh.rr.com (dave) Date: Thu Jan 12 21:28:04 2006 Subject: bayes database install? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I've got MailScanner 4.36, postfix 2.15 chrooted, and sa 3.01 installed on a FreeBSD 5.3 box. I've downloaded bayes-3.0-starter-freebsd.tar.gz but am uncertain where to place it. I'd like to try this out as i'm hoping it will block even more of this blank blank spam, MS is doing great! Thanks. Dave. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ckowarzik at EMAIL.DE Mon Jan 3 11:15:48 2005 From: ckowarzik at EMAIL.DE (Christian Kowarzik) Date: Thu Jan 12 21:28:04 2006 Subject: what are the minimum versions for the perl-modules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Happy New Jear 2005! Hi Julian! Hi List! First of all: Many Thanks for that geat software and your tireless work! I just installed MailScanner-4.37.7-1 on RedHat Enterprise Server ES3. During install.sh the perl-ExtUtils-MakeMaker-6.05-1.src.rpm was rebuild, but not installed, because of file conflicts with the already installed perl-5.8.0-88.9 which provides perl(ExtUtils::MakeMaker-6.03). The install.sh only skips modules if they are already installed with the exact version and otherwise assumes that it can upgrade already installed modules - which is only true is the packagenames correspond. So, should I force the installation of those compiled modules? Are there minimum versions for those modules? Any other solution? Thanks for your help Christian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon Jan 3 16:36:31 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Julian Field wrote: > Garry Glendown wrote: > >> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >> myself, but for a customer site that doesn't have people that should >> be messing with the main config, but still I want to give the the >> possibility of modifying site-specific parts (e.g. per-user >> black/whitelist, file filter, etc.) > > The new package should do this for you very nicely. But no more info > until it's ready for release. How about just a little more info? Like, will it be updated concurrently w/MailScanner? I used webmin when I first started but you add features so darned fast that poor little webmin couldn't keep up! I'd be chuffed to see a GUI that is maintained in parallel to the rest of the system. It tends to impress PHBs. Happy New Year... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jan 3 17:16:39 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:04 2006 Subject: contents of perl-tar vs "MailScanner -v" Message-ID: Julian, I upgraded to MailScanner 4.37.7 this morning, and I compared the output of "MailScanner -v" to the tarfiles in perl-tar. Since I do things by hand and don't use the install-sh script, I take a look at the included perl tarballs to see if something new is out there that I need to install. The output of "MailScanner -v" did not say anything about several of the perl tarballs, specifically no output for: Compress::Zlib Convert::TNEF ExtUtils::MakeMaker File::Spec HTML::Tagset IO::Stringy and the MailTools and TimeDate additions. Maybe the "-v" code needs to be tuned a bit? I use another little tool call "pmdesc", written by Tom Christiansen of O'Reilly Perl-book fame, to figure out what perl modules I have installed on my systems. Maybe that would help? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 17:13:44 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: SA/MS Testing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodney Green wrote: | Thanks Alex. I did as you said. | | Odd how when I run the message through the system, by telneting like you | said, and it gives me an SA score below 5. When I run the same message | through spamassassin using "spamassassin -t < messagefile" I see a much | higher score of 11.9. I noticed that when running "spamassasin -t" that | BAYES_99 is one of the tests listed but when I send the message through the | system I see no BAYES related tests in the message headers. | If you telnetted from a machine you have in a whitelisted ip range, it would probably change the score. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X1IRADw9lziUqQRAgUBAJ4iEJ3cuZhaHTDx8uph4+9F8tPbaQCfVJbO i+JmUqbiCpEqXZ2o9fyfk0E= =27Kr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 17:16:25 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Filchak wrote: | Hello, | | Forgive me as this may or may not be a true MailScanner issue but I | would appreciate some input from the experts on this list. | | My mail server has been periodically rejecting mail with the following | error [logs from sending mail-relay]: | | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: | Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4.5_Insufficient_disk_space;_try_again_later/ | | | | My logs report: | | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in /var/spool/mqueue), max | avail: 0 | | My disk usage looks like: | | Filesystem Size Used Avail Use% Mounted on | /dev/hda2 572M 375M 168M 70% / | /dev/hda1 122M 24M 92M 21% /boot | /dev/hda3 5.4G 2.1G 3.1G 41% /home | none 496M 0 496M 0% /dev/shm | /dev/hda7 28G 15G 12G 56% /usr | /dev/hda5 2.0G 1.8G 101M 95% /var | | So, it is obvious I have a disk space issue in my /var partition. | Someone on the list recently suggested copying my /var/mail directories | to say my /usr partition and then symlinking to it from /var. Any | thoughts on the viability of this? Also, when I first built this | machine, I had not anticipated using MailScanner and Spamassassin and | mail quarantines etc, so what do most of you assign for a partition size | to /var when you are building your machines? | | I greatly appreciate any help anyone has to offer on this as I have some | very agitated clients. Try df -i and check for inode problems. I had this awhile back with a LOT of 0 length log files from a bad samba log rotate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt CBfTrHCkUrnY3Lwo3GLL/BY= =RDRB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 17:53:45 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Search for list archive -- ideas? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Picciotto wrote: | I posted to the other mail-list - but will also do so here (got to | experiment!) | | I like this. The entire archive is here, and is very easy within the news | reader. | I have been using it for 6 months or more and I think it is great! Thunderbird as a newsreader has its own problems, though. But otherwise great. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2YapRADw9lziUqQRAiesAJ95F8gBIU4V6wfwhdoVPhQaLeJmWQCfeJHc jNyiuAXg53jNz6Wi7utNJwE= =25Tr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 18:08:46 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Garry Glendown wrote: > >> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >> myself, but for a customer site that doesn't have people that should be >> messing with the main config, but still I want to give the the >> possibility of modifying site-specific parts (e.g. per-user >> black/whitelist, file filter, etc.) > > > The new package should do this for you very nicely. But no more info > until it's ready for release. > Hmmmm..... I love secrets!! I Julian is involved, it will most likely be; Great!! Kept up to date. Wonderfully powerful but not complex. Did I say Great!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Jan 3 22:25:29 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems Message-ID: I start using LVM now. So I can change my volumes. Koen Scott Silva wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Filchak wrote: | Hello, | | Forgive me as this may or may not be a true MailScanner issue but I | would appreciate some input from the experts on this list. | | My mail server has been periodically rejecting mail with the following | error [logs from sending mail-relay]: | | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: | Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4. _Insufficient_disk_space;_try_again_later/ | | | | My logs report: | | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in /var/spool/mqueue), max | avail: 0 | | My disk usage looks like: | | Filesystem Size Used Avail Use% Mounted on | /dev/hda2 572M 375M 168M 70% / | /dev/hda1 122M 24M 92M 21% /boot | /dev/hda3 5.4G 2.1G 3.1G 41% /home | none 496M 0 496M 0% /dev/shm | /dev/hda7 28G 15G 12G 56% /usr | /dev/hda5 2.0G 1.8G 101M 95% /var | | So, it is obvious I have a disk space issue in my /var partition. | Someone on the list recently suggested copying my /var/mail directories | to say my /usr partition and then symlinking to it from /var. Any | thoughts on the viability of this? Also, when I first built this | machine, I had not anticipated using MailScanner and Spamassassin and | mail quarantines etc, so what do most of you assign for a partition size | to /var when you are building your machines? | | I greatly appreciate any help anyone has to offer on this as I have some | very agitated clients. Try df -i and check for inode problems. I had this awhile back with a LOT of 0 length log files from a bad samba log rotate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt CBfTrHCkUrnY3Lwo3GLL/BY= =RDRB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Koen Teugels N.V. NEXIS S.A. Chaussee de Namur 79 1300 Wavre Belgium Visit us at http://www.nexis.be e-mail : kte@nexis.be tel.: +32 (0)10 81.81.81 fax: +32 (0)10 81.81.80 visit us at : http://www.nexis.be ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/JPEG 13KB. ] [ Unable to print this part. ] From kte at NEXIS.BE Mon Jan 3 22:29:31 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: Can It also modify MTA parameters (blacklists, domain relays,...) And system parameters like ip adress, see the used space,...? Monitoring, simple ham and spam possibilities/user, release /usere,... Koen Scott Silva wrote: > Julian Field wrote: > >> Garry Glendown wrote: >> >>> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >>> myself, but for a customer site that doesn't have people that should be >>> messing with the main config, but still I want to give the the >>> possibility of modifying site-specific parts (e.g. per-user >>> black/whitelist, file filter, etc.) >> >> >> >> The new package should do this for you very nicely. But no more info >> until it's ready for release. >> > Hmmmm..... > I love secrets!! > > I Julian is involved, it will most likely be; > Great!! > Kept up to date. > Wonderfully powerful but not complex. > Did I say Great!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Jan 3 22:31:32 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems - no html signature Message-ID: sorry about the html signature I start using LVM now. So I can change my volumes. Koen Scott Silva wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Filchak wrote: | Hello, | | Forgive me as this may or may not be a true MailScanner issue but I | would appreciate some input from the experts on this list. | | My mail server has been periodically rejecting mail with the following | error [logs from sending mail-relay]: | | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: | Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4. _Insufficient_disk_space;_try_again_later/ | | | | My logs report: | | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in /var/spool/mqueue), max | avail: 0 | | My disk usage looks like: | | Filesystem Size Used Avail Use% Mounted on | /dev/hda2 572M 375M 168M 70% / | /dev/hda1 122M 24M 92M 21% /boot | /dev/hda3 5.4G 2.1G 3.1G 41% /home | none 496M 0 496M 0% /dev/shm | /dev/hda7 28G 15G 12G 56% /usr | /dev/hda5 2.0G 1.8G 101M 95% /var | | So, it is obvious I have a disk space issue in my /var partition. | Someone on the list recently suggested copying my /var/mail directories | to say my /usr partition and then symlinking to it from /var. Any | thoughts on the viability of this? Also, when I first built this | machine, I had not anticipated using MailScanner and Spamassassin and | mail quarantines etc, so what do most of you assign for a partition size | to /var when you are building your machines? | | I greatly appreciate any help anyone has to offer on this as I have some | very agitated clients. Try df -i and check for inode problems. I had this awhile back with a LOT of 0 length log files from a bad samba log rotate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt CBfTrHCkUrnY3Lwo3GLL/BY= =RDRB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 3 23:42:48 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:04 2006 Subject: Mail Server problems - no html signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Koen Teugels wrote: > sorry about the html signature > > I start using LVM now. So I can change my volumes. > > Koen > I have been using LVM on Raid1 for redundancy and ease of adjusting partition sizes. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Tue Jan 4 00:50:45 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:04 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 4 00:48:59 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:04 2006 Subject: Deleting spam per user. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK... I know this has been discussed and I realize why it's a bad idea, but... the one who pays the bills does not want *any* emails marked as spam delivered to him. I started by creating a rule in outlook to move spam-identified emails directly to his deleted items folder and this was ok for here in the office but it doesn't work well using OWA. so.... I created a spam.routing.rules file in %rules-dir% and in it have these lines: To: BigBoss@ourdomain.com delete To: default deliver ( between fields) Then I edited MailScanner.conf and set both: Spam Actions = %rules-dir%/spam.routing.rules and High Scoring Spam Actions = %rules-dir%/spam.routing.rules So far so good? I actually used my email address for testing. Then I sent a couple GTUBEs from another domain I administer and it seems like this works fine but I don't see the spam being dropped in the maillog. Is this normal? Here is an example from maillog of a normal delivery... [root@gw-mail log]# grep j03NgrB0012060 maillog Jan 3 15:42:53 gw-mail sendmail[12060]: j03NgrB0012060: from=, size=3180, class=-60, nrcpts=1, msgid=<954817450.20050103154851@surbl.org>, proto=SMTP, daemon=MTA, relay=hermes.apache.org [209.237.227.199] Jan 3 15:42:53 gw-mail sendmail[12060]: j03NgrB0012060: to=, delay=00:00:00, mailer=esmtp, pri=139626, stat=queued Jan 3 15:43:12 gw-mail sendmail[12086]: j03NgrB0012060: to=, delay=00:00:19, xdelay=00:00:01, mailer=esmtp, pri=229626, relay=mail.aiainsurance.com. [66.236.7.2], dsn=2.0.0, stat=Sent (OK) And one with the GTUBE included and email address matching the above rule. [root@gw-mail log]# grep j03NgpB0012059 maillog Jan 3 15:42:51 gw-mail sendmail[12059]: j03NgpB0012059: from=, size=3025, class=0, nrcpts=1, msgid=<002301c4f1ec$8b6deef0$6500000a@HP1>, proto=ESMTP, daemon=MTA, relay=67.108.38.13.ptr.us.xo.net [67.108.38.13] Jan 3 15:42:51 gw-mail sendmail[12059]: j03NgpB0012059: to=, delay=00:00:00, mailer=esmtp, pri=30623, stat=queued It's hard to track the transition between sendmail and MailScanner because I don't see a common identifier, but I normally see "New Batch Found X messages waiting", "New Batch: Scanning 1 messages, XXXX bytes", Spam Checks: Found 1 spam messages", etc.... and nothing looked out of the ordinary there. But it seems that the second example above just disappears... there is no maillog entry showing what MailScanner has done with the message. The last thing I see (that I can track) is that it's "stat=queued". It's very possible (and probable) that it is the next "Spam Checks: Found 1 spam message" but I can't tell for sure. It doesn't get delivered but I'd like to see what happened to it. Am I looking in the wrong log? Do I need to turn up logging somewhere? Also I've never seen this mentioned anywhere... are rules case sensitive? In other words is "BigBoss@ourdoamin.com" equal to "bigboss@ourdomain.com" or would every combination need to be supplied? I know it wouldn't make sense but since this is the bosses account I want to be perfectly clear. :) Config... MailScanner 4.33.3, Sendmail 8.12.?, Spamassassin 3.0000, ClamAV (latest?) Thanks in advance to any and all insights and Happy New Year to all! And a special thanks to Julian for an outstanding piece of genius software... and for making my job a little easier! Kind regards, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Jan 4 02:59:24 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:04 2006 Subject: Frontend? Message-ID: I'm sure it even makes popcorn!! ;-) Dave Koen Teugels wrote: > Can It also modify MTA parameters (blacklists, domain relays,...) And > system parameters like ip adress, see the used space,...? Monitoring, > simple ham and spam possibilities/user, release /usere,... > > Koen > > Scott Silva wrote: > >> Julian Field wrote: >> >>> Garry Glendown wrote: >>> >>>> _I_ can, and I even _do_ (imagine!), but I'm not looking for using it >>>> myself, but for a customer site that doesn't have people that >>>> should be >>>> messing with the main config, but still I want to give the the >>>> possibility of modifying site-specific parts (e.g. per-user >>>> black/whitelist, file filter, etc.) >>> >>> >>> >>> >>> The new package should do this for you very nicely. But no more info >>> until it's ready for release. >>> >> Hmmmm..... >> I love secrets!! >> >> I Julian is involved, it will most likely be; >> Great!! >> Kept up to date. >> Wonderfully powerful but not complex. >> Did I say Great!! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Jan 4 03:08:47 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you expand on this a bit please? Dave Koen Teugels wrote: > I start using LVM now. So I can change my volumes. > > Koen > > Scott Silva wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Dave Filchak wrote: >> | Hello, >> | >> | Forgive me as this may or may not be a true MailScanner issue but I >> | would appreciate some input from the experts on this list. >> | >> | My mail server has been periodically rejecting mail with the following >> | error [logs from sending mail-relay]: >> | >> | 2004-12-20 18:07:49.596345500 delivery 12914: deferral: >> | >> Connected_to_199.243.151.38_but_sender_was_rejected./Remote_host_said:_452_4.4.5_Insufficient_disk_space;_try_again_later/ >> >> >> | >> | >> | >> | My logs report: >> | >> | Dec 20 18:15:29 rosewood sendmail[20639]: iBKNFTDN020639: low on space >> | (SMTP-DAEMON needs 1451858 bytes + 100 blocks in >> /var/spool/mqueue), max >> | avail: 0 >> | >> | My disk usage looks like: >> | >> | Filesystem Size Used Avail Use% Mounted on >> | /dev/hda2 572M 375M 168M 70% / >> | /dev/hda1 122M 24M 92M 21% /boot >> | /dev/hda3 5.4G 2.1G 3.1G 41% /home >> | none 496M 0 496M 0% /dev/shm >> | /dev/hda7 28G 15G 12G 56% /usr >> | /dev/hda5 2.0G 1.8G 101M 95% /var >> | >> | So, it is obvious I have a disk space issue in my /var partition. >> | Someone on the list recently suggested copying my /var/mail >> directories >> | to say my /usr partition and then symlinking to it from /var. Any >> | thoughts on the viability of this? Also, when I first built this >> | machine, I had not anticipated using MailScanner and Spamassassin and >> | mail quarantines etc, so what do most of you assign for a partition >> size >> | to /var when you are building your machines? >> | >> | I greatly appreciate any help anyone has to offer on this as I have >> some >> | very agitated clients. >> Try df -i and check for inode problems. I had this awhile back with a >> LOT of 0 length log files from a bad samba log rotate. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.1 (MingW32) >> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org >> >> iD8DBQFB2X3pRADw9lziUqQRAhRWAJ9s72UMHelesXevnZTWUMVR3K8/pwCdHVZt >> CBfTrHCkUrnY3Lwo3GLL/BY= >> =RDRB >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > -- > Koen Teugels > N.V. NEXIS S.A. > Chaussée de Namur 79 > 1300 Wavre > Belgium > Visit us at http://www.nexis.be > e-mail : kte@nexis.be > tel.: +32 (0)10 81.81.81 > fax: +32 (0)10 81.81.80 > visit us at : http://www.nexis.be > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Jan 4 04:17:58 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: Dave Filchak wrote: > Can you expand on this a bit please? > > Dave > > Koen Teugels wrote: > >> I start using LVM now. So I can change my volumes. >> >> Koen >> http://www.tldp.org/HOWTO/LVM-HOWTO/index.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Jan 4 04:46:41 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: This looks almost too good. Any down side? What about the whole /root partition issue? Dave Mike Kercher wrote: >Dave Filchak wrote: > > >>Can you expand on this a bit please? >> >>Dave >> >>Koen Teugels wrote: >> >> >> >>>I start using LVM now. So I can change my volumes. >>> >>>Koen >>> >>> >>> > > >http://www.tldp.org/HOWTO/LVM-HOWTO/index.html > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Tue Jan 4 06:22:10 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:28:04 2006 Subject: spam: Re: [MAILSCANNER] Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Another great option IMHO is Norton Ghost. I use Corporate version 8, Works perfectly on every linux distro that I have used it on, including Fedora. Snag a big drive, ghost it over and change your partitions to the sizes you want and you are good to go. Ghost will image an ATA IDE drive at around 500mb/min in my experience. The downtime is very minimal. Tracy Greggs ----- Original Message ----- From: "Dave Filchak" To: Sent: Monday, January 03, 2005 10:46 PM Subject: Re: spam: Re: [MAILSCANNER] Mail Server problems > This looks almost too good. Any down side? What about the whole /root > partition issue? > > Dave > > Mike Kercher wrote: > > >Dave Filchak wrote: > > > > > >>Can you expand on this a bit please? > >> > >>Dave > >> > >>Koen Teugels wrote: > >> > >> > >> > >>>I start using LVM now. So I can change my volumes. > >>> > >>>Koen > >>> > >>> > >>> > > > > > >http://www.tldp.org/HOWTO/LVM-HOWTO/index.html > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Jan 4 07:08:46 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Could it be one of the perl modules that is outdated? I do remember seeing something similar on the list. Cheers! Remco On Sun, 2 Jan 2005, Remco Barendse wrote: > This is from /etc/passwd > root:x:0:0:root:/root:/bin/bash > cron:x:16:16:cron:/var/spool/cron:/bin/false > > Guess that's not it, nor the root of the cron user? > > I have this behaviour on a gentoo box and on a RHEL box. > > > > On Sun, 2 Jan 2005, Julian Field wrote: > >> Yes, but where is the home dir of the root user, according to >> /etc/passwd? >> >> Remco Barendse wrote: >> >>> Hi list! >>> >>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>> root >>> of my filesystem. >>> >>> When I delete them, they keep coming back. Shouldn't they be in the >>> homedir of the root user? >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Tue Jan 4 07:40:04 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:28:04 2006 Subject: Some messages gets stuck in postfix/hold Message-ID: Good Morning. I have a problem with Mailscanner on Postfix running as a gateway in front of my Groupwise server. Some, very few messages gets stuck in hold directory of postfix spool. It looks like these messages only are spam or virus. Yesterday i had like 20 mails from the past two weeks. Its like 1 or 2 mails per day gets stuck there. So i cleaned it up manually yesterday but this morning i had 1 new. The server is a Compaq DL360 with SuSE Linux Enterprise 9 postfix-2.1.1-1.4 MailScanner 4.36.4 SpamAssassin 3.0.1 Thanks for any help! /Andreas Svensson, Hallsberg, Sweden. -Here comes a cut from the log from tonights: Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: client=unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: header Received: from hallsberg.se (unknown [84.217.26.111])??by mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) from unknown[84.217.26.111]; from= to= proto=SMTP helo= Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from unknown[84.217.26.111] Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content Scanning: Starting Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda found 2 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 viruses Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom init function MailWatchLogging Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content Scanning: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda found 2 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 viruses Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom init function MailWatchLogging Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content Scanning: Starting Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda found 2 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 viruses Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom init function MailWatchLogging Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content Scanning: Starting Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mail at wozenilek.de Tue Jan 4 08:35:12 2005 From: mail at wozenilek.de (Martin Wozenilek) Date: Thu Jan 12 21:28:04 2006 Subject: Some messages gets stuck in postfix/hold Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Permissions? In MailScanner.conf? -- Martin Wozenilek Am Langberg 91a 21033 Hamburg mailto: >mail@wozenilek.de PGP-Key-ID: 0x00105C52 ----- Originalnachricht ----- Betreff: Some messages gets stuck in postfix/hold Von:  Andreas Svensson An:  Datum: 04-01-2005 8:51 Good Morning. I have a problem with Mailscanner on Postfix running as a gateway in front of my Groupwise server. Some, very few messages gets stuck in hold directory of postfix spo ol. It looks like these messages only are spam or virus. Yesterday i had like 20 mails from the past two weeks. Its like 1 or 2 mails per day gets stuck there. So i cleaned it up manually yesterday but this morning i had 1 new. The server is a Compaq DL360 with SuSE Linux Enterprise 9 postfix-2.1.1-1.4 MailScanner 4.36.4 SpamAssassin 3.0.1 Thanks for any help! /Andreas Svensson, Hallsberg, Sweden. -Here comes a cut from the log from tonights: Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: client=unknown[84.217.26.111] Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: header Received: from hallsberg.se (unknown [84.217.26.111])??by mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) from unknown[84.217.26.111]; from= to= proto=SMTP helo= Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from unknown[84.217.26.111] Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content Scanning: Starting Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda found 2 infections Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 viruses Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom init function MailWatchLogging Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising database connection Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content Scanning: Starting Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda found 2 infections Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 viruses J an 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom init function MailWatchLogging Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising database connection Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content Scanning: Starting Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV found 1 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda found 2 infections Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message 00E7B1BFCF came from 84.217.26.111 Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 viruses Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 messages, 42859 bytes Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus Scanner version 4.36.4 starting... Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom init function MailWatchLoggingJan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising database connection Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin auto-whitelist functionality... Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content Scanning: Starting Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: Worm.SomeFool.P FOUND ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 08:58:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:04 2006 Subject: Deleting spam per user. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: >Also I've never seen this mentioned anywhere... are rules case sensitive? > No, they aren't. That would be silly :-) >Thanks in advance to any and all insights and Happy New Year to all! And a >special thanks to Julian for an outstanding piece of genius software... and >for making my job a little easier! > > No worries. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Jan 4 09:49:56 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: on RH you have to change in the /etc/crontab HOME to /root if you run the updates in cron.. Maybe on other linux dist. is it the same. Koen Remco Barendse wrote: > Could it be one of the perl modules that is outdated? > > I do remember seeing something similar on the list. > > Cheers! > Remco > > On Sun, 2 Jan 2005, Remco Barendse wrote: > >> This is from /etc/passwd >> root:x:0:0:root:/root:/bin/bash >> cron:x:16:16:cron:/var/spool/cron:/bin/false >> >> Guess that's not it, nor the root of the cron user? >> >> I have this behaviour on a gentoo box and on a RHEL box. >> >> >> >> On Sun, 2 Jan 2005, Julian Field wrote: >> >>> Yes, but where is the home dir of the root user, according to >>> /etc/passwd? >>> >>> Remco Barendse wrote: >>> >>>> Hi list! >>>> >>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>>> root >>>> of my filesystem. >>>> >>>> When I delete them, they keep coming back. Shouldn't they be in the >>>> homedir of the root user? >>> >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 4 09:57:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:04 2006 Subject: Mailserver replacement of exchange Message-ID: Joe Interesting. I thought the OpenMail stuff had been sold off to Samsung a few years ago. Maybe Samsung has given up on this on this (or Scalix is based on a earlier version, pre Samsung) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Harnish, Joe wrote: > I have found a product called Scalix (www.scalix.com) It is not free > but it is very reasonable in cost and it is a drop in replacement for > exchange. It runs on Linux using sendmail as it's base. > > Joe > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Koen Teugels > Sent: Saturday, December 18, 2004 5:13 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mailserver replacement of exchange > > Does anyone has a good alternative for MS exchange (groupware) in the > opensource world? If it is possible an outlook client must be able to > connect to it. > > thanks Koen > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 4 09:56:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Koen and what does /etc/passwd say for the user MailScanner runs as? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Koen Teugels wrote: > on RH you have to change in the /etc/crontab HOME to /root if you run > the updates in cron.. Maybe on other linux dist. is it the same. > > Koen > > Remco Barendse wrote: > >> Could it be one of the perl modules that is outdated? >> >> I do remember seeing something similar on the list. >> >> Cheers! >> Remco >> >> On Sun, 2 Jan 2005, Remco Barendse wrote: >> >>> This is from /etc/passwd >>> root:x:0:0:root:/root:/bin/bash >>> cron:x:16:16:cron:/var/spool/cron:/bin/false >>> >>> Guess that's not it, nor the root of the cron user? >>> >>> I have this behaviour on a gentoo box and on a RHEL box. >>> >>> >>> >>> On Sun, 2 Jan 2005, Julian Field wrote: >>> >>>> Yes, but where is the home dir of the root user, according to >>>> /etc/passwd? >>>> >>>> Remco Barendse wrote: >>>> >>>>> Hi list! >>>>> >>>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>>>> root >>>>> of my filesystem. >>>>> >>>>> When I delete them, they keep coming back. Shouldn't they be in the >>>>> homedir of the root user? >>>> >>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Jan 4 10:46:52 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:04 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: I don't have a user mailscanner in etc/passwd. But mailscanner runs on he system as root. And root has as homedir /root Koen Martin Hepworth wrote: > Koen > > and what does /etc/passwd say for the user MailScanner runs as? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Koen Teugels wrote: > >> on RH you have to change in the /etc/crontab HOME to /root if you run >> the updates in cron.. Maybe on other linux dist. is it the same. >> >> Koen >> >> Remco Barendse wrote: >> >>> Could it be one of the perl modules that is outdated? >>> >>> I do remember seeing something similar on the list. >>> >>> Cheers! >>> Remco >>> >>> On Sun, 2 Jan 2005, Remco Barendse wrote: >>> >>>> This is from /etc/passwd >>>> root:x:0:0:root:/root:/bin/bash >>>> cron:x:16:16:cron:/var/spool/cron:/bin/false >>>> >>>> Guess that's not it, nor the root of the cron user? >>>> >>>> I have this behaviour on a gentoo box and on a RHEL box. >>>> >>>> >>>> >>>> On Sun, 2 Jan 2005, Julian Field wrote: >>>> >>>>> Yes, but where is the home dir of the root user, according to >>>>> /etc/passwd? >>>>> >>>>> Remco Barendse wrote: >>>>> >>>>>> Hi list! >>>>>> >>>>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in the >>>>>> root >>>>>> of my filesystem. >>>>>> >>>>>> When I delete them, they keep coming back. Shouldn't they be in the >>>>>> homedir of the root user? >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 4 13:11:55 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:04 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: @font-face { font-family: Verdana; } @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { FONT-WEIGHT: normal; COLOR: windowtext; FONT-STYLE: normal; FONT-FAMILY: Verdana; TEXT-DECORATION: none; mso-style-type: personal-compose } DIV.Section1 { page: Section1 } As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. Do you archive mails? Perhaps to a mailbox? -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: den 4 januari 2005 01:51 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: [root@gw-m log]# grep 6FD731C0008 maillog Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL This seems to be a “new” behavior, maybe inline with the change to “Archive Mail” and unique message-ids ?!? If you need more information, please let me know. Regards ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Tue Jan 4 13:21:11 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rules are set to store and delete. Archive Mail in MailScanner.conf is empty More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. Regards ________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn Sent: Tuesday, January 04, 2005 08:12 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. Do you archive mails? Perhaps to a mailbox?   -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: den 4 januari 2005 01:51 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: [root@gw-m log]# grep 6FD731C0008 maillog Jan  3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com  with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com  (comcast.net  241.136.137.254)??by optonline.net  (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com  (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> Jan  3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) Jan  3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete Jan  3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 Jan  3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? If you need more information, please let me know. Regards ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 4 14:04:25 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: Some messages gets stuck in postfix/hold Message-ID: Do you get anything more interresting if you run it through with just one of the av-scanners? Or if you run it in debug mode? -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andreas Svensson > Sent: den 4 januari 2005 08:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Some messages gets stuck in postfix/hold > > > Good Morning. > I have a problem with Mailscanner on Postfix running as a gateway in > front of my Groupwise server. > Some, very few messages gets stuck in hold directory of postfix spool. > It looks like these messages only are spam or virus. > Yesterday i had like 20 mails from the past two weeks. > Its like 1 or 2 mails per day gets stuck there. > So i cleaned it up manually yesterday but this morning i had 1 new. > > The server is a Compaq DL360 with > SuSE Linux Enterprise 9 > postfix-2.1.1-1.4 > MailScanner 4.36.4 > SpamAssassin 3.0.1 > > Thanks for any help! > /Andreas Svensson, Hallsberg, Sweden. > -Here comes a cut from the log from tonights: > > Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from > unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: > client=unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: > header Received: from hallsberg.se (unknown [84.217.26.111])??by > mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for > ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) > from unknown[84.217.26.111]; from= > to= proto=SMTP helo= > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: > message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> > Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from > unknown[84.217.26.111] > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting > Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content > Scanning: Starting > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: > /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database > connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising > database connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content > Scanning: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: > /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database > connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising > database connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting > Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content > Scanning: Starting > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: > /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: > /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database > connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising > database connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock > Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content > Scanning: Starting > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: > /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 4 14:08:55 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:05 2006 Subject: todays AUSCERT alert, filename.rules.conf tweak Message-ID: Gang, See the AUSCERT bulletin below, if you haven't already. In light of this, I added the following to my filename.rules.conf file: #---added per AUSCERT bulletin AL-2005.001, Jan 4, 2005 deny|\.bmp$|Windows bitmap file|Possible buffer overflow in Explorer/Outlook deny|\.ico$|Windows icon file|Possible buffer overflow in Explorer/Outlook deny|\.ani$|Windows animated cursor file|Possible buffer overflow in Explorer/Outlook deny|\.cur$|Windows cursor file|Possible buffer overflow in Explorer/Outlook deny|\.hlp$|Windows Help file|Possible buffer overflow in Explorer/Outlook I replaced tabs with the pipe symbol (|) for this email. Maybe this should be rolled into the next edition of MailScanner? Jeff Earickson Colby College ---------- Forwarded message ---------- Date: Tue, 4 Jan 2005 05:34:25 UT From: auscert@auscert.org.au Reply-To: national-alerts@auscert.org.au To: national-alerts@auscert.org.au Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.001) Three vulnerabilities in Microsoft Windows and Internet Explorer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== A U S C E R T A L E R T AL-2005.001 -- AUSCERT ALERT Three vulnerabilities in Microsoft Windows and Internet Explorer 4 January 2005 =========================================================================== AusCERT Alert Summary --------------------- Product: Microsoft Internet Explorer Microsoft Outlook Microsoft Outlook Express Microsoft Windows Operating System: Windows Impact: Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2004-1305 CAN-2004-1306 SUMMARY: This alert describes three vulnerabilities in Microsoft Internet Explorer and other Windows components that may allow the remote execution of arbitrary code and denial of service. PROBLEMS: 1. A heap buffer overflow in the LoadImage code that handles .bmp, .ico, .ani and .cur files in Microsoft Internet Explorer, Outlook and Outlook Express allows an attacker to remotely compromise Windows systems. A vulnerable computer may be compromised if Internet Explorer is used to view a malicious web page, or if Outlook is used to view or preview a malicious email. This compromise can occur without any additional user interaction. Windows XP with Service Pack 2 installed is not vulnerable. All other Windows versions are vulnerable. 2. winhlp32.exe, the component of Windows that displays .hlp help files, contains a buffer overflow vulnerability allowing an attacker to execute arbitrary code if a malicious .hlp file is opened. All known Windows versions are vulnerable. 3. The Windows kernel incorrectly parses .ani files, allowing an attacker to cause a denial of service by referencing a malformed .ani file in a web page or email. A vulnerable computer can be crashed causing a denial of service if Internet Explorer or Outlook are used to view a malicious web page or email. This can occur without any additional user interaction. Windows XP with Service Pack 2 installed is not vulnerable. All other Windows versions are vulnerable. AusCERT advises that working proof of concept exploits for these vulnerabilities have been made public that allow remote compromise of systems running Windows. MITIGATION: There are currently no patches available to fix these vulnerabilities. AusCERT advises users and sites running Windows to evaluate their exposure to the vulnerabilities and to apply the following mitigation to reduce the risk of exploitation: For Windows XP: o Ensure that Service Pack 2 is installed. o Disable Active Scripting and ActiveX in the "Internet" and "My Computer" domains, as detailed below. Note that disabling scripting will stop the current proof of concept exploit code, but the LoadImage vulnerability may still be exploitable even if all scripting has been disabled. o Use a different web browser. For Windows 2000: o Disable Active Scripting and ActiveX in the "Internet" and "My Computer" domains, as detailed below. Note that disabling scripting will stop the current proof of concept exploit code, but the LoadImage vulnerability may still be exploitable even if all scripting has been disabled. o Use a different web browser. Instructions for disabling active content in Internet Explorer can be obtained from Microsoft's website. [1] The "My Computer" zone is usually not visible in the Internet Options dialog. To enable it, refer to the instructions on Microsoft's website. [2] It is advisable not to click on any links provided in email messages. If a user wishes to follow a link in an email it is best to type the address into the web browser by hand. Additional useful information may also be found in the AusCERT paper entitled "Protecting your computer from malicious code". [3] AusCERT will continue to monitor this vulnerability and any changes in exploit activity. AusCERT members will be updated as information becomes available. REFERENCES: [1] How to Disable Active Content in Internet Explorer http://support.microsoft.com/?kbid=154036 [2] How to Enable the My Computer Security Zone in Internet Options http://support.microsoft.com/?kbid=315933 [3] Protecting your computer from malicious code http://www.auscert.org.au/3352 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQdoq1ih9+71yA2DNAQKCmQP/eCOWetjLRnpQk8tiZIEe8KHzS43ZDWsh k8XYbi11ZJqkHtHohXNvjAw08oi1sP83xOPyBAVvhpKG3oZmronmQTvIp345B57U u7nmynXY17PN+NBRZuu4qEjY6pR0t1cJU38G51GwyFuoR0lB3CSspjP4XggX6mla w/NU/RR72AU= =Ih7m -----END PGP SIGNATURE----- AusCERT is the national computer emergency response team for Australia. We monitor various sources around the globe and provide reliable and independent information about serious computer network threats and vulnerabilities. AusCERT, which is a not-for-profit organisation, operates a cost-recovery service for its members and a smaller free security bulletin service to subscribers of the National Alerts Service. In the interests of protecting your information systems and keeping up to date with relevant information to protect your information systems, you should be aware that not all security bulletins published or distributed by AusCERT are included in the National Alert Service. AusCERT may publish and distribute bulletins to its members which contain information about serious computer network threats and vulnerabilities that could affect your information systems. Many of these security bulletins are publicly accessible from our web site. AusCERT maintains the mailing list for access to National Alerts Service security bulletins. If you are subscribed to the National Alerts Service and wish to cancel your subscription to this service, please follow the instructions at: http://www.auscert.org.au/msubmit.html?it=3058 Previous security bulletins published or distributed as part of the National Alerts Service can be retrieved from: http://national.auscert.org.au/render.html?cid=2998 Previous security bulletins published or distributed by AusCERT can be retrieved from: http://www.auscert.org.au/render.html?cid=1 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://national.auscert.org.au/render.html?it=3192 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jan 4 13:55:18 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy Greggs wrote: > Another great option IMHO is Norton Ghost. I use Corporate version 8, Works > perfectly on every linux distro that I have used it on, including Fedora. > Snag a big drive, ghost it over and change your partitions to the sizes you > want and you are good to go. Ghost will image an ATA IDE drive at around > 500mb/min in my experience. The downtime is very minimal. If you're talking commercial, my first tought is Partition Magic. Of course, better make a backup before. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 15:11:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: todays AUSCERT alert, filename.rules.conf tweak Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] They will be in the next release. Jeff A. Earickson wrote: > Gang, > > See the AUSCERT bulletin below, if you haven't already. In light of > this, > I added the following to my filename.rules.conf file: > > #---added per AUSCERT bulletin AL-2005.001, Jan 4, 2005 > deny|\.bmp$|Windows bitmap file|Possible buffer overflow in > Explorer/Outlook > deny|\.ico$|Windows icon file|Possible buffer overflow in > Explorer/Outlook > deny|\.ani$|Windows animated cursor file|Possible buffer overflow in > Explorer/Outlook > deny|\.cur$|Windows cursor file|Possible buffer overflow in > Explorer/Outlook > deny|\.hlp$|Windows Help file|Possible buffer overflow in > Explorer/Outlook > > I replaced tabs with the pipe symbol (|) for this email. Maybe this > should be rolled into the next edition of MailScanner? > > ---------- Forwarded message ---------- > Date: Tue, 4 Jan 2005 05:34:25 UT > From: auscert@auscert.org.au > Reply-To: national-alerts@auscert.org.au > To: national-alerts@auscert.org.au > Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.001) Three vulnerabilities in > Microsoft Windows and Internet Explorer > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > =========================================================================== > > A U S C E R T A L E > R T > > AL-2005.001 -- AUSCERT ALERT > Three vulnerabilities in Microsoft Windows and Internet Explorer > 4 January 2005 > > =========================================================================== > > > AusCERT Alert Summary > --------------------- > > Product: Microsoft Internet Explorer > Microsoft Outlook > Microsoft Outlook Express > Microsoft Windows > Operating System: Windows > Impact: Execute Arbitrary Code/Commands > Denial of Service > Access: Remote/Unauthenticated > CVE Names: CAN-2004-1305 CAN-2004-1306 > > > SUMMARY: > > This alert describes three vulnerabilities in Microsoft Internet > Explorer and other Windows components that may allow the remote > execution of arbitrary code and denial of service. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Tue Jan 4 16:02:34 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and SpamAssassin 3.0.2 - AutoWhiteList not working Message-ID: Hello! I just noticed that my spamassassin setup was using AWL, which I know I had disabled. So I looked in my Mailscanner.conf and I see : SpamAssassin Auto Whitelist = no Ok, so it's disabled. Stop MailScanner, delete the auto_whitelist files, and restart MailScanner. There they come back. How odd. So I added the line : use_auto_whitelist 0 To my spam.assassin.prefs.conf, and voila Auto Whitelist is disabled. Has anyone see this before ? My modules etc are listed below. [root@hemlock MailScanner]# cd bin [root@hemlock bin]# ./MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.43 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000002 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 16:13:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and SpamAssassin 3.0.2 - AutoWhiteList not working Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, known problem. Switching off AWL in MailScanner.conf no longer appears to work, it hasn't ever worked with SA3, and I haven't been able to track down why. Not yet, anyway. Michael H. Martel wrote: > Hello! > > I just noticed that my spamassassin setup was using AWL, which I know > I had > disabled. So I looked in my Mailscanner.conf and I see : > > SpamAssassin Auto Whitelist = no > > Ok, so it's disabled. Stop MailScanner, delete the auto_whitelist files, > and restart MailScanner. There they come back. How odd. > > So I added the line : > > use_auto_whitelist 0 > > To my spam.assassin.prefs.conf, and voila Auto Whitelist is disabled. > > Has anyone see this before ? > > My modules etc are listed below. > > [root@hemlock MailScanner]# cd bin > [root@hemlock bin]# ./MailScanner -v > Running on > Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 > i686 unknown > This is Red Hat Linux release 7.3 (Valhalla) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.37.7 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.43 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 3.05 MIME::Base64 > 5.415 MIME::Decoder > 5.415 MIME::Decoder::UU > 5.415 MIME::Head > 5.415 MIME::Parser > 3.03 MIME::QuotedPrint > 5.415 MIME::Tools > 0.09 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.810 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.000002 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.32 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > martelm@quark.vsc.edu | Vermont State Colleges > http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Tue Jan 4 16:23:47 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Hello! A Mail Server at one of my colleges was listed as an Open Relay. It was and it is now fixed. It was re-submitted and now when I do a lookup I get this result : This host is not listed in ORDB as an open mail relay Main database status for vtcmail1.vtc.vsc.edu (155.42.16.30) The host vtcmail1.vtc.vsc.edu is not in the main database Queue status for vtcmail1.vtc.vsc.edu (155.42.16.30) Last added to the queue by: 155.42.89.158 Last added to the queue at: 2004-12-30 14:15 GMT This submission has been confirmed Teststatus: All probes have been dispatched However, earlier today I've been getting mail tagged by MailScanner as possible spam because it believes that this server is still an Open Relay. If I perform the following command, I see that it appears to still be an Open Relay. [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 Non-authoritative answer: Name: 30.16.42.155.relays.ordb.org Address: 127.0.0.2 Trying a machine that I know isn't in the list, returns the expected results. [mhm06090@sage .procmail]$ nslookup 49.1.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 49.1.42.155.relays.ordb.org: NXDOMAIN I restarted my named process on my DNS server (155.42.1.7), and now it returns correctly. What have I configured wrong on my DNS server that it's doing this? [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 30.16.42.155.relays.ordb.org: NXDOMAIN Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 4 16:32:51 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Probably nothing... You don't control the TTL of cached entries. I'd guess that the cache got cleared by the restart. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael H. Martel > Sent: den 4 januari 2005 17:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner and ORDB rbl > > > Hello! > > A Mail Server at one of my colleges was listed as an Open > Relay. It was > and it is now fixed. It was re-submitted and now when I do a > lookup I get > this result : > > This host is not listed in ORDB as an open mail relay > > Main database status for vtcmail1.vtc.vsc.edu (155.42.16.30) > > The host vtcmail1.vtc.vsc.edu is not in the main database > > Queue status for vtcmail1.vtc.vsc.edu (155.42.16.30) > Last added to the queue by: 155.42.89.158 > Last added to the queue at: 2004-12-30 14:15 GMT > This submission has been confirmed > Teststatus: All probes have been dispatched > > > However, earlier today I've been getting mail tagged by MailScanner as > possible spam because it believes that this server is still > an Open Relay. > > > If I perform the following command, I see that it appears to > still be an > Open Relay. > > [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org > Note: nslookup is deprecated and may be removed from future releases. > Consider using the `dig' or `host' programs instead. Run > nslookup with > the `-sil[ent]' option to prevent this message from appearing. > Server: 155.42.1.7 > Address: 155.42.1.7#53 > > Non-authoritative answer: > Name: 30.16.42.155.relays.ordb.org > Address: 127.0.0.2 > > > Trying a machine that I know isn't in the list, returns the expected > results. > > [mhm06090@sage .procmail]$ nslookup 49.1.42.155.relays.ordb.org > Note: nslookup is deprecated and may be removed from future releases. > Consider using the `dig' or `host' programs instead. Run > nslookup with > the `-sil[ent]' option to prevent this message from appearing. > Server: 155.42.1.7 > Address: 155.42.1.7#53 > > ** server can't find 49.1.42.155.relays.ordb.org: NXDOMAIN > > > I restarted my named process on my DNS server (155.42.1.7), and now it > returns correctly. What have I configured wrong on my DNS > server that it's > doing this? > > [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org > Note: nslookup is deprecated and may be removed from future releases. > Consider using the `dig' or `host' programs instead. Run > nslookup with > the `-sil[ent]' option to prevent this message from appearing. > Server: 155.42.1.7 > Address: 155.42.1.7#53 > > ** server can't find 30.16.42.155.relays.ordb.org: NXDOMAIN > > > Thanks! > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > martelm@quark.vsc.edu | Vermont State Colleges > http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Tue Jan 4 16:34:36 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:28:05 2006 Subject: SpamAssassin not being used by MS 4.37.7-1 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I upgraded to MS 4.37.7-1 today. After the upgrade I don't see any MS headers in my emails and spamassassin doesn't seem to be being used by MS anymore. In my MailScanner.conf I see, Use SpamAssassin = yes Spam Score Header = X-%org-name%-MailScanner-SpamScore: Spam Header = X-%org-name%-MailScanner-SpamCheck: Mail Header = X-%org-name%-MailScanner: So how do I know if the emails are being scanned by SpamAssassin at all? regards -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 16:37:26 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Michael H. Martel wrote: Snip > I restarted my named process on my DNS server (155.42.1.7), and now it > returns correctly. What have I configured wrong on my DNS server > that it's doing this? Nothing. You configured it properly. DNS caches the results so that you don't have to do a query to an authoritative server every time. At the top of every DNS table is a stanza w/various numbers. One of them is a time to live parameter. It tells a DNS server to keep that record around for X number of seconds (minutes?) That way, when your DNS server gets an answer from a remote server, it won't have to do a new lookup for several hours or even days. But since people move their machines around and change addresses from time to time you don't want to cache the responses forever as sooner or later some will be out of date so they expire. Your DNS server just had a fresh answer so it didn't bother to do a new lookup. Stopping and restarting cleared it's cache... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jan 4 16:38:44 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Perhaps it's caching the response for a determinate amount of time, set by the TTL's on the RBL servers? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael H. Martel Sent: Tuesday, January 04, 2005 11:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner and ORDB rbl Hello! A Mail Server at one of my colleges was listed as an Open Relay. It was and it is now fixed. It was re-submitted and now when I do a lookup I get this result : This host is not listed in ORDB as an open mail relay Main database status for vtcmail1.vtc.vsc.edu (155.42.16.30) The host vtcmail1.vtc.vsc.edu is not in the main database Queue status for vtcmail1.vtc.vsc.edu (155.42.16.30) Last added to the queue by: 155.42.89.158 Last added to the queue at: 2004-12-30 14:15 GMT This submission has been confirmed Teststatus: All probes have been dispatched However, earlier today I've been getting mail tagged by MailScanner as possible spam because it believes that this server is still an Open Relay. If I perform the following command, I see that it appears to still be an Open Relay. [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 Non-authoritative answer: Name: 30.16.42.155.relays.ordb.org Address: 127.0.0.2 Trying a machine that I know isn't in the list, returns the expected results. [mhm06090@sage .procmail]$ nslookup 49.1.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 49.1.42.155.relays.ordb.org: NXDOMAIN I restarted my named process on my DNS server (155.42.1.7), and now it returns correctly. What have I configured wrong on my DNS server that it's doing this? [mhm06090@sage .procmail]$ nslookup 30.16.42.155.relays.ordb.org Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 155.42.1.7 Address: 155.42.1.7#53 ** server can't find 30.16.42.155.relays.ordb.org: NXDOMAIN Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator martelm@quark.vsc.edu | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 16:41:54 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner and ORDB rbl Message-ID: Michael H. Martel wrote: > > I restarted my named process on my DNS server (155.42.1.7), and now it > returns correctly. What have I configured wrong on my DNS server > that it's doing this? Just a quick followup. See http://www.dnsreport.com/tools/dnsreport.ch?domain=vtc.vsc.edu for a quick report on the state of your DNS. It's quite a handy site for doing sanity checks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jan 4 16:22:12 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:05 2006 Subject: Frontend? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Filchak wrote: > I'm sure it even makes popcorn!! ;-) > Probably Kettle Corn, and cotton candy too!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 4 16:58:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: SpamAssassin not being used by MS 4.37.7-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Start by checking that MailScanner is actually running at all, and also that you aren't running your old sendmail setup, which won't put anything in /var/spool/mqueue.in. Do a "tail -f /var/log/maillog" and see if MailScanner is saying anything. BG Mahesh wrote: >hi > >I upgraded to MS 4.37.7-1 today. After the upgrade I don't see any MS headers in my emails and spamassassin doesn't seem to be being used by MS anymore. In my MailScanner.conf I see, > >Use SpamAssassin = yes >Spam Score Header = X-%org-name%-MailScanner-SpamScore: >Spam Header = X-%org-name%-MailScanner-SpamCheck: >Mail Header = X-%org-name%-MailScanner: > >So how do I know if the emails are being scanned by SpamAssassin at all? > >regards > > >-- >B.G. Mahesh >bg.mahesh@indiainfo.com >http://www.indiainfo.com/ > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 4 17:44:59 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo and anyone who cares to respond, And if we weren't talking commercial? Any open source solution come to mind that is comparable? I want to ghost a small system drive on my firewall since I've been getting a few I/O errors lately... looking for a complete mirror so I can simply swap in the ghosted drive for a little insurance. thanks, k Ken Goods Network Administrator AIA Insurance, Inc. -----Original Message----- From: Ugo Bellavance [mailto:ugob@CAMO-ROUTE.COM] Sent: Tuesday, January 04, 2005 5:55 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] spam: Re: Mail Server problems Tracy Greggs wrote: > Another great option IMHO is Norton Ghost. I use Corporate version 8, Works > perfectly on every linux distro that I have used it on, including Fedora. > Snag a big drive, ghost it over and change your partitions to the sizes you > want and you are good to go. Ghost will image an ATA IDE drive at around > 500mb/min in my experience. The downtime is very minimal. If you're talking commercial, my first tought is Partition Magic. Of course, better make a backup before. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ldg at TLS.NET Tue Jan 4 18:11:35 2005 From: ldg at TLS.NET (Dave Goodrich) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: Ken Goods wrote: > Ugo and anyone who cares to respond, > > And if we weren't talking commercial? Any open source solution come to mind > that is comparable? I want to ghost a small system drive on my firewall > since I've been getting a few I/O errors lately... looking for a complete > mirror so I can simply swap in the ghosted drive for a little insurance. > When I build my new mail servers a few weeks ago, I built one up and tested it. When it worked the way I wanted I just logged into the other machines, partitioned and formatted the drives like I wanted. Then I used dump over ssh to move the working server into the next server, and the next, and so on. I was installing on FreeBSD 5.2.1 boxes. Fast, simple, secure, and free. DAve > > -----Original Message----- > From: Ugo Bellavance [mailto:ugob@CAMO-ROUTE.COM] > Sent: Tuesday, January 04, 2005 5:55 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] spam: Re: Mail Server problems > > > Tracy Greggs wrote: > >>Another great option IMHO is Norton Ghost. I use Corporate version 8, > > Works > >>perfectly on every linux distro that I have used it on, including Fedora. >>Snag a big drive, ghost it over and change your partitions to the sizes > > you > >>want and you are good to go. Ghost will image an ATA IDE drive at around >>500mb/min in my experience. The downtime is very minimal. > > > If you're talking commercial, my first tought is Partition Magic. Of > course, better make a backup before. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at WEALDCLOSE.CO.UK Tue Jan 4 18:18:11 2005 From: mailscanner at WEALDCLOSE.CO.UK (Kristian Shaw) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, For imaging one drive to another either directly or via an FTP server I use ghost for unix. The destination drive needs to be identical or bigger as GFU doesn't resize file systems. http://rfhs8012.fh-regensburg.de/~feyrer/g4u/ For resizing drives I use QTParted which is available on SystemRescueCD, although I've only used this in anger with FAT32 and NTFS. http://www.sysresccd.org/ Kris. ----- Original Message ----- From: "Ken Goods" To: Sent: Tuesday, January 04, 2005 5:44 PM Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems > Ugo and anyone who cares to respond, > > And if we weren't talking commercial? Any open source solution come to mind > that is comparable? I want to ghost a small system drive on my firewall > since I've been getting a few I/O errors lately... looking for a complete > mirror so I can simply swap in the ghosted drive for a little insurance. > > thanks, > k > > Ken Goods > Network Administrator > AIA Insurance, Inc. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin.Spicer at BMRB.CO.UK Tue Jan 4 18:21:01 2005 From: Kevin.Spicer at BMRB.CO.UK (Spicer, Kevin (MBLEA it)) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Goodrich >When I build my new mail servers a few weeks ago, I built one up and tested it. When it worked the way I wanted I just >logged into the other machines, partitioned and formatted the drives like I wanted. Then I used dump over ssh to move >the working server into the next server, and the next, and so on. I was installing on FreeBSD 5.2.1 boxes. >Fast, simple, secure, and free. I've done similar things using ufsdump on solaris and occaisionally tar (although with data only I think). Of course if you're lucky enough to have mirrored hot swap disks in your servers the easiest way is just to break the mirror, pop in a new disk and wait for it to sync, voila! BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jan 4 18:38:24 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Goodrich wrote: > Ken Goods wrote: > >> Ugo and anyone who cares to respond, >> >> And if we weren't talking commercial? Any open source solution come to >> mind >> that is comparable? I want to ghost a small system drive on my firewall >> since I've been getting a few I/O errors lately... looking for a complete >> mirror so I can simply swap in the ghosted drive for a little insurance. >> > > When I build my new mail servers a few weeks ago, I built one up and > tested it. When it worked the way I wanted I just logged into the other > machines, partitioned and formatted the drives like I wanted. Then I > used dump over ssh to move the working server into the next server, and > the next, and so on. I was installing on FreeBSD 5.2.1 boxes. > > Fast, simple, secure, and free. > > DAve > If i understand your requirements correctly, then you could checkout mondo rescue as well. http://www.microwerks.net/~hugo/ Basically you can create an image of an entire system without any downtime and store the isos either on the network or on a CD. Recovery can be done on a different drive on different hardware (doesn't need to be the same scsi controller etc..) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jan 4 18:42:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kristian Shaw wrote: > Hello, > > For imaging one drive to another either directly or via an FTP server I use > ghost for unix. The destination drive needs to be identical or bigger as GFU > doesn't resize file systems. > > http://rfhs8012.fh-regensburg.de/~feyrer/g4u/ > > For resizing drives I use QTParted which is available on SystemRescueCD, > although I've only used this in anger with FAT32 and NTFS. I haven't been able to get QTParted to resize ext3 partitions, so I guess you would have to convert to ext2 before the resize. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Tue Jan 4 18:54:06 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: [MAILSCANNER] spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > If i understand your requirements correctly, then you could checkout > mondo rescue as well. > > http://www.microwerks.net/~hugo/ > > Basically you can create an image of an entire system without any > downtime and store the isos either on the network or on a CD. Recovery > can be done on a different drive on different hardware (doesn't need to > be the same scsi controller etc..) The new website for mondo rescue is: http://mondorescue.org Also, the more similar the hardware, the better. Don't expect to back up a Pentium and restore to an Athlon, for example. But certainly different disk sizes and partition layouts can be done easily. It helps if you have your system set up to check for new hardware on bootup, so for example, have kudzu set up to run on RedHat or Fedora systems. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 19:14:24 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: Two quick questions Message-ID: I'm building a new MailScanner box on SuSE 9.2 and have a couple quick questions on clamav. The current stable tarball is listed as .80 There are some .rpms built that are listed as .80-1.1. Do I need the .80-1.1 version or is the stable .80 tarball fine? Historically I've always installed from the tarball and am undecided if using .rpms would be a step forward or backward as far as upgrading in the future. Also, there's two rpm files listed: clamav and clamav-db. Do I need both? If I install from the tarball will it include both? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jan 4 19:32:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Ugo and anyone who cares to respond, > > And if we weren't talking commercial? Any open source solution come to mind > that is comparable? I want to ghost a small system drive on my firewall > since I've been getting a few I/O errors lately... looking for a complete > mirror so I can simply swap in the ghosted drive for a little insurance. > > thanks, > k Yes, I just found that: http://www.sysresccd.org/ In fact, I found it a couple of months ago, but didn't have time to test it. You boot on it and you can run qtQparted, wich is a Partition-magic clone. For your ghost issue, it also provides partimage wich is a client-server imaging software. Hope this helps, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jan 4 19:35:22 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: spam: Re: Mail Server problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mark Nienberg wrote: > Dhawal Doshy wrote: > >> If i understand your requirements correctly, then you could checkout >> mondo rescue as well. >> >> http://www.microwerks.net/~hugo/ >> >> Basically you can create an image of an entire system without any >> downtime and store the isos either on the network or on a CD. Recovery >> can be done on a different drive on different hardware (doesn't need to >> be the same scsi controller etc..) > > > The new website for mondo rescue is: > http://mondorescue.org > > Also, the more similar the hardware, the better. Don't expect to back > up a Pentium and restore to an Athlon, for example. But certainly > different disk sizes and partition layouts can be done easily. It helps > if you have your system set up to check for new hardware on bootup, so > for example, have kudzu set up to run on RedHat or Fedora systems. I've been using mondo for a while, quite good, but the supports seems to be going down. :(. Have a look at DAR. http://dar.linux.free.fr/. I haven't tried it yet, but it seems to have a more stable history. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 4 19:58:52 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:05 2006 Subject: OT: RE: spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Yes, I just found that: > > http://www.sysresccd.org/ > > In fact, I found it a couple of months ago, but didn't have time to > test it. > > You boot on it and you can run qtQparted, wich is a Partition-magic > clone. > > For your ghost issue, it also provides partimage wich is a > client-server imaging software. > > Hope this helps, > > Ugo > Ugo (and all others who were kind enough to post), Thank you very much for the info... gave me a good start and is appreciated much. Kind regards, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fdalmoro at HOTPOP.COM Tue Jan 4 20:20:08 2005 From: fdalmoro at HOTPOP.COM (Fernando) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, sorry if I didn't include something that could have been useful, I'm not too familiar with linux in general so I'm not sure where to start. Currently I have a RH 8 server scanning messages using Mailscanner/sendmail/AV. There are about 25 domains on this scanner but everything is set to relay to another email server with IMail and one domain points to an exchange server. Needless to say that the exchange server is down every other weekend so what I would like to do is keep the email's 'mailbagged' on the RH server whenever the exchange server goes down. It would only be for the specific domain, I don't want to turn this feature on for all of the domains. Can anyone please point me in the right direction? Thanks Fernando ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Tue Jan 4 20:42:40 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fernando wrote: > Hello, sorry if I didn't include something that could have been useful, > I'm not too familiar with linux in general so I'm not > sure where to start. > > Currently I have a RH 8 server scanning messages using > > Mailscanner/sendmail/AV. There are about 25 domains on this scanner but > everything is set to relay to another email server with IMail and one > domain points to an exchange server. > > Needless to say that the exchange server is down every other weekend so > what I would like to do is keep the email's 'mailbagged' on the RH > server whenever the exchange server goes down. It would only be for the > specific domain, I don't want to turn this feature on for all of the > domains. > You shouldn't have to do anything special as sendmail normally queues mail for 5 days by default, so if the receiving mail server is unreponsive the mail should not be lost - works for us :) Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Tue Jan 4 20:51:23 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: Just want everyone to know what a peice of SHIT Exchange server 2003 really is!! It has put another patch of grey hair on my head just in the last 24 hours .. . .. . . Just venting..I feel a little better. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 4 20:56:40 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: Gang, We have been using Qualcomm's qpopper here for ages. I'm trying to get TLS/SSL working with it and the documentation is weak. I'm just wondering what others use for open-source POP servers out there. Suggestions for good secure documented code, please... Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jan 4 21:09:57 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson writes: > Gang, > > We have been using Qualcomm's qpopper here for ages. I'm trying to > get TLS/SSL working with it and the documentation is weak. I'm just > wondering what others use for open-source POP servers out there. > Suggestions for good secure documented code, please... > > Jeff Earickson > Colby College mbox / maildir? for maildir, courier-imap is a brilliant option, so is the in-built pop3 server in qmail.. not too sure about mbox though. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fdalmoro at HOTPOP.COM Tue Jan 4 21:14:07 2005 From: fdalmoro at HOTPOP.COM (Fernando) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: Fernando wrote: Hello, sorry if I didn't include something that could have been useful, I'm not too familiar with linux in general so I'm not sure where to start. Currently I have a RH 8 server scanning messages using Mailscanner/sendmail/AV. There are about 25 domains on this scanner but everything is set to relay to another email server with IMail and one domain points to an exchange server. Needless to say that the exchange server is down every other weekend so what I would like to do is keep the email's 'mailbagged' on the RH server whenever the exchange server goes down. It would only be for the specific domain, I don't want to turn this feature on for all of the domains. You shouldn't have to do anything special as sendmail normally queues mail for 5 days by default, so if the receiving mail server is unreponsive the mail should not be lost - works for us :) Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Oh great, that's easier than I thought ;) . Do you know where I can look to make sure that the setting is correct or to extend the timeout periods? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 4 21:16:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: sorry... mbox format. On Wed, 5 Jan 2005, Dhawal Doshy wrote: > Date: Wed, 5 Jan 2005 02:39:57 +0530 > From: Dhawal Doshy > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: what POP server code do you use? > > Jeff A. Earickson writes: > >> Gang, >> >> We have been using Qualcomm's qpopper here for ages. I'm trying to >> get TLS/SSL working with it and the documentation is weak. I'm just >> wondering what others use for open-source POP servers out there. >> Suggestions for good secure documented code, please... >> >> Jeff Earickson >> Colby College > > mbox / maildir? > > for maildir, courier-imap is a brilliant option, so is the in-built pop3 > server in qmail.. not too sure about mbox though. > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.siddall at ELIRION.NET Tue Jan 4 21:19:39 2005 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: Jeff A. Earickson wrote: > Gang, > > We have been using Qualcomm's qpopper here for ages. I'm trying to > get TLS/SSL working with it and the documentation is weak. I'm just > wondering what others use for open-source POP servers out there. > Suggestions for good secure documented code, please... > > Jeff Earickson > Colby College > Jeff, What problems are you having? We have had qpopper with TLS/SSL working on a lab machine for quite a while. Looks like we built it passing "--with-openssl" to ./configure. From /etc/inetd.conf (watch the line wrap): # # Pop and imap mail services et al # pop-3 stream tcp nowait root /usr/sbin/tcpd in.qpopper -R -f /etc/mail/qpopper-110.config spop3 stream tcp nowait root /usr/sbin/tcpd in.qpopper -R -f /etc/mail/qpopper-995.config And stuck some configuration files in /etc/mail: more /etc/mail/qpopper-* :::::::::::::: qpopper-110.config :::::::::::::: set tls-support = stls set config-file = /etc/mail/qpopper-tls.config :::::::::::::: qpopper-995.config :::::::::::::: set tls-support = alternate-port set config-file = /etc/mail/qpopper-tls.config :::::::::::::: qpopper-tls.config :::::::::::::: set tls-server-cert-file = /home/sites/home/certs/certificate set tls-private-key-file = /home/sites/home/certs/key The certificate and key are commercial. As far as I remember, we did not try self-signed certs. This set-up lets you do secure POP over port 995, or have the mail client request TLS on the standard POP port, 110. Both ports use the same certificate. Regards, Richard Siddall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Leonard.Hermens at POTLATCHCORP.COM Tue Jan 4 21:24:06 2005 From: Leonard.Hermens at POTLATCHCORP.COM (Leonard Hermens) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: At 01:14 PM 1/4/2005, Fernando wrote: >Oh great, that's easier than I thought ;) . Do you know where I can look >to make sure that the setting is correct or to extend the timeout periods? > >Thanks The raw config file is usually /etc/mail/sendmail.cf Look for: O Timeout.queuereturn=2h O Timeout.queuewarn=1h The times shown here are 1 hour for warnings and two hours to return the mail. The time can be set for 7d for seven days, etc. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Leonard.Hermens at POTLATCHCORP.COM Tue Jan 4 21:27:35 2005 From: Leonard.Hermens at POTLATCHCORP.COM (Leonard Hermens) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: At 12:51 PM 1/4/2005, James R. Stevens wrote: >Just want everyone to know what a peice of SH*T Exchange server 2003 >really is!! It has put another patch of grey hair on my head just in the >last 24 hours Would you mind sharing (briefly) your issues? We are fully open source for email here, but I like to find out some of the issues people are having with the other side of things. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Tue Jan 4 21:42:50 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Oh great, that's easier than I thought ;) . Do you know where I can look > to make sure that the setting is correct or to extend the timeout You'll know if the settings are correct if you are getting the mail on the correct server :) As for the timeout - that would be a sendmail thing. I know you can modify it, but I haven't ever messed with that - the default setting is usually more than enough. If your mail server is down for more than 5 days you might as well close up shop! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fdalmoro at HOTPOP.COM Tue Jan 4 21:47:59 2005 From: fdalmoro at HOTPOP.COM (Fernando) Date: Thu Jan 12 21:28:05 2006 Subject: How to setup Mailbag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon::Blacknight Solutions wrote: Oh great, that's easier than I thought ;) . Do you know where I can look to make sure that the setting is correct or to extend the timeout You'll know if the settings are correct if you are getting the mail on the correct server :) As for the timeout - that would be a sendmail thing. I know you can modify it, but I haven't ever messed with that - the default setting is usually more than enough. If your mail server is down for more than 5 days you might as well close up shop! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Yeah that's true. Thanks to the respondents!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Tue Jan 4 21:59:33 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: Absolutely, We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal execpt The name of the domain needs changing. Trusts are enabled migrations have been tested. I just need to make the second(Future domain name)accepted the forwarded mail from the old Domain controller/Exchane server. SMTP Gateway MS + SA + ClamAV Pushes mail to Exchange server via DomainTable. All is great but the new 2003 DC/Echane server will not accept the orwarded mail. Getting: no valid recipiets and unable to relay will talking to Is something I'm missing on the new config. -----Original Message----- From: Leonard Hermens [mailto:Leonard.Hermens@POTLATCHCORP.COM] Sent: Tuesday, January 04, 2005 3:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Why oh Why!! At 12:51 PM 1/4/2005, James R. Stevens wrote: >Just want everyone to know what a peice of SH*T Exchange server 2003 >really is!! It has put another patch of grey hair on my head just in the >last 24 hours Would you mind sharing (briefly) your issues? We are fully open source for email here, but I like to find out some of the issues people are having with the other side of things. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From krausem at gmail.com Tue Jan 4 22:13:04 2005 From: krausem at gmail.com (Matt Krause) Date: Thu Jan 12 21:28:05 2006 Subject: Differences between spamassassin rules in MailScanner.conf Message-ID: I am trying to figure out the difference between the following settings in the MailScanner.conf file? # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin # The site-local rules are searched for here, and in prefix/etc/spamassassin, # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, # /etc/mail/spamassassin, and maybe others. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin SpamAssassin Local Rules Dir = # The default rules are searched for here, and in prefix/share/spamassassin, # /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin SpamAssassin Default Rules Dir = Thanks. -- Matt Krause krausem@gmail.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Jan 4 22:23:16 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:05 2006 Subject: Slightly OT: Installing Razor Message-ID: I just tried to install Razor2 prior to installing MailScanner, and the 'make test' portion went fine except for this: t/heuristic......Failed test 7 I googled for it, but only found others that had the same issue - no replies. Is this a showstopper? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Tue Jan 4 22:49:09 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. Regards -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: Tuesday, January 04, 2005 08:21 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Rules are set to store and delete. Archive Mail in MailScanner.conf is empty More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. Regards ________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn Sent: Tuesday, January 04, 2005 08:12 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. Do you archive mails? Perhaps to a mailbox?   -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: den 4 januari 2005 01:51 To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: [root@gw-m log]# grep 6FD731C0008 maillog Jan  3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com  with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com  (comcast.net  241.136.137.254)??by optonline.net  (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com  (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> Jan  3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) Jan  3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete Jan  3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 Jan  3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? If you need more information, please let me know. Regards ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Tue Jan 4 23:23:14 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:05 2006 Subject: Slightly OT: Installing Razor Message-ID: On Tue, 4 Jan 2005, Kevin Miller wrote: > I just tried to install Razor2 prior to installing MailScanner, and the > 'make test' portion went fine except for this: > > t/heuristic......Failed test 7 > > I googled for it, but only found others that had the same issue - no > replies. > > Is this a showstopper? Nope, just do a 'make install' and you should be off to the races... be sure and do all the extra little steps required to setup Razor, per the docs. When you are done do a 'spamassassin -D --lint' and look for the Razor2 available line. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Wed Jan 5 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: Is this an upgrade from exchange 2000 to 2003 as well? Errol -----Original Message----- From: "James R. Stevens" Date: Tue, 4 Jan 2005 15:59:33 To:MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Why oh Why!! Absolutely, We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal execpt The name of the domain needs changing. Trusts are enabled migrations have been tested. I just need to make the second(Future domain name)accepted the forwarded mail from the old Domain controller/Exchane server. SMTP Gateway MS + SA + ClamAV Pushes mail to Exchange server via DomainTable. All is great but the new 2003 DC/Echane server will not accept the orwarded mail. Getting: no valid recipiets and unable to relay will talking to Is something I'm missing on the new config. -----Original Message----- From: Leonard Hermens [mailto:Leonard.Hermens@POTLATCHCORP.COM] Sent: Tuesday, January 04, 2005 3:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Why oh Why!! At 12:51 PM 1/4/2005, James R. Stevens wrote: >Just want everyone to know what a peice of SH*T Exchange server 2003 >really is!! It has put another patch of grey hair on my head just in the >last 24 hours Would you mind sharing (briefly) your issues? We are fully open source for email here, but I like to find out some of the issues people are having with the other side of things. -- Leonard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 01:35:10 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:05 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try reading up on Recipient Update Policies in Exchange 2003. If the new SMTP address is not in the profile's listing then Exchange will reject the mail with the error that you mentioned. Exchange needs to know that it is responsible for another domain name or it will consider it a relay and consequently dump the connection. On the Exchange 2003 box: Start > All Programs > Exchange 2003 > System Manager Inside system manager: Recipients > Recipient Policies > Default Policy (right click to get properties) Add the new domain under Email Addresses (Policy) and enable it to add the new domain to Exchange. -Vlad Errol Uriel Neal Jr. wrote: >Is this an upgrade from exchange 2000 to 2003 as well? > >Errol >-----Original Message----- >From: "James R. Stevens" >Date: Tue, 4 Jan 2005 15:59:33 >To:MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Why oh Why!! > >Absolutely, > >We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal >execpt The name of the domain needs changing. > >Trusts are enabled migrations have been tested. I just need to make the >second(Future domain name)accepted the forwarded mail from the old >Domain controller/Exchane server. > >All is great but the new 2003 DC/Echane server will not accept the >orwarded mail. > >Getting: no valid recipiets and unable to relay will >talking to > >Is something I'm missing on the new config. > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 01:37:15 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Take a look at Dovecot. Development on it is very active and its very flexible. -Vlad >> >> We have been using Qualcomm's qpopper here for ages. I'm trying to >> get TLS/SSL working with it and the documentation is weak. I'm just >> wondering what others use for open-source POP servers out there. >> Suggestions for good secure documented code, please... > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Wed Jan 5 05:56:49 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I second dovecot. I have been using it with Maildir for a year now. Easy, real easy to get working. Its IMAP functions are really nice too. Schrock > Take a look at Dovecot. Development on it is very active and its very > flexible. > > -Vlad > >>> >>> We have been using Qualcomm's qpopper here for ages. I'm trying to >>> get TLS/SSL working with it and the documentation is weak. I'm just >>> wondering what others use for open-source POP servers out there. >>> Suggestions for good secure documented code, please... >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 06:46:33 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:05 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: I would like to configure Sendmail outgoing to not generate a 'bounce reply' if the target user is 'unknown or invalid'. Basically if Sendmail Outgoing is unable to deliver it then it should keep attempting to deliver, but if its told by the receiving server the user doesn't exist then I don't want it to reply back to the spammer that it doesn't exist, instead it should just discard the email. Anyone know if Sendmail can be configured in this way? Sick of seeing the server attempt to delivery thousands of invalid or unknown user replies usually to invalid FROM addresses. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mlm at LOANPROCESSING.NET Wed Jan 5 06:57:19 2005 From: mlm at LOANPROCESSING.NET (Mike McMullen) Date: Thu Jan 12 21:28:05 2006 Subject: OT: what POP server code do you use? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ----- Original Message ----- From: "Avery Day" To: Sent: Tuesday, January 04, 2005 9:56 PM Subject: Re: OT: what POP server code do you use? >I second dovecot. I have been using it with Maildir for a year now. > Easy, real easy to get working. Its IMAP functions are really nice too. > > Schrock > >> Take a look at Dovecot. Development on it is very active and its very >> flexible. >> >> -Vlad >> >>>> >>>> We have been using Qualcomm's qpopper here for ages. I'm trying to >>>> get TLS/SSL working with it and the documentation is weak. I'm just >>>> wondering what others use for open-source POP servers out there. >>>> Suggestions for good secure documented code, please... >>> I'll gladly third the usefullness of dovecot. I migrated our office Sunday from FC1 + UW-IMAP to FC3 and dovecot using mbox format. It was almost trivial and the performance increase was like 3-5 times for large (400MB+) mbox folders. I have TLS/SSL working with it for all my out of office employees and aside from resetting their listed imap folders (in OE) or refreshing their folder list (Netscape) no one had to do anything funky Monday morning and it all worked. Dovecot may take some extra work for POP3 UID compatibility. Check out http://dovecot.org/. Also see http://wiki.dovecot.org/Migration for migration info from different IMAP Hope this helps, Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andreas.svensson at HALLSBERG.SE Wed Jan 5 08:35:26 2005 From: andreas.svensson at HALLSBERG.SE (Andreas Svensson) Date: Thu Jan 12 21:28:05 2006 Subject: Sv: Re: Some messages gets stuck in postfix/hold Message-ID: It looks like it's working now. It have probably passed a couple of 1000 mails and no mails hanging in hold now... I have put clamav before panda and have mailwatch disabled. Will try to enable mailwatch now and see if it still works out. If, then the problem is Panda in some way.. /Andreas, Hallsberg, Sweden. >>> Glenn.Steen@AP1.SE 2005-01-04 15:04:25 >>> Do you get anything more interresting if you run it through with just one of the av-scanners? Or if you run it in debug mode? -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Andreas Svensson > Sent: den 4 januari 2005 08:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Some messages gets stuck in postfix/hold > > > Good Morning. > I have a problem with Mailscanner on Postfix running as a gateway in > front of my Groupwise server. > Some, very few messages gets stuck in hold directory of postfix spool. > It looks like these messages only are spam or virus. > Yesterday i had like 20 mails from the past two weeks. > Its like 1 or 2 mails per day gets stuck there. > So i cleaned it up manually yesterday but this morning i had 1 new. > > The server is a Compaq DL360 with > SuSE Linux Enterprise 9 > postfix-2.1.1-1.4 > MailScanner 4.36.4 > SpamAssassin 3.0.1 > > Thanks for any help! > /Andreas Svensson, Hallsberg, Sweden. > -Here comes a cut from the log from tonights: > > Jan 3 23:04:00 mg-hbg17 postfix/smtpd[24037]: connect from > unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/smtpd[24037]: 00E7B1BFCF: > client=unknown[84.217.26.111] > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: hold: > header Received: from hallsberg.se (unknown [84.217.26.111])??by > mg-hbg17.hallsberg.se (Postfix) with SMTP id 00E7B1BFCF??for > ; Mon, 3 Jan 2005 23:04:00 +0100 (CET) > from unknown[84.217.26.111]; from= > to= proto=SMTP helo= > Jan 3 23:04:01 mg-hbg17 postfix/cleanup[24038]: 00E7B1BFCF: > message-id=<20050103220400.00E7B1BFCF@mg-hbg17.hallsberg.se> > Jan 3 23:04:02 mg-hbg17 postfix/smtpd[24037]: disconnect from > unknown[84.217.26.111] > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:04 mg-hbg17 MailScanner[22584]: Spam Checks: Starting > Jan 3 23:04:20 mg-hbg17 MailScanner[22584]: Virus and Content > Scanning: Starting > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: > /var/spool/MailScanner/incoming/22584/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:21 mg-hbg17 MailScanner[22584]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22584##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22584-10.html' => Exploit/iFrame## > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:23 mg-hbg17 MailScanner[22584]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Initialising database > connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Finished initialising > database connection > Jan 3 23:04:23 mg-hbg17 MailScanner[24059]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:25 mg-hbg17 MailScanner[22560]: Spam Checks: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: Virus and Content > Scanning: Starting > Jan 3 23:04:30 mg-hbg17 MailScanner[22560]: > /var/spool/MailScanner/incoming/22560/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:31 mg-hbg17 MailScanner[22560]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus: 2##Base: > /var/spool/MailScanner/incoming/22560##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-22560-16.html' => Exploit/iFrame## > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:33 mg-hbg17 MailScanner[22560]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Initialising database > connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Finished initialising > database connection > Jan 3 23:04:33 mg-hbg17 MailScanner[24081]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Using locktype = flock > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:34 mg-hbg17 MailScanner[24059]: Spam Checks: Starting > Jan 3 23:04:37 mg-hbg17 MailScanner[24059]: Virus and Content > Scanning: Starting > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: > /var/spool/MailScanner/incoming/24059/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > Jan 3 23:04:38 mg-hbg17 MailScanner[24059]: Virus Scanning: ClamAV > found 1 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus: 2##Base: > /var/spool/MailScanner/incoming/24059##1: '00E7B1BFCF/message.scr' => > W32/Netsky##2: '00E7B1BFCF/msg-24059-2.html' => Exploit/iFrame## > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Panda > found 2 infections > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Infected message > 00E7B1BFCF came from 84.217.26.111 > Jan 3 23:04:40 mg-hbg17 MailScanner[24059]: Virus Scanning: Found 2 > viruses > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: New Batch: Scanning 1 > messages, 42859 bytes > Jan 3 23:04:41 mg-hbg17 MailScanner[22410]: Spam Checks: Starting > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: MailScanner E-Mail Virus > Scanner version 4.36.4 starting... > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Config: calling custom > init function MailWatchLogging > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Initialising database > connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Finished initialising > database connection > Jan 3 23:04:43 mg-hbg17 MailScanner[24107]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 3 23:04:46 mg-hbg17 MailScanner[24081]: Using locktype = flock > Jan 3 23:04:47 mg-hbg17 MailScanner[24107]: Using locktype = flock > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: Virus and Content > Scanning: Starting > Jan 3 23:04:48 mg-hbg17 MailScanner[22410]: > /var/spool/MailScanner/incoming/22410/./00E7B1BFCF/message.scr: > Worm.SomeFool.P FOUND > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:26:27 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: spam: Re: Mail Server problems Message-ID: Just take care to verify (as best as possible) any image you make. Imaging a drive on the imminent path to posterity can be less than easy. I find the smartmontool to be a good thing(tm), to catch drives *before* they go bad. Have a look at http://smartmontools.sourceforge.net/ -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ken Goods > Sent: den 4 januari 2005 20:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: RE: spam: Re: Mail Server problems > > > Ugo Bellavance wrote: > > > Yes, I just found that: > > > > http://www.sysresccd.org/ > > > > In fact, I found it a couple of months ago, but didn't have time to > > test it. > > > > You boot on it and you can run qtQparted, wich is a Partition-magic > > clone. > > > > For your ghost issue, it also provides partimage wich is a > > client-server imaging software. > > > > Hope this helps, > > > > Ugo > > > > Ugo (and all others who were kind enough to post), > > Thank you very much for the info... gave me a good start and > is appreciated > much. > > Kind regards, > Ken > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:42:33 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: Two quick questions Message-ID: In my experience, going with rpms for clamav is a bad thing. You always want to stay with the latest (stable) tarball, and it might take a while for the rpms to be generated. And it is a fast/simple build/install...:) If you go with rpm you'd need a "seed database" and the actual program package. I think you could guess which is which:-) I've not looked at any clamav rpms in a while, but... Isn't it likely that the "-1,1" is the rpm packaging version, and have next to nothing to do with the clamav versioning? -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kevin Miller Sent: den 4 januari 2005 20:14 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Two quick questions I'm building a new MailScanner box on SuSE 9.2 and have a couple quick questions on clamav. The current stable tarball is listed as .80 There are some .rpms built that are listed as .80-1.1. Do I need the .80-1.1 version or is the stable .80 tarball fine? Historically I've always installed from the tarball and am undecided if using .rpms would be a step forward or backward as far as upgrading in the future. Also, there's two rpm files listed: clamav and clamav-db. Do I need both? If I install from the tarball will it include both? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ^@ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 09:48:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can anyone else reproduce this problem for me please? I have tried to make it do it, and I can't reproduce it. It works fine on my test systems. Mailing List wrote: >Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. > >Regards > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: Tuesday, January 04, 2005 08:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Rules are set to store and delete. >Archive Mail in MailScanner.conf is empty > >More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. > >Regards > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn >Sent: Tuesday, January 04, 2005 08:12 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. >Do you archive mails? Perhaps to a mailbox? > >-- Glenn >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: den 4 januari 2005 01:51 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: > >[root@gw-m log]# grep 6FD731C0008 maillog >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> >Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL > >This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? > >If you need more information, please let me know. > >Regards >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:48:46 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:05 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hopefully Julian will have (time to have) a look. -- Glenn (who is swamped until sometime next week) > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > Sent: den 4 januari 2005 23:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > Downgrading back to 4.36.4-1 seems to have corrected the HIGH > SPAM being delivered situation, will be monitoring closely > for the next few hours and will probably downgrade my other > MailScanner installations. > > Regards > > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > Sent: Tuesday, January 04, 2005 08:21 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > Rules are set to store and delete. > Archive Mail in MailScanner.conf is empty > > More information: this behavior started as soon as I > upgraded, this does not seem to happen for all domains. > > Regards > > ________________________________________ > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: Tuesday, January 04, 2005 08:12 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > As far as lil' ol' me can tell the unique-ID thing shouldn't > have any bearing on this. > Do you archive mails? Perhaps to a mailbox? >   > -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > Sent: den 4 januari 2005 01:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > Since the upgrade i see strange behaviors, some mails marked > as High Spam are still delivered, here is an excerpt of my maillog: > > [root@gw-m log]# grep 6FD731C0008 maillog > Jan  3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: > client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id > 6FD731C0008??for lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from acs-inc.com (36.84.32.127) by > azn7-s607.rr.com  with Microsoft SMTPSVC(8.3.3049.5537);?? > Mon, 03 Jan 2005 16:13:26 -0200 from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from optonline.com  (comcast.net  > 241.136.137.254)??by optonline.net  (8.12.10/8.12.9) with > ESMTP id pir7B117??for ; Mon, 03 Jan 2005 > 22:14:26 +0400 (ES from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from X99861626404 > (modemcable6.559-26.cpe.abbeypress.com > 186.145.54.36)??(authenticated bits=0)??by optonline.com  > (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > Jan  3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> > Jan  3 13:15:05 gw-m MailScanner[31923]: Message > 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) > to domain.com is spam, SpamAssassin (score=37.036, required > 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC > 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, > HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, > HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, > MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, > MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK > 3.45, X_MESSAGE_INFO 4.24) > Jan  3 13:15:05 gw-m MailScanner[31923]: Spam Actions: > message 6FD731C0008.642D2 actions are store,delete > Jan  3 13:15:05 gw-m MailScanner[31923]: Requeue: > 6FD731C0008.642D2 to B91C41C0006 > Jan  3 13:15:06 gw-m MailScanner[31923]: Logging message > 6FD731C0008.642D2 to SQL > > This seems to be a "new" behavior, maybe inline with the > change to "Archive Mail" and unique message-ids ?!? > > If you need more information, please let me know. > > Regards > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 09:50:48 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Not until next week, sorry. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: den 5 januari 2005 10:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > Can anyone else reproduce this problem for me please? > I have tried to make it do it, and I can't reproduce it. It works fine > on my test systems. > > Mailing List wrote: > > >Downgrading back to 4.36.4-1 seems to have corrected the > HIGH SPAM being delivered situation, will be monitoring > closely for the next few hours and will probably downgrade my > other MailScanner installations. > > > >Regards > > > >-----Original Message----- > >From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > >Sent: Tuesday, January 04, 2005 08:21 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > >Rules are set to store and delete. > >Archive Mail in MailScanner.conf is empty > > > >More information: this behavior started as soon as I > upgraded, this does not seem to happen for all domains. > > > >Regards > > > >________________________________________ > >From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > >Sent: Tuesday, January 04, 2005 08:12 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > > > >As far as lil' ol' me can tell the unique-ID thing shouldn't > have any bearing on this. > >Do you archive mails? Perhaps to a mailbox? > > > >-- Glenn > >-----Original Message----- > >From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List > >Sent: den 4 januari 2005 01:51 > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Since the upgrade i see strange behaviors, some mails marked > as High Spam are still delivered, here is an excerpt of my maillog: > > > >[root@gw-m log]# grep 6FD731C0008 maillog > >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: > client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net > [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id > 6FD731C0008??for lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from acs-inc.com (36.84.32.127) by > azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? > Mon, 03 Jan 2005 16:13:26 -0200 from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from optonline.com (comcast.net > 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with > ESMTP id pir7B117??for ; Mon, 03 Jan 2005 > 22:14:26 +0400 (ES from > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > hold: header Received: from X99861626404 > (modemcable6.559-26.cpe.abbeypress.com > 186.145.54.36)??(authenticated bits=0)??by optonline.com > (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for > lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; > from= to= proto=SMTP > helo= > >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: > message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> > >Jan 3 13:15:05 gw-m MailScanner[31923]: Message > 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) > to domain.com is spam, SpamAssassin (score=37.036, required > 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, > DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC > 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, > HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, > HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, > MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, > MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK > 3.45, X_MESSAGE_INFO 4.24) > >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: > message 6FD731C0008.642D2 actions are store,delete > >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: > 6FD731C0008.642D2 to B91C41C0006 > >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message > 6FD731C0008.642D2 to SQL > > > >This seems to be a "new" behavior, maybe inline with the > change to "Archive Mail" and unique message-ids ?!? > > > >If you need more information, please let me know. > > > >Regards > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 5 10:08:09 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Hi! > Can anyone else reproduce this problem for me please? > I have tried to make it do it, and I can't reproduce it. It works fine > on my test systems. >> Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being >> delivered situation, will be monitoring closely for the next few hours and >> will probably downgrade my other MailScanner installations. Works fine here also, strange. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Wed Jan 5 12:25:39 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:28:06 2006 Subject: Why do I keep getting .spamassassin/ .pyzor/ .razor/ in my / Message-ID: Thanks! That solved the issue. Haven't got a clue however why I did not run into this problem earlier or on other boxes I installed. I checked the HOME setting for cron in /etc/passwd but not the HOME setting in /etc/crontab On Tue, 4 Jan 2005, Koen Teugels wrote: > on RH you have to change in the /etc/crontab HOME to /root if you run > the updates in cron.. Maybe on other linux dist. is it the same. > > Koen > > Remco Barendse wrote: > >> Could it be one of the perl modules that is outdated? >> >> I do remember seeing something similar on the list. >> >> Cheers! >> Remco >> >> On Sun, 2 Jan 2005, Remco Barendse wrote: >> >>> This is from /etc/passwd >>> root:x:0:0:root:/root:/bin/bash >>> cron:x:16:16:cron:/var/spool/cron:/bin/false >>> >>> Guess that's not it, nor the root of the cron user? >>> >>> I have this behaviour on a gentoo box and on a RHEL box. >>> >>> >>> >>> On Sun, 2 Jan 2005, Julian Field wrote: >>> >>>> Yes, but where is the home dir of the root user, according to >>>> /etc/passwd? >>>> >>>> Remco Barendse wrote: >>>> >>>>> Hi list! >>>>> >>>>> I keep finding directories for .spamassassin/ .pyzor/ .razor/ in >>>>> the >>>>> root >>>>> of my filesystem. >>>>> >>>>> When I delete them, they keep coming back. Shouldn't they be in the >>>>> homedir of the root user? >>>> >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Wed Jan 5 12:57:43 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Hi Julian, How can I help you, in isolating and resolving this issue? Thanks Guy -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 05, 2005 04:49 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Can anyone else reproduce this problem for me please? I have tried to make it do it, and I can't reproduce it. It works fine on my test systems. Mailing List wrote: >Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. > >Regards > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: Tuesday, January 04, 2005 08:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Rules are set to store and delete. >Archive Mail in MailScanner.conf is empty > >More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. > >Regards > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn >Sent: Tuesday, January 04, 2005 08:12 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. >Do you archive mails? Perhaps to a mailbox? > >-- Glenn >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: den 4 januari 2005 01:51 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: > >[root@gw-m log]# grep 6FD731C0008 maillog >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> >Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL > >This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? > >If you need more information, please let me know. > >Regards >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ml at NETGROUPES.CA Wed Jan 5 13:31:47 2005 From: ml at NETGROUPES.CA (Mailing List) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: Running on Linux server.mydomain.com 2.4.21-27.0.1.ELsmp #1 SMP Fri Dec 24 13:30:32 EST 2004 i686 i686 i386 GNU/Linux This is White Box Enterprise Linux release 3.0 (Liberation Respin 1) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.44 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.00 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000001 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.19 URI -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List Sent: Wednesday, January 05, 2005 07:58 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Hi Julian, How can I help you, in isolating and resolving this issue? Thanks Guy -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, January 05, 2005 04:49 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Can anyone else reproduce this problem for me please? I have tried to make it do it, and I can't reproduce it. It works fine on my test systems. Mailing List wrote: >Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM being delivered situation, will be monitoring closely for the next few hours and will probably downgrade my other MailScanner installations. > >Regards > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: Tuesday, January 04, 2005 08:21 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Rules are set to store and delete. >Archive Mail in MailScanner.conf is empty > >More information: this behavior started as soon as I upgraded, this does not seem to happen for all domains. > >Regards > >________________________________________ >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn >Sent: Tuesday, January 04, 2005 08:12 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >As far as lil' ol' me can tell the unique-ID thing shouldn't have any bearing on this. >Do you archive mails? Perhaps to a mailbox? > >-- Glenn >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mailing List >Sent: den 4 januari 2005 01:51 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >Since the upgrade i see strange behaviors, some mails marked as High Spam are still delivered, here is an excerpt of my maillog: > >[root@gw-m log]# grep 6FD731C0008 maillog >Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net (lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from optonline.com (comcast.net 241.136.137.254)??by optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for ; Mon, 03 Jan 2005 22:14:26 +0400 (ES from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; from= to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com 186.145.54.36)??(authenticated bits=0)??by optonline.com (8.12.10/8.12.9) with ESMTP id yjl92H690j386??for to= proto=SMTP helo= >Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> >Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from 82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin (score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI 2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) >Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message 6FD731C0008.642D2 actions are store,delete >Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to B91C41C0006 >Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message 6FD731C0008.642D2 to SQL > >This seems to be a "new" behavior, maybe inline with the change to "Archive Mail" and unique message-ids ?!? > >If you need more information, please let me know. > >Regards >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 13:49:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would need root ssh access, and would have to be able to shut down mail services there for a time, while I try to debug what is going wrong. Is this a production system? Mailing List wrote: >Hi Julian, > > How can I help you, in isolating and resolving this issue? > >Thanks >Guy > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Wednesday, January 05, 2005 04:49 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL > >Can anyone else reproduce this problem for me please? >I have tried to make it do it, and I can't reproduce it. It works fine >on my test systems. > >Mailing List wrote: > > > >>Downgrading back to 4.36.4-1 seems to have corrected the HIGH SPAM >> >> >being delivered situation, will be monitoring closely for the next few >hours and will probably downgrade my other MailScanner installations. > > >>Regards >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >Behalf Of Mailing List > > >>Sent: Tuesday, January 04, 2005 08:21 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >> >>Rules are set to store and delete. >>Archive Mail in MailScanner.conf is empty >> >>More information: this behavior started as soon as I upgraded, this >> >> >does not seem to happen for all domains. > > >>Regards >> >>________________________________________ >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >Behalf Of Steen, Glenn > > >>Sent: Tuesday, January 04, 2005 08:12 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >> >>As far as lil' ol' me can tell the unique-ID thing shouldn't have any >> >> >bearing on this. > > >>Do you archive mails? Perhaps to a mailbox? >> >>-- Glenn >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >Behalf Of Mailing List > > >>Sent: den 4 januari 2005 01:51 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: MailScanner 4.37.7-1 and Postfix 2.1.5 on WBEL >>Since the upgrade i see strange behaviors, some mails marked as High >> >> >Spam are still delivered, here is an excerpt of my maillog: > > >>[root@gw-m log]# grep 6FD731C0008 maillog >>Jan 3 13:14:35 gw-m postfix/smtpd[2051]: 6FD731C0008: >> >> >client=lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15] > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from lns-vlq-48-mar-82-251-10-15.adsl.proxad.net >(lns-vlq-48-mar-82-251-10-15.adsl.proxad.net [82.251.10.15])??by >gw-m.netgroupes.ca (Postfix) with SMTP id 6FD731C0008??for >lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from acs-inc.com (36.84.32.127) by azn7-s607.rr.com with >Microsoft SMTPSVC(8.3.3049.5537);?? Mon, 03 Jan 2005 16:13:26 -0200 from >lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from optonline.com (comcast.net 241.136.137.254)??by >optonline.net (8.12.10/8.12.9) with ESMTP id pir7B117??for >; Mon, 03 Jan 2005 22:14:26 +0400 (ES from >lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: hold: header >> >> >Received: from X99861626404 (modemcable6.559-26.cpe.abbeypress.com >186.145.54.36)??(authenticated bits=0)??by optonline.com >(8.12.10/8.12.9) with ESMTP id yjl92H690j386??for lns-vlq-48-mar-82-251-10-15.adsl.proxad.net[82.251.10.15]; >from= to= proto=SMTP >helo= > > >>Jan 3 13:14:38 gw-m postfix/cleanup[32006]: 6FD731C0008: >> >> >message-id=<68908gpe61joj449$p584q0b802$20d60on18@HYW57645905229> > > >>Jan 3 13:15:05 gw-m MailScanner[31923]: Message 6FD731C0008.642D2 from >> >> >82.251.10.15 (jetqchn@optonline.com) to domain.com is spam, SpamAssassin >(score=37.036, required 6, autolearn=spam, BAYES_99 1.89, DCC_CHECK >2.17, DIGEST_MULTIPLE 0.10, DOMAIN_RATIO 3.18, HELO_DYNAMIC_HCC 3.74, >HELO_DYNAMIC_IPADDR 4.40, HTML_90_100 0.02, HTML_IMAGE_ONLY_04 3.30, >HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.14, INVALID_TZ_EST 3.58, >MIME_BOUND_DD_DIGITS 4.14, MIME_HTML_ONLY 0.18, MIME_HTML_ONLY_MULTI >2.44, MPART_ALT_DIFF 0.07, PYZOR_CHECK 3.45, X_MESSAGE_INFO 4.24) > > >>Jan 3 13:15:05 gw-m MailScanner[31923]: Spam Actions: message >> >> >6FD731C0008.642D2 actions are store,delete > > >>Jan 3 13:15:05 gw-m MailScanner[31923]: Requeue: 6FD731C0008.642D2 to >> >> >B91C41C0006 > > >>Jan 3 13:15:06 gw-m MailScanner[31923]: Logging message >> >> >6FD731C0008.642D2 to SQL > > >>This seems to be a "new" behavior, maybe inline with the change to >> >> >"Archive Mail" and unique message-ids ?!? > > >>If you need more information, please let me know. >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ivessm at softecusa.com Wed Jan 5 14:10:19 2005 From: ivessm at softecusa.com (Stewart M. Ives) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian, I'm no expert on sendmail but this might work for you. In the sendmail.mc file I have put the following: dnl # The following will route all mis-addressed mail to xxxxbad dnl # account and NOT return a user unknown msg. Started 20041024 define(`LUSER_RELAY',`local:xxxxbad') So far it has worked and routed all such mail to the account "xxxxbad". Don't foget to create such an account. Name it what ever you like. I go into this account every once in a while and delete all the mail out of it. Don't forget to regen your sendmail.cf file after you change the .mc file. Hope this helps. stew ---------- Original Message ----------- From: Brian Lewis To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 5 Jan 2005 06:46:33 +0000 Subject: Stop Sendmail from bouncing unknown user? > I would like to configure Sendmail outgoing to not generate a 'bounce > reply' if the target user is 'unknown or invalid'. Basically if Sendmail > Outgoing is unable to deliver it then it should keep attempting to > deliver, but if its told by the receiving server the user doesn't exist > then I don't want it to reply back to the spammer that it doesn't > exist, instead it should just discard the email. Anyone know if > Sendmail can be configured in this way? Sick of seeing the server > attempt to delivery thousands of invalid or unknown user replies > usually to invalid FROM addresses. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Wed Jan 5 16:23:44 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James Stevens) Date: Thu Jan 12 21:28:06 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If I can get exchange to accept mail for both names I will be set. I.e. Domain.com and sub.domain.com can you point me to the multiple places to configure this? I must have missed something . -----Original Message----- From: "Vlad Mazek" Sent: 1/4/05 7:35:10 PM To: "MAILSCANNER@JISCMAIL.AC.UK" Subject: Re: Why oh Why!! Try reading up on Recipient Update Policies in Exchange 2003. If the new SMTP address is not in the profile's listing then Exchange will reject the mail with the error that you mentioned. Exchange needs to know that it is responsible for another domain name or it will consider it a relay and consequently dump the connection. On the Exchange 2003 box: Start > All Programs > Exchange 2003 > System Manager Inside system manager: Recipients > Recipient Policies > Default Policy (right click to get properties) Add the new domain under Email Addresses (Policy) and enable it to add the new domain to Exchange. -Vlad Errol Uriel Neal Jr. wrote: >Is this an upgrade from exchange 2000 to 2003 as well? > >Errol >-----Original Message----- >From: "James R. Stevens" >Date: Tue, 4 Jan 2005 15:59:33 >To:MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Why oh Why!! > >Absolutely, > >We are ugrading from WIN 2000 DomaintoWin 2003 this is not a big deal >execpt The name of the domain needs changing. > >Trusts are enabled migrations have been tested. I just need to make the >second(Future domain name)accepted the forwarded mail from the old >Domain controller/Exchane server. > >All is great but the new 2003 DC/Echane server will not accept the >orwarded mail. > >Getting: no valid recipiets and unable to relay will >talking to > >Is something I'm missing on the new config. > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 16:29:27 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Unfortunately I believe this feature is for incoming email. I need it to not generate a reply back to the sender when it attempts to deliver a queue item to another server that says the user is unknown or doesn't exist. I run a few mailscanners for a bunch of domains, the scanners then use a table in sendmail to redirect all clean domain email to the correct mail server for that domain. Unfortunately this means the server accepts all email for a particular domain name no matter what, and if it scores low enough to not be deleted it is sent to the real mailserver handling that domain email, which in turn refuses the email message, causing the scanner to have to generate and attempt to send an undeliverable email to the sender. I'd like to stop that behavior ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 16:35:25 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:06 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Stevens wrote: >If I can get exchange to accept mail for both names I will be set. I.e. Domain.com and sub.domain.com > >can you point me to the multiple places to configure this? I must have missed something . > > On the Exchange 2003 box: > Start > All Programs > Exchange 2003 > System Manager > > Inside system manager: > Recipients > Recipient Policies > Default Policy (right click to get > properties) > > Add the new domain under Email Addresses (Policy) and enable it to add > the new domain to Exchange. > > Did you try that? It is the only place in Exchange where domains are configurable for the SMTP policy and if you can't find those you're probably not on the right system, don't have sufficient priviledges, etc. SMTP Addresses (per-user) are configurable in user account properties. Start > All Programs > Administrative Tools > Active Directory Users & Computers > Expand default domain, users container, right click on the user and select properties... SMTP stuff is defined on the Email Addresses tab -- you need to create an SMTP address. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 16:40:24 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you ever figure that one out I'd love to know. Currently we do LDAP sync's between remote domains and our sendmail's access file to only accept legitimate addresses and reject all others. For example in your access you can put: To:vlad@mazek.com RELAY .... insert all other valid email addresses here To:mazek.com 550 ExchangeDefender does not allow SPAM. -Vlad Brian Lewis wrote: >Unfortunately I believe this feature is for incoming email. I need it to >not generate a reply back to the sender when it attempts to deliver a >queue item to another server that says the user is unknown or doesn't >exist. > >I run a few mailscanners for a bunch of domains, the scanners then use a >table in sendmail to redirect all clean domain email to the correct mail >server for that domain. Unfortunately this means the server accepts all >email for a particular domain name no matter what, and if it scores low >enough to not be deleted it is sent to the real mailserver handling that >domain email, which in turn refuses the email message, causing the scanner >to have to generate and attempt to send an undeliverable email to the >sender. I'd like to stop that behavior > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KShortt at AZERTY.COM Wed Jan 5 16:44:54 2005 From: KShortt at AZERTY.COM (Shortt, Kevin) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Two options that I know of... 1. I had the same problem and I ended up syncing up my virtualuser table to all servers and routing all email via usertables (not SMARTHOST). If the user does not exist, it will repy with "no such user" immediately. This is done in the virtualusertable with an entry like so.. @domain.com error:nouser No such user This stops all inbound connections to an invalid user during the SMTP connection. No NDR is generated. I have nice clean mailq's. 2. implement milter's and use milter-ahead http://www.milter.info/milter-ahead/index.shtml -k ----Original Message---- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brian Lewis Sent: Wednesday, January 05, 2005 11:29 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Stop Sendmail from bouncing unknown user? > Unfortunately I believe this feature is for incoming email. I need > it to > not generate a reply back to the sender when it attempts to deliver a > queue item to another server that says the user is unknown or doesn't > exist. > > I run a few mailscanners for a bunch of domains, the scanners then > use a > table in sendmail to redirect all clean domain email to the correct > mail > server for that domain. Unfortunately this means the server accepts > all > email for a particular domain name no matter what, and if it scores > low > enough to not be deleted it is sent to the real mailserver handling > that > domain email, which in turn refuses the email message, causing the > scanner > to have to generate and attempt to send an undeliverable email to the > sender. I'd like to stop that behavior > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 5 17:14:28 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:06 2006 Subject: Update-Questions... Message-ID: Hi there, just updated to the latest MS-Version.. now it said something about installing the bitdefender-update-script as bitdefender-autoupdate.rpmnew.. now my question..should i use this one.. or the old one? Thanks in advance.. btw.. it seems as an update to the latest spamassassin-version now works fine.. but will check that for about one day or so ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 17:09:38 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: Max Children = 10 Yes I count 15 copies of Mailscanner running!! ps -aux root 23359 0.0 1.1 23500 5904 ? S Jan04 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 32081 1.6 6.5 43332 33584 ? S 08:57 0:05 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 32321 3.0 6.5 43168 33312 ? S 08:58 0:09 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 321 2.8 6.5 43188 33440 ? S 09:00 0:05 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 447 9.6 6.5 43184 33432 ? S 09:00 0:15 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 991 2.9 6.1 42656 31544 ? S 09:02 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1038 3.5 6.1 42652 31532 ? S 09:03 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1089 5.2 6.1 42660 31528 ? S 09:03 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1126 8.7 6.2 42652 31580 ? S 09:03 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1531 0.0 6.0 42264 30904 ? S 09:04 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1645 0.0 6.0 42264 30900 ? S 09:05 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1989 0.0 6.5 44668 33112 ? D 09:06 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1995 0.0 6.3 43464 32232 ? S 09:06 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 1998 0.0 6.3 43196 32168 ? S 09:06 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan root 2004 0.0 6.3 43180 32176 ? S 09:07 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScan What gives? Is this because the mail queue might have grown larger than the 'Max Normal Queue Size = 800' value? I am seeing this behavior quite often. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 5 17:18:25 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: Hi there, [...] > Max Children = 10 > > Yes I count 15 copies of Mailscanner running!! encountered this problem before.. but only with a version of spamassassin over 3.0.x.. Downgrading to the old 2.64-Version of Spamassassin worked fine.. today i updated to SA3.0.2 and had into the MS-Conf Max Children = 2 and encountered with ps -au | grep Mail 3 instances..but this seems to be ok.. as after MailScanner stop all this processes where gone.. maybe you should downgrade to SA2.64 or try the latest release of SA. Greetings Marcel PS: Posted this question also on this ml..but no answer.. :( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 17:18:18 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Milter looks like a great solution! Not sure about the additional smtp traffic though for the mail servers. Would be nice just to tell Sendmail not to generate a reply if undeliverable! hmmm.... Currently I have created a new mailwatch php script that produces a list for the day of the top 150 servers that spam us, we take that report each day and I put it in Excel as a huge long list, show the ip and the # of spam message sent as well as the date the spam was sent, when I sort by the IP column after 5 days it becomes really clear who the 'repeat' spammers are! So far I blacklist 211 spam servers or spam networks that repeatedly hammer our systems with spam using /etc/mail/access and it gives them a 5.1.1:550 User Unknown error back :) Hopefully they clean their 'lists' up when they think the user doesn't exist anymore. It does stop probably 20,000 spam a day from ever reaching us in the first place which helps a bit. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Wed Jan 5 17:32:02 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: Hi there, how about some account cathing all other mails for one domain, if all other users fail? inserted into the virtuser-table *@domain.tld after all other users are inserted.. and put all mails for this mail-account into another generated account.. so all other mails, on which there are no users known for, would land into this account.. at least..that how it works on my system.. search for "Catch all with sendmail" or something like that greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Wed Jan 5 17:26:45 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 5 17:32:02 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] With the milter the extra traffic would be negligible because it only does a lookup, not the actual message transfer; Its still a bit of an overkill and a waste of time to do these lookups if you already know who you're protecting. There are a lot more efficient ways than what you're doing.. google for Vispan unless you can write your own custom rate limiting code and drop them before they can cause actual damage. 72% (overall) of address book attacks on us come from hosts with no reverse DNS entry while most spam comes from open relay and proxy systems on major us/japan/german ISP's.. -Vlad Brian Lewis wrote: >Milter looks like a great solution! Not sure about the additional smtp >traffic though for the mail servers. > >Would be nice just to tell Sendmail not to generate a reply if >undeliverable! hmmm.... > >Currently I have created a new mailwatch php script that produces a list >for the day of the top 150 servers that spam us, we take that report each >day and I put it in Excel as a huge long list, show the ip and the # of >spam message sent as well as the date the spam was sent, when I sort by >the IP column after 5 days it becomes really clear who the 'repeat' >spammers are! So far I blacklist 211 spam servers or spam networks that >repeatedly hammer our systems with spam using /etc/mail/access and it >gives them a 5.1.1:550 User Unknown error back :) Hopefully they clean >their 'lists' up when they think the user doesn't exist anymore. It does >stop probably 20,000 spam a day from ever reaching us in the first place >which helps a bit. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 17:36:32 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: Yes this only happens on the SA 3.0.2 server, the 2.6.4 servers are just fine! But the 3.0.2 server is more likely to backup at times, causing the queue to get large, and so I am wondering if its in MailScanners nature to go 5 higher than max when the queue size is large? Or if this is just a mailscanner bug. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 18:10:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Lewis wrote: >Yes this only happens on the SA 3.0.2 server, the 2.6.4 servers are just >fine! But the 3.0.2 server is more likely to backup at times, causing the >queue to get large, and so I am wondering if its in MailScanners nature to >go 5 higher than max when the queue size is large? Or if this is just a >mailscanner bug. > > Neither. SpamAssassin forks off sub-processes to do things like razor checks, dns checks wrapped in timeout code, all sorts of reasons. MailScanner itself does the same thing all the time to provide timeout protection. All you are seeing is the consistent child processes + all the subprocesses they fork off temporarily as part of their normal operation. This is all entirely intentional and is very necessary. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KShortt at AZERTY.COM Wed Jan 5 18:13:00 2005 From: KShortt at AZERTY.COM (Shortt, Kevin) Date: Thu Jan 12 21:28:06 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: > search for "Catch all with sendmail" or something like that Put this in your sendmail.mc and rebuild sendmail.cf Be sure to have "unixuser" created on your local unix OS. define(`LUSER_RELAY', `local:unixuser')dnl I used this approach, but you still spend resources scanning and delivering this mail. It can be costly on a system that get's bombarded with spam. -k ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 18:12:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: Update-Questions... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The fact that it installed the new one as .rpmnew indicates that you (accidentally or intentionally) edited the original one. You should use the new one. Marcel Blenkers wrote: >Hi there, > >just updated to the latest MS-Version.. > >now it said something about installing the bitdefender-update-script as >bitdefender-autoupdate.rpmnew.. > >now my question..should i use this one.. > >or the old one? > >Thanks in advance.. > >btw.. > >it seems as an update to the latest spamassassin-version now works fine.. > >but will check that for about one day or so ;) > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Jan 5 18:16:43 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:06 2006 Subject: Mailscanner children exceed Max Children setting? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Lewis wrote: > Max Children = 10 > > Yes I count 15 copies of Mailscanner running!! > ps -aux Do you always have 15 with the same PID numbers? I don't see anything unnormal to have a few more MailScanner processes and they aren't really children either. Look here: # ps -ef | grep Mail UID PID PPID C STIME TTY TIME CMD root 13956 1 0 Nov 17 ? 0:03 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 5620 13956 0 17:15:09 ? 0:20 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 3826 13956 0 17:06:09 ? 0:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 10387 13956 0 17:47:06 ? 0:16 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 4403 13956 0 17:09:30 ? 0:25 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 5130 13956 1 17:13:11 ? 0:28 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 19577 5130 0 19:09:52 ? 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail I have 5 children set in MailScanner.conf. Process 13956 (spawned by init) is the parent, then there's 5 children spawned by 13956 (5620, 3826, 10387, 4403 and 5130). Last is 19577 which is spawned by 5130 to do some job, it will go away as soon as it finishes. You could very well have 10 real children, 1 parent and 4 temporary processes which amount to the 15 you see. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From greg at BLASTZONE.COM Wed Jan 5 18:44:18 2005 From: greg at BLASTZONE.COM (Greg Deputy) Date: Thu Jan 12 21:28:06 2006 Subject: OT: what POP server code do you use? Message-ID: Another vote for dovecot. Great product. I've only been using linux and mailscanner for a few months now, was able to get dovecot up and running with a minimun of pain. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Avery Day > Sent: Tuesday, January 04, 2005 9:57 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: what POP server code do you use? > > > I second dovecot. I have been using it with Maildir for a > year now. Easy, real easy to get working. Its IMAP functions > are really nice too. > > Schrock > > > Take a look at Dovecot. Development on it is very active > and its very > > flexible. > > > > -Vlad > > > >>> > >>> We have been using Qualcomm's qpopper here for ages. I'm > trying to > >>> get TLS/SSL working with it and the documentation is > weak. I'm just > >>> wondering what others use for open-source POP servers out there. > >>> Suggestions for good secure documented code, please... > >> > >> > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------------------------------------- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > > ------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' > in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Wed Jan 5 19:04:03 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:06 2006 Subject: Mailwatch question Message-ID: I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ..pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné ŕ la personne ou aux personnes ŕ qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'ętes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chardlist at CHARD.NET Wed Jan 5 20:50:19 2005 From: chardlist at CHARD.NET (Brendan Chard) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: I have a client that has to begin archiving all of their inbound and outbound e-mail with a 3rd party archiving company to be compliant with certain regulations for their industry. I already have MS up and running. Is there a way, using mailscanner and it's fancy rules that I can automatically route a copy of every inbound and outbound e-mail to another e-mail address? Any tips on how are of course appreciated. -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 5 20:55:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Non Spam Actions = deliver forward archive@this.address.com Spam Actions = deliver forward archive@this.address.com High Scoring Spam Actions = deliver forward archive@this.address.com Brendan Chard wrote: >I have a client that has to begin archiving all of their inbound and >outbound e-mail with a 3rd party archiving company to be compliant with >certain regulations for their industry. > >I already have MS up and running. Is there a way, using mailscanner and it's >fancy rules that I can automatically route a copy of every inbound and >outbound e-mail to another e-mail address? > >Any tips on how are of course appreciated. > >-Brendan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Wed Jan 5 21:03:48 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Or you could use the archive ruleset like this? From: *@company.com archive@this.address.com To: *@company.com archive@this.address.com I have experienced problems in the past with Spam and Non Spam Action entries in mailscanner.conf where messages are not treated as expected. Ryan Julian Field wrote: > Non Spam Actions = deliver forward archive@this.address.com > Spam Actions = deliver forward archive@this.address.com > High Scoring Spam Actions = deliver forward archive@this.address.com > > > Brendan Chard wrote: > >> I have a client that has to begin archiving all of their inbound and >> outbound e-mail with a 3rd party archiving company to be compliant with >> certain regulations for their industry. >> >> I already have MS up and running. Is there a way, using mailscanner >> and it's >> fancy rules that I can automatically route a copy of every inbound and >> outbound e-mail to another e-mail address? >> >> Any tips on how are of course appreciated. >> >> -Brendan >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Wed Jan 5 21:21:05 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am searching the archives now, but searching for mail and queue on an email server list .... lots of messages. Any one else have the problem where thousands ( 40,000 currently ) of messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I can do to push them through or troubleshoot? RedHat 9.0 Sendmail ClamAV 0.8 MailScanner 4.35.11 Thanks in advance, Carl Andrews ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jan 5 21:34:48 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:06 2006 Subject: Route copies of in/out bound e-mails Message-ID: Archive, as the comment before the option indicates, is to archive in "mbox" format. You could use: FromOrTo: *@company.com /home/whatever/companyarchive.mbox And then export that on a regular basis, lest your hard drive fill up. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ryan Pitt Sent: Wednesday, January 05, 2005 4:04 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Route copies of in/out bound e-mails Or you could use the archive ruleset like this? From: *@company.com archive@this.address.com To: *@company.com archive@this.address.com I have experienced problems in the past with Spam and Non Spam Action entries in mailscanner.conf where messages are not treated as expected. Ryan Julian Field wrote: > Non Spam Actions = deliver forward archive@this.address.com Spam > Actions = deliver forward archive@this.address.com High Scoring Spam > Actions = deliver forward archive@this.address.com > > > Brendan Chard wrote: > >> I have a client that has to begin archiving all of their inbound and >> outbound e-mail with a 3rd party archiving company to be compliant >> with certain regulations for their industry. >> >> I already have MS up and running. Is there a way, using mailscanner >> and it's fancy rules that I can automatically route a copy of every >> inbound and outbound e-mail to another e-mail address? >> >> Any tips on how are of course appreciated. >> >> -Brendan >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Wed Jan 5 21:56:43 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: Try bumping your MAX CHILDREN to 10 from 5 in mailscanner.conf then service MailScanner restart Then ps -aux and cancel the PID that is for sendmail incoming so that no new email can arrive Now tail -f /var/log/maillog or wherever you have it and watch to see if your system is scanning. You might have been hit hard with an smtp DoS attack of some sort, or your DNS server stopped working that you use in /etc/resolv.conf We had issues where we queried our upstream providers dns server so much that they would BLOCK any queries from our scanners! Nslookup wouldn't work from the scanners! So we setup a separate box running dnscache/rbldnsd and point our mailscanner servers to use that dedicated box for name resolution in /etc/resolv.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 5 22:10:01 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: Hi! > I am searching the archives now, but searching for mail and queue on an > email server list .... lots of messages. > > Any one else have the problem where thousands ( 40,000 currently ) of > messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I can > do to push them through or troubleshoot? > > RedHat 9.0 > Sendmail > ClamAV 0.8 > MailScanner 4.35.11 What are you seeing? It might be wise to upgrade to the last stabil version. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Jan 5 22:34:51 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: On Wed, 5 Jan 2005, Andrews Carl 448 wrote: > I am searching the archives now, but searching for mail and queue on an > email server list .... lots of messages. > > Any one else have the problem where thousands ( 40,000 currently ) of > messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I can > do to push them through or troubleshoot? I have one running 4.36.4 that is up to 72,000 in mqueue.in right now. I don't know what happened, it has been keeping up the last week or so. I did bump my 'max children' to 10 about a week ago and that helped it, but something has gone haywire today. I just shutdown inbound sendmail while I look at it. This box is 2 ghz pentium, 1 gb RAM, 80 gb hard drive. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Wed Jan 5 23:06:19 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Joe Smith > Sent: Wednesday, January 05, 2005 5:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Large number of messages in mqueue.in > > On Wed, 5 Jan 2005, Andrews Carl 448 wrote: > > > I am searching the archives now, but searching for mail and queue on an > > email server list .... lots of messages. > > > > Any one else have the problem where thousands ( 40,000 currently ) of > > messages are in /var/spool/MailScanner/mqueue.in ? Or any idea on what I > can > > do to push them through or troubleshoot? > > I have one running 4.36.4 that is up to 72,000 in mqueue.in right now. I > don't know what happened, it has been keeping up the last week or so. I > did bump my 'max children' to 10 about a week ago and that helped it, but > something has gone haywire today. I just shutdown inbound sendmail while > I look at it. > > This box is 2 ghz pentium, 1 gb RAM, 80 gb hard drive. > What happens when you: Stop MailScanner in MailScanner.conf set: Debug = yed Debug SpamAssassin = yes\ restart MailScanner This should process one batch of Messages with the log output redirected to the screen. Since both MailScanners went left about the same time I'd suspect a local infrastructure problem like slow network or DNS problem. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Wed Jan 5 23:10:41 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:06 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] As replied on theother list.... Red for blocked content, pink for spam (darker for High Scoring)... You'll note the difference:-). As I said, even a severely colorblind person like me have no problem with that:-). If you like to have reports on each type, you'll just have to select a relevant subset of limits. Again, it's pretty straightforward. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: on 2005-01-05 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Mailwatch question I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ..pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné ŕ la personne ou aux personnes ŕ qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'ętes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at gmail.com Wed Jan 5 23:46:34 2005 From: vachanta at gmail.com (Venkata Achanta) Date: Thu Jan 12 21:28:06 2006 Subject: OT - setting up mailertable Message-ID: Greeting all, we have multiple exchange servers at our site and i am trying to build some redundacy/fault tolerance into the system, i mean if one exchange goes down for some reason mail should be routed to the another available server and the only place i see it is using the mailertable. Linux box running MS is our favourite E-mail gateway thats by default ;-) /etc/mail/mailertable xyz.com esmtp:[1.1.1.1] xyz.com esmtp:[2.2.2.2] xyz.com esmtp:[3.3.3.3] xyz.com esmtp:[4.4.4.4] xyz.com esmtp:[5.5.5.5] but i am getting the following error makemap: /etc/mail/mailertable: line2: key xyz.com: duplicate key I googled around and found nothing useful regarding this,thought i could find some advice. Please advice Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Wed Jan 5 23:53:58 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:06 2006 Subject: Large number of messages in mqueue.in Message-ID: On Wed, 5 Jan 2005, Steve Swaney wrote: > This should process one batch of Messages with the log output redirected to > the screen. > > Since both MailScanners went left about the same time I'd suspect a local > infrastructure problem like slow network or DNS problem. Thanks, I did find one of our DNS servers on the fritz. I also did a little tweaking on the SA config so it doesn't look for DCC or Pyzor because they are not installed. We are just running Razor2. Also doing RBL's from SA because I want to score them. I have trimmed back some of the larger SA rulesets as well, we need to get the mail flowing. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From SJCJonker at SJC.NL Thu Jan 6 00:09:33 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:28:06 2006 Subject: OT - setting up mailertable Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Venkata, Venkata Achanta said the following on 06-Jan-05 0:46: > Greeting all, > > we have multiple exchange servers at our site and i am trying to build some > redundacy/fault tolerance into the system, i mean if one exchange goes down > > /etc/mail/mailertable > > xyz.com esmtp:[1.1.1.1] > xyz.com esmtp:[2.2.2.2] > xyz.com esmtp:[3.3.3.3] > xyz.com esmtp:[4.4.4.4] > xyz.com esmtp:[5.5.5.5] > Just a wild guess, and the top of my head, the [1.1.1.1] means don't lookup the MX for the record. What if you create and dns alias: smtp-final. pointing to 1.1.1.1, 2.2.2.2, 3.3.3.3 etc then put in mailertable xyz.com esmtp:[smtp-final.] Maybe that works? Styijn -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at dfi-intl.com Thu Jan 6 00:00:00 2005 From: eneal at dfi-intl.com (Errol Uriel Neal Jr.) Date: Thu Jan 12 21:28:07 2006 Subject: OT - setting up mailertable Message-ID: I'm not certain you are going to be able to do it like that. For a situation such as yours, IMHO, a dedicated load balancer or just making sure all your exchange servers have the same mx priority in your dns zonefile would be best. Errol -----Original Message----- From: Venkata Achanta Date: Wed, 5 Jan 2005 23:46:34 To:MAILSCANNER@JISCMAIL.AC.UK Subject: OT - setting up mailertable Greeting all, we have multiple exchange servers at our site and i am trying to build some redundacy/fault tolerance into the system, i mean if one exchange goes down for some reason mail should be routed to the another available server and the only place i see it is using the mailertable. Linux box running MS is our favourite E-mail gateway thats by default ;-) /etc/mail/mailertable xyz.com esmtp:[1.1.1.1] xyz.com esmtp:[2.2.2.2] xyz.com esmtp:[3.3.3.3] xyz.com esmtp:[4.4.4.4] xyz.com esmtp:[5.5.5.5] but i am getting the following error makemap: /etc/mail/mailertable: line2: key xyz.com: duplicate key I googled around and found nothing useful regarding this,thought i could find some advice. Please advice Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! __________________________________________ Errol Uriel Neal Jr. Network Administrator DFI International, Inc. 1717 Pennsylvania Ave NW, Suite 1300 Washington, DC 20006 Tel (202)452-6955 Fax (202)452-6910 eneal@dfi-intl.com www.dfi-intl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Jan 6 00:11:38 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:07 2006 Subject: LDAP and beyond ......possibly a new Mailscanner feature request Message-ID: We have successfully implemented "Making sendmail only accept mail to genuine Exchange users" in our environment,Thanks Kevin. http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html However i feel that we are not completely gaining advantage just by doing this. But the spammer is gaining knowledge of what the valid address list is just by doing a dictionary attack on the SMTP server i.e We are answering to the spammers questions and finally making him knowledgeble about the valid users,so that he can more effectively spam. Is there a way to stop giving out these messages back from sendmail/MTA side and also can we blacklist the spammers IP (just like what vispan does)? Can this functionality be included in the Mailscanner if the MTA cant do it i.e Instead of kicking back accept the message and track the ip/domain of the spammer and blacklist it for a timeframe. PERM_FAILURE: SMTP Error (state 10): 550 5.0.0 ...User unknown Any sugggestions/ideas ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu Jan 6 00:44:22 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:07 2006 Subject: LDAP and beyond ......possibly a new Mailscanner feature request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can hack Vispan (probably be faster to write your own snippet) to parse the maillog and look for a pattern of dictionary attacks coming from the same IP address (just scan for the maillog for the error code you are issuing "user unknown") . You _should not_ be giving out more than 3 failures a day to a server with no PTR record -- They should be immediately moved to a firewall rule and blocked from contacting the server completely. Not just because you want to keep the dictionary attacks off the server but because these "servers" are usually 0wn3d boxes that will launch random attacks on your network sooner or later. This is a bit beyond the scope of what MailScanner does as the content scanner; These kinds of plugins are best left for independant third-party utilities that you should customize for your environment. -Vlad Venkata Achanta wrote: >We have successfully implemented "Making sendmail only accept mail to >genuine Exchange users" in our environment,Thanks Kevin. > >http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html > >However i feel that we are not completely gaining advantage just by doing >this. > >But the spammer is gaining knowledge of what the valid address list is just >by doing a dictionary attack on the SMTP server i.e We are answering to the >spammers questions and finally making him knowledgeble about the valid >users,so that he can more effectively spam. > >Is there a way to stop giving out these messages back from sendmail/MTA >side and also can we blacklist the spammers IP (just like what vispan >does)? > >Can this functionality be included in the Mailscanner if the MTA cant do it >i.e Instead of kicking back accept the message and track the ip/domain of >the spammer and blacklist it for a timeframe. > >PERM_FAILURE: SMTP Error (state 10): 550 5.0.0 ...User >unknown > >Any sugggestions/ideas ? > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Stephane.Lentz at ANSF.ALCATEL.FR Thu Jan 6 01:02:24 2005 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:28:07 2006 Subject: OT - setting up mailertable Message-ID: On Wed, Jan 05, 2005 at 11:46:34PM +0000, Venkata Achanta wrote: > Greeting all, > > we have multiple exchange servers at our site and i am trying to build some > redundacy/fault tolerance into the system, i mean if one exchange goes down > for some reason mail should be routed to the another available server and > the only place i see it is using the mailertable. Linux box running MS is > our favourite E-mail gateway thats by default ;-) > > /etc/mail/mailertable > > xyz.com esmtp:[1.1.1.1] > xyz.com esmtp:[2.2.2.2] > xyz.com esmtp:[3.3.3.3] > xyz.com esmtp:[4.4.4.4] > xyz.com esmtp:[5.5.5.5] > > but i am getting the following error > makemap: /etc/mail/mailertable: line2: key xyz.com: duplicate key > > I googled around and found nothing useful regarding this,thought i could > find some advice. > Correct syntax is : xyz.com esmtp:[1.1.1.1]:[2.2.2.2]:[3.3.3.3]:[4.4.4.4]:[5.5.5.5] SL/ --- Stephane Lentz Alcatel ICT Services ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Thu Jan 6 06:15:18 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:28:07 2006 Subject: spam: Re: Mail Server problems Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Powerquest products are now owned by Symantec, including Partion Magic and DriveImage. The latest Ghost9 will restore images from All versions of Ghost (a new concept for them) as well as DriveImage images. The beauty of Ghost8 corporate is that you can fire up a ghostcast server on any windows workstation or server, boot your linux box from a bootable cd or floppy with the NDIS2 drivers for it's NIC and image the linux box to your ghostcast server, then put a big new drive in the linux box in place of the original, boot it back up off of your CD or floppy set and restore your image to it with the options of resizing the original partitions to whatever new sizes you like on the new larger drive. The process is very very fast over 100mbit. Or you can simply stick another drive on the box, boot from your CD or floppies and image the original drive to the new drive with the same options of resizing your partitions. Both ways work for me 100% of the time. For those of you running 3ware IDE raid, the array needs no dos drivers to work with ghost, a huge bonus. While this is not a free open source solution, it is IMHO an extremely viable, and rapid solution. SCSI dos drivers are available for many controllers as well and is an equally effective method as the IDE imaging. Any any event, a backup of the source drive is not necessary because data is only read from the source and never is the source drive written to. A typical Linux server ghost process will complete at the rate of around 500MB/min. 15GB of used storage = 30 minutes downtime for entire process. Perfect for a short maintenance window. Here is a link to their product features: http://www.symantec.com/region/reg_eu/product/ng_features.html Tracy ----- Original Message ----- From: "Ugo Bellavance" To: Sent: Tuesday, January 04, 2005 7:55 AM Subject: Re: spam: Re: Mail Server problems > Tracy Greggs wrote: > > Another great option IMHO is Norton Ghost. I use Corporate version 8, Works > > perfectly on every linux distro that I have used it on, including Fedora. > > Snag a big drive, ghost it over and change your partitions to the sizes you > > want and you are good to go. Ghost will image an ATA IDE drive at around > > 500mb/min in my experience. The downtime is very minimal. > > If you're talking commercial, my first tought is Partition Magic. Of > course, better make a backup before. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Oklahoma Network Consulting has scanned this > message for viruses and dangerous content with > MailScanner, and commercial virus scanners McAfee > and F-Prot and is believed to be clean. > --- -- Oklahoma Network Consulting has scanned this message for viruses and dangerous content with MailScanner, and commercial virus scanners McAfee and F-Prot and is believed to be clean. --- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From moacyrs at AKADNYX.COM.BR Thu Jan 6 11:50:12 2005 From: moacyrs at AKADNYX.COM.BR (Moacyr Leite da Silva) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Folks, I Received an email yesterday with the following lines, all headers are in the bottom of email. > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > Seens to me that some worm is trying to cheat MailScanner users, I dont have signature in my MailScanner configurations. Someone have this one also!? Thanks Moacyr Leite da Silva www.akadnyx.com.br ----- Original Message ----- From: To: Sent: Wednesday, January 05, 2005 2:48 AM Subject: {Filename?} Oh God it's > Warning: Esta mensagem continha anexos que foram removidos > Warning: (thats_hard.9727.scr). > Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores informaçőes. > > I was surprised, too! > Who_could_suspect_something_like_that? shityiiiii > > > > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); Wed, 5 Jan 2005 03:22:40 -0200 Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za [165.146.30.87]) by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 for ; Wed, 5 Jan 2005 03:16:08 -0200 From: slamm@netscape.com To: moacyrs@akadnyx.com.br Date: Wed, 05 Jan 2005 04:48:44 GMT Subject: {Filename?} Oh God it's Importance: Normal X-Priority: 3 (Normal) X-MSMail-Priority: Normal Message-ID: <72eea045191f.d880@netscape.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" Content-Transfer-Encoding: 7bit X-AKADNYX-MailScanner-Information: Please contact the ISP for more information X-AKADNYX-MailScanner: Found to be infected X-AKADNYX-MailScanner-SpamCheck: nĂŁo spam, SpamAssassin (escore=-1.395, requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) X-MailScanner-From: slamm@netscape.com Return-Path: slamm@netscape.com X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) FILETIME=[93CE0990:01C4F2E6] This is a multi-part message in MIME format. --===a2d635d06.48886b1bbe8731095 Warning: Esta mensagem continha anexos que foram removidos Warning: (thats_hard.9727.scr). Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores informaçőes. I was surprised, too! Who_could_suspect_something_like_that? shityiiiii *-*-* Mail_Scanner: No Virus *-*-* AKADNYX.COM- Anti_Virus Service *-*-* http://www.akadnyx.com.br --===a2d635d06.48886b1bbe8731095 Content-Type: text/plain; charset="us-ascii"; name="AKADNYX-Attachment-Warning.txt" Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" Content-Transfer-Encoding: quoted-printable Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus ---------------------------------------------------------------------- O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de a= rquivo, e foi substitu=EDdo por esta mensagem de aviso no e-mail. Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique armazenada. Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: Windows Screensavers are often used to hide viruses (thats_hard.9727.scr) No programs allowed (thats_hard.9727.scr) --=20 Postmaster --===a2d635d06.48886b1bbe8731095-- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 6 12:04:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There was a worm that came out about 2 years ago which did something similar, hence the 'company' name being added the the headers to make this a little more unique. BUT personally I never trust the headers and not virus scan base on that info. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Moacyr Leite da Silva wrote: > Hi Folks, > > I Received an email yesterday with the following lines, all headers are in > the bottom of email. > > >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > Seens to me that some worm is trying to cheat MailScanner users, I dont have > signature in my MailScanner configurations. > Someone have this one also!? > > > Thanks > Moacyr Leite da Silva > www.akadnyx.com.br > > > > > ----- Original Message ----- > From: > To: > Sent: Wednesday, January 05, 2005 2:48 AM > Subject: {Filename?} Oh God it's > > > >>Warning: Esta mensagem continha anexos que foram removidos >>Warning: (thats_hard.9727.scr). >>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > > informaçőes. > >>I was surprised, too! >>Who_could_suspect_something_like_that? shityiiiii >> >> >> >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > > Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by > w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 5 Jan 2005 03:22:40 -0200 > Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za > [165.146.30.87]) > by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 > for ; Wed, 5 Jan 2005 03:16:08 -0200 > From: slamm@netscape.com > To: moacyrs@akadnyx.com.br > Date: Wed, 05 Jan 2005 04:48:44 GMT > Subject: {Filename?} Oh God it's > Importance: Normal > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Message-ID: <72eea045191f.d880@netscape.com> > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" > Content-Transfer-Encoding: 7bit > X-AKADNYX-MailScanner-Information: Please contact the ISP for more > information > X-AKADNYX-MailScanner: Found to be infected > X-AKADNYX-MailScanner-SpamCheck: nĂŁo spam, SpamAssassin (escore=-1.395, > requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, > PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) > X-MailScanner-From: slamm@netscape.com > Return-Path: slamm@netscape.com > X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) > FILETIME=[93CE0990:01C4F2E6] > > This is a multi-part message in MIME format. > > --===a2d635d06.48886b1bbe8731095 > > Warning: Esta mensagem continha anexos que foram removidos > Warning: (thats_hard.9727.scr). > Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > informaçőes. > > I was surprised, too! > Who_could_suspect_something_like_that? shityiiiii > > > > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > > --===a2d635d06.48886b1bbe8731095 > Content-Type: text/plain; > charset="us-ascii"; > name="AKADNYX-Attachment-Warning.txt" > Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" > Content-Transfer-Encoding: quoted-printable > > Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus > ---------------------------------------------------------------------- > O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de a= > rquivo, > e foi substitu=EDdo por esta mensagem de aviso no e-mail. > > Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique > armazenada. > > Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: > Windows Screensavers are often used to hide viruses (thats_hard.9727.scr) > No programs allowed (thats_hard.9727.scr) > > --=20 > Postmaster > > --===a2d635d06.48886b1bbe8731095-- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Stephane.Lentz at ANSF.ALCATEL.FR Thu Jan 6 12:18:16 2005 From: Stephane.Lentz at ANSF.ALCATEL.FR (Stephane Lentz) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: On Thu, Jan 06, 2005 at 09:50:12AM -0200, Moacyr Leite da Silva wrote: > Hi Folks, > > I Received an email yesterday with the following lines, all headers are in > the bottom of email. > > > *-*-* Mail_Scanner: No Virus > > *-*-* AKADNYX.COM- Anti_Virus Service > > *-*-* http://www.akadnyx.com.br > > > > Seens to me that some worm is trying to cheat MailScanner users, I dont have > signature in my MailScanner configurations. > Someone have this one also!? > > It's not directed specifically to Mailscanner users. The worm is Sober.I and it's from the past year ... http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoDirectly&fid=1975 http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html SL/ --- Stephane Lentz Alcatel ICT Services ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jan 6 12:19:18 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Moacyr Leite da Silva wrote: >> Seens to me that some worm is trying to cheat MailScanner users, I dont >> have >> signature in my MailScanner configurations. No the virus was removed. I'm not a Spanish (Or Brazillian!) speaker so I can't tell you what it says but I see a Mailscanner warning message in the headers. >> >> Warning: Esta mensagem continha anexos que foram removidos >> Warning: (thats_hard.9727.scr). >> Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >> informaçőes. >> >> I was surprised, too! >> Who_could_suspect_something_like_that? shityiiiii >> >> >> >> *-*-* Mail_Scanner: No Virus >> *-*-* AKADNYX.COM- Anti_Virus Service >> *-*-* http://www.akadnyx.com.br >> >> --===a2d635d06.48886b1bbe8731095 >> Content-Type: text/plain; >> charset="us-ascii"; >> name="AKADNYX-Attachment-Warning.txt" >> Content-Disposition: attachment; >> filename="AKADNYX-Attachment-Warning.txt" >> Content-Transfer-Encoding: quoted-printable >> >> Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus >> ---------------------------------------------------------------------- >> O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos >> de a> rquivo, >> e foi substitu=EDdo por esta mensagem de aviso no e-mail. >> >> Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique >> armazenada. >> >> Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: >> Windows Screensavers are often used to hide viruses >> (thats_hard.9727.scr) >> No programs allowed (thats_hard.9727.scr) >> >> --=20 >> Postmaster I agree that your AV seems not to have found a virus but MS has removed the attachment anyway. Perhaps the attachment was broken... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From moacyrs at AKADNYX.COM.BR Thu Jan 6 12:22:40 2005 From: moacyrs at AKADNYX.COM.BR (Moacyr Leite da Silva) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, I agree and I was only concerned that it is a kind of "Social Engineering", in this case filename rules blocked the offending file. Thanks Moacyr ----- Original Message ----- From: "Martin Hepworth" To: Sent: Thursday, January 06, 2005 10:04 AM Subject: Re: Some Worm is trying to cheat MailScanner users ?! There was a worm that came out about 2 years ago which did something similar, hence the 'company' name being added the the headers to make this a little more unique. BUT personally I never trust the headers and not virus scan base on that info. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Moacyr Leite da Silva wrote: > Hi Folks, > > I Received an email yesterday with the following lines, all headers are in > the bottom of email. > > >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > Seens to me that some worm is trying to cheat MailScanner users, I dont have > signature in my MailScanner configurations. > Someone have this one also!? > > > Thanks > Moacyr Leite da Silva > www.akadnyx.com.br > > > > > ----- Original Message ----- > From: > To: > Sent: Wednesday, January 05, 2005 2:48 AM > Subject: {Filename?} Oh God it's > > > >>Warning: Esta mensagem continha anexos que foram removidos >>Warning: (thats_hard.9727.scr). >>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > > informaçőes. > >>I was surprised, too! >>Who_could_suspect_something_like_that? shityiiiii >> >> >> >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> > > > > Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by > w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); > Wed, 5 Jan 2005 03:22:40 -0200 > Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za > [165.146.30.87]) > by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 > for ; Wed, 5 Jan 2005 03:16:08 -0200 > From: slamm@netscape.com > To: moacyrs@akadnyx.com.br > Date: Wed, 05 Jan 2005 04:48:44 GMT > Subject: {Filename?} Oh God it's > Importance: Normal > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Message-ID: <72eea045191f.d880@netscape.com> > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" > Content-Transfer-Encoding: 7bit > X-AKADNYX-MailScanner-Information: Please contact the ISP for more > information > X-AKADNYX-MailScanner: Found to be infected > X-AKADNYX-MailScanner-SpamCheck: nĂŁo spam, SpamAssassin (escore=-1.395, > requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, > PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) > X-MailScanner-From: slamm@netscape.com > Return-Path: slamm@netscape.com > X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) > FILETIME=[93CE0990:01C4F2E6] > > This is a multi-part message in MIME format. > > --===a2d635d06.48886b1bbe8731095 > > Warning: Esta mensagem continha anexos que foram removidos > Warning: (thats_hard.9727.scr). > Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores > informaçőes. > > I was surprised, too! > Who_could_suspect_something_like_that? shityiiiii > > > > *-*-* Mail_Scanner: No Virus > *-*-* AKADNYX.COM- Anti_Virus Service > *-*-* http://www.akadnyx.com.br > > --===a2d635d06.48886b1bbe8731095 > Content-Type: text/plain; > charset="us-ascii"; > name="AKADNYX-Attachment-Warning.txt" > Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" > Content-Transfer-Encoding: quoted-printable > > Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus > ---------------------------------------------------------------------- > O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de a= > rquivo, > e foi substitu=EDdo por esta mensagem de aviso no e-mail. > > Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique > armazenada. > > Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: > Windows Screensavers are often used to hide viruses (thats_hard.9727.scr) > No programs allowed (thats_hard.9727.scr) > > --=20 > Postmaster > > --===a2d635d06.48886b1bbe8731095-- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From moacyrs at AKADNYX.COM.BR Thu Jan 6 12:25:33 2005 From: moacyrs at AKADNYX.COM.BR (Moacyr Leite da Silva) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brazilian ;-) Yes, the filename rules blocked the .scr file I sent the email FYI because didnt have information about this kind of worm until yesterday. And was concerned that this can lead someone to open some attachments. Thanks Moacyr ----- Original Message ----- From: "Drew Marshall" To: Sent: Thursday, January 06, 2005 10:19 AM Subject: Re: Some Worm is trying to cheat MailScanner users ?! Moacyr Leite da Silva wrote: >> Seens to me that some worm is trying to cheat MailScanner users, I dont >> have >> signature in my MailScanner configurations. No the virus was removed. I'm not a Spanish (Or Brazillian!) speaker so I can't tell you what it says but I see a Mailscanner warning message in the headers. >> >> Warning: Esta mensagem continha anexos que foram removidos >> Warning: (thats_hard.9727.scr). >> Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >> informaçőes. >> >> I was surprised, too! >> Who_could_suspect_something_like_that? shityiiiii >> >> >> >> *-*-* Mail_Scanner: No Virus >> *-*-* AKADNYX.COM- Anti_Virus Service >> *-*-* http://www.akadnyx.com.br >> >> --===a2d635d06.48886b1bbe8731095 >> Content-Type: text/plain; >> charset="us-ascii"; >> name="AKADNYX-Attachment-Warning.txt" >> Content-Disposition: attachment; >> filename="AKADNYX-Attachment-Warning.txt" >> Content-Transfer-Encoding: quoted-printable >> >> Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus >> ---------------------------------------------------------------------- >> O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos >> de a> rquivo, >> e foi substitu=EDdo por esta mensagem de aviso no e-mail. >> >> Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique >> armazenada. >> >> Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: >> Windows Screensavers are often used to hide viruses >> (thats_hard.9727.scr) >> No programs allowed (thats_hard.9727.scr) >> >> --=20 >> Postmaster I agree that your AV seems not to have found a virus but MS has removed the attachment anyway. Perhaps the attachment was broken... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 6 12:27:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mocyr any anti-virus scanners should have triggered as well...of it's sober-i then its a few weeks old. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Moacyr Leite da Silva wrote: > Martin, > > I agree and I was only concerned that it is a kind of "Social Engineering", > in this case filename rules blocked the offending file. > > Thanks > > Moacyr > > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Thursday, January 06, 2005 10:04 AM > Subject: Re: Some Worm is trying to cheat MailScanner users ?! > > > There was a worm that came out about 2 years ago which did something > similar, hence the 'company' name being added the the headers to make > this a little more unique. > > BUT personally I never trust the headers and not virus scan base on that > info. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Moacyr Leite da Silva wrote: > >>Hi Folks, >> >>I Received an email yesterday with the following lines, all headers are in >>the bottom of email. >> >> >> >>>*-*-* Mail_Scanner: No Virus >>>*-*-* AKADNYX.COM- Anti_Virus Service >>>*-*-* http://www.akadnyx.com.br >>> >> >> >>Seens to me that some worm is trying to cheat MailScanner users, I dont > > have > >>signature in my MailScanner configurations. >>Someone have this one also!? >> >> >>Thanks >>Moacyr Leite da Silva >>www.akadnyx.com.br >> >> >> >> >>----- Original Message ----- >>From: >>To: >>Sent: Wednesday, January 05, 2005 2:48 AM >>Subject: {Filename?} Oh God it's >> >> >> >> >>>Warning: Esta mensagem continha anexos que foram removidos >>>Warning: (thats_hard.9727.scr). >>>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >> >>informaçőes. >> >> >>>I was surprised, too! >>>Who_could_suspect_something_like_that? shityiiiii >>> >>> >>> >>>*-*-* Mail_Scanner: No Virus >>>*-*-* AKADNYX.COM- Anti_Virus Service >>>*-*-* http://www.akadnyx.com.br >>> >> >> >> >>Received: from ishtar.akadnyx.com.br ([192.168.0.254]) by >>w2k-srv01.akadnyx.com.br with Microsoft SMTPSVC(5.0.2195.5329); >> Wed, 5 Jan 2005 03:22:40 -0200 >>Received: from gjtwrifg.com (rndf-146-30-87.telkomadsl.co.za >>[165.146.30.87]) >> by ishtar.akadnyx.com.br (8.12.11/8.12.11) with SMTP id j055G6H3014159 >> for ; Wed, 5 Jan 2005 03:16:08 -0200 >>From: slamm@netscape.com >>To: moacyrs@akadnyx.com.br >>Date: Wed, 05 Jan 2005 04:48:44 GMT >>Subject: {Filename?} Oh God it's >>Importance: Normal >>X-Priority: 3 (Normal) >>X-MSMail-Priority: Normal >>Message-ID: <72eea045191f.d880@netscape.com> >>MIME-Version: 1.0 >>Content-Type: multipart/mixed; boundary="===a2d635d06.48886b1bbe8731095" >>Content-Transfer-Encoding: 7bit >>X-AKADNYX-MailScanner-Information: Please contact the ISP for more >>information >>X-AKADNYX-MailScanner: Found to be infected >>X-AKADNYX-MailScanner-SpamCheck: nĂŁo spam, SpamAssassin (escore=-1.395, >> requerido 8, BAYES_00 -2.60, MISSING_MIMEOLE 0.01, NO_REAL_NAME 0.01, >> PRIORITY_NO_NAME 1.10, RCVD_IN_NJABL_DUL 0.09) >>X-MailScanner-From: slamm@netscape.com >>Return-Path: slamm@netscape.com >>X-OriginalArrivalTime: 05 Jan 2005 05:22:40.0937 (UTC) >>FILETIME=[93CE0990:01C4F2E6] >> >>This is a multi-part message in MIME format. >> >>--===a2d635d06.48886b1bbe8731095 >> >>Warning: Esta mensagem continha anexos que foram removidos >>Warning: (thats_hard.9727.scr). >>Warning: Leia o anexo "AKADNYX-Attachment-Warning.txt" para maiores >>informaçőes. >> >>I was surprised, too! >>Who_could_suspect_something_like_that? shityiiiii >> >> >> >>*-*-* Mail_Scanner: No Virus >>*-*-* AKADNYX.COM- Anti_Virus Service >>*-*-* http://www.akadnyx.com.br >> >>--===a2d635d06.48886b1bbe8731095 >>Content-Type: text/plain; >> charset="us-ascii"; >> name="AKADNYX-Attachment-Warning.txt" >>Content-Disposition: attachment; filename="AKADNYX-Attachment-Warning.txt" >>Content-Transfer-Encoding: quoted-printable >> >>Esta =E9 uma mensagem do servi=E7o de prote=E7=E3o contra v=EDrus >>---------------------------------------------------------------------- >>O anexo "thats_hard.9727.scr" encontra-se na lista pro=EDbida de tipos de > > a= > >>rquivo, >>e foi substitu=EDdo por esta mensagem de aviso no e-mail. >> >>Nossos sistemas previnem que uma c=F3pia do arquivo em quest=E3o fique >>armazenada. >> >>Hoje, Wed Jan 5 03:16:21 2005, o anti-virus relatou o seguinte: >> Windows Screensavers are often used to hide viruses > > (thats_hard.9727.scr) > >> No programs allowed (thats_hard.9727.scr) >> >>--=20 >>Postmaster >> >>--===a2d635d06.48886b1bbe8731095-- >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Thu Jan 6 12:33:24 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:28:07 2006 Subject: Virus Scanning: Denial Of Service attack detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi I am using, Redhat, sendmail 8.13.1, MS 4.37.7-1, clamav 0.80 and SA 3.0.2 Lately I see the following line in /var/log/maillog Jan 4 03:18:07 blr MailScanner[21701]: Virus Scanning: Denial Of Service attack detected! Is there something I need to do to protect my system? regards, -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! Powered by Outblaze ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Jan 6 13:09:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:07 2006 Subject: Some Worm is trying to cheat MailScanner users ?! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, January 6, 2005 12:25, Moacyr Leite da Silva said: > Brazilian ;-) :-) And I must learn to type (Or read what I type!) > > Yes, the filename rules blocked the .scr file > > I sent the email FYI because didnt have information about this kind of > worm > until yesterday. And was concerned that this can lead someone to open some > attachments. So I realised when I read your replies. Again I must learn to type faster and read more ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jan 6 13:33:47 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:07 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > James Stevens wrote: > >> If I can get exchange to accept mail for both names I will be set. >> I.e. Domain.com and sub.domain.com >> >> can you point me to the multiple places to configure this? I must have >> missed something . >> >> On the Exchange 2003 box: >> Start > All Programs > Exchange 2003 > System Manager >> >> Inside system manager: >> Recipients > Recipient Policies > Default Policy (right click to get >> properties) >> >> Add the new domain under Email Addresses (Policy) and enable it to add >> the new domain to Exchange. >> >> > > Did you try that? It is the only place in Exchange where domains are > configurable for the SMTP policy and if you can't find those you're > probably not on the right system, don't have sufficient priviledges, etc. > > SMTP Addresses (per-user) are configurable in user account properties. > Start > All Programs > Administrative Tools > Active Directory Users & > Computers > Expand default domain, users container, right click on the > user and select properties... SMTP stuff is defined on the Email > Addresses tab -- you need to create an SMTP address. > There is something I found out about Exchange (2000). Whenever I add a domain, I have to restart the whole server to make it work. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu Jan 6 14:32:24 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Glenn. I know they are a different color, and I know they show at the top right when looking at the current (daily) stats. But what I"m looking for is 'in the month of December, XXXX emails were blocked due to file attachment'. Better yet, since we service multiple domain names, add ' .....blocked due to file attachment when destined for abc123.com ' I assume I will have to do my own custom report for that? Even when filtering for December; it will show emails/spam/virus per day, per month, etc..but it doesn't seem that blocked are included. Unless I'm crazy (which very well could be :) Matt >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> As replied on theother list.... Red for blocked content, pink for spam (darker for High Scoring)... You'll note the difference:-). As I said, even a severely colorblind person like me have no problem with that:-). If you like to have reports on each type, you'll just have to select a relevant subset of limits. Again, it's pretty straightforward. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: on 2005-01-05 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Mailwatch question I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ..pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné ŕ la personne ou aux personnes ŕ qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'ętes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné ŕ la personne ou aux personnes ŕ qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'ętes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bhuff at COLLTECH.COM Thu Jan 6 15:02:24 2005 From: bhuff at COLLTECH.COM (Bill Huff) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt, mailwatch does indeed capture the difference, however there is not a 'provided' interface to view it. It is all in the DB however, and a custom report is trivial to create based on the way that the mailwatch reporting system is designed. In your mailwatch database is a table called maillog. In the maillog table there are columns to track if a given message is spam, if it is high scoring spam, if it is virus infected or if it was name or content infected. Here is a 'describe' of the columns that I am referring too. You can see that you have a very full set of information that is being tracked. It would be trivial to create a report like you are asking for, the data is all there. If you would like some help, contact me off list and I will give you a hand. -- Bill | isspam | tinyint(1) | YES | | 0 | | | ishighspam | tinyint(1) | YES | | 0 | | | issaspam | tinyint(1) | YES | | 0 | | | isrblspam | tinyint(1) | YES | | 0 | | | spamwhitelisted | tinyint(1) | YES | | 0 | | | spamblacklisted | tinyint(1) | YES | | 0 | | | sascore | decimal(7,2) | YES | | 0.00 | | | spamreport | text | YES | | NULL | | | virusinfected | tinyint(1) | YES | | 0 | | | nameinfected | tinyint(1) | YES | | 0 | | | otherinfected | tinyint(1) | YES | | 0 | | Matt Kehler wrote: > Thanks Glenn. I know they are a different color, and I know they show > at the top right when looking at the current (daily) stats. But what > I"m looking for is 'in the month of December, XXXX emails were blocked > due to file attachment'. Better yet, since we service multiple domain > names, add ' .....blocked due to file attachment when destined for > abc123.com ' > > I assume I will have to do my own custom report for that? Even when > filtering for December; it will show emails/spam/virus per day, per > month, etc..but it doesn't seem that blocked are included. Unless I'm > crazy (which very well could be :) > > Matt > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > As replied on theother list.... Red for blocked content, pink for spam > (darker for High Scoring)... You'll note the difference:-). As I said, > even a severely colorblind person like me have no problem with that:-). > > If you like to have reports on each type, you'll just have to select a > relevant subset of limits. Again, it's pretty straightforward. > > -- Glenn > > > -----Original Message----- > From: MailScanner mailing list on behalf of Matt Kehler > Sent: on 2005-01-05 20:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Mailwatch question > I know its a MailWatch question, but it seems as though theres a lot > more MW users on this list than the actual MW list itself...so... :) > > > > If you have MS configured to block emails based on extension (such as > ..pif's for example), do those blocked emails show in the MailWatch > 'spam' statistics, or do they not show at all? Is there a way to > differentiate the emails blocked due to file extension from the emails > blocked due to spam? Our management wants to know how much MailScanner > is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) > as opposed to stuff that we manually configure (ie, the file extensions > that we block regardless of infection or spam) > > > > thx > > Matt > > > > > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission in > error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est destiné ŕ la > personne > ou aux personnes ŕ qui il est adressé. Il peut contenir des informations > privilégiées ou confidentielles. Toute utilisation, divulgation, > distribution, > copie, ou diffusion non autorisée est strictement défendue. Si vous > n'ętes pas > le destinataire de ce message, veuillez en informer l'expéditeur > immédiatement > et lui remettre l'original. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission > in error, please notify the sender immediately and return the original. > Ce courriel et tout document dans cette transmission est destiné ŕ la > personne ou aux personnes ŕ qui il est adressé. Il peut contenir des > informations privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, copie, ou diffusion non autorisée est > strictement défendue. Si vous n'ętes pas le destinataire de ce message, > veuillez en informer l'expéditeur immédiatement et lui remettre > l'original. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- _____ / ___/___ | Bill Huff, CISSP - Director of Technology / /__ __/ | Voice: (512) 263-0770 x 262 / /__/ / | Fax: (512) 263-8921 \___/ /ollective | Cell: (512) 630-5424 \/echnologies | --[ http://www.colltech.com ] -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 6 15:31:26 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Differences between spamassassin rules in MailScanner.conf Message-ID: On Tue, Jan 04, 2005 at 02:13:04PM -0800, Matt Krause wrote: > I am trying to figure out the difference between the following > settings in the MailScanner.conf file? > > # The site rules are searched for here. > # Normal location on most systems is /etc/mail/spamassassin. > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > # The site-local rules are searched for here, and in prefix/etc/spamassassin, > # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, > # /etc/mail/spamassassin, and maybe others. > # If this is set then it adds to the list of places that are searched; > # otherwise it has no effect. > #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin > SpamAssassin Local Rules Dir = > > # The default rules are searched for here, and in prefix/share/spamassassin, > # /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. > # If this is set then it adds to the list of places that are searched; > # otherwise it has no effect. > #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin > SpamAssassin Default Rules Dir = first off, man spamassassin see the section CONFIGURATION FILES But I think you may have a point here, # egrep -i "spamassassin[a-z]*rules" `dpkg -L mailscanner` /usr/share/MailScanner/MailScanner/ConfigDefs.pl:SpamAssassinSiteRulesDir /usr/share/MailScanner/MailScanner/ConfigDefs.pl:SpamAssassinLocalRulesDir /usr/share/MailScanner/MailScanner/ConfigDefs.pl:SpamAssassinDefaultRulesDir /usr/share/MailScanner/MailScanner/ConfigDefs.pl:MCPSpamAssassinLocalRulesDir /etc/MailScanner/mcp /usr/share/MailScanner/MailScanner/ConfigDefs.pl:MCPSpamAssassinDefaultRulesDir /etc/MailScanner/mcp /usr/share/MailScanner/MailScanner/SA.pm: $val = MailScanner::Config::Value('spamassassinlocalrulesdir'); /usr/share/MailScanner/MailScanner/SA.pm: $val = MailScanner::Config::Value('spamassassindefaultrulesdir'); /usr/share/MailScanner/MailScanner/MCP.pm: $val = MailScanner::Config::Value('mcpspamassassinlocalrulesdir'); /usr/share/MailScanner/MailScanner/MCP.pm: $val = MailScanner::Config::Value('mcpspamassassindefaultrulesdir'); I can't see where the SpamAssassinSiteRulesDir variable is ever used, although it may be employed in a way that is eluding my grep. Julian? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 6 15:34:43 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: On Wed, Jan 05, 2005 at 12:26:45PM -0500, Steve Swaney wrote: > -- > This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. agreed ;) -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Jan 6 16:23:20 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: On Wed, Jan 05, 2005 at 06:46:33AM +0000, Brian Lewis wrote: > I would like to configure Sendmail outgoing to not generate a 'bounce > reply' if the target user is 'unknown or invalid'. IMHO, this is the ideal configuration: bounces are a nuisance if they don't go to the right place. But, I'm sure you also have in mind the purpose of bounces. > Basically if Sendmail > Outgoing is unable to deliver it then it should keep attempting to > deliver, but if its told by the receiving server the user doesn't exist If you don't attempt delivery before you reply then this is already too late, IMO. (Now, if the receiving server said 'we don't want it, its spam' ...) > then I don't want it to reply back to the spammer that it doesn't exist, > instead it should just discard the email. Au contraire. I think: If you're really sure that its spam, by a process equivalent to delivery, then you can, with your 'agent of the user' hat on, rather than your 'MTA' hat on, justify dropping the mail on the floor - thereby robbing the spammer of valuable feedback, and saving your resources. I would suggest that to act as the 'agent of the user' should be an explicit arangement, and that this deviation from normal MTA behaviour be explicitly understood as part of that arrangement. rfc2821 seems quite clear on this point: If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse- path). I can't find the 'get-out clause' that relieves you of this obligation in general, although I do not profess to have a good knowledge of all the relevant standards. > Anyone know if Sendmail can be configured in this way? See the other postings. ldap or milter-ahead. I would suggest that having a method that does require you to accept (or at least minimizes) mail that later you find you cannot deliver because the destination is incorrect, will give you more freedom in your choices about when to silently drop undesirable mail. Can anyone point out a circumstance in which this is simply technically impossible to acheive ? > Sick of seeing the server attempt to delivery > thousands of invalid or unknown user replies usually to invalid FROM > addresses. You have my sympathy, really. Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Thu Jan 6 17:22:53 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:07 2006 Subject: Why oh Why!! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > There is something I found out about Exchange (2000). Whenever I add a > domain, I have to restart the whole server to make it work. Yes, thats why Recipient Update and similar services came to life. In the early days of Exchange nearly any change to the system required a complete restart of all services. Becuase 2000 (and 2003) depend on Active Directory so much the changes would be propagated through the domain/forest on a pre-set interval -- or on system startup. Google for repadmin if you want to find out how these processes work together. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Thu Jan 6 17:46:13 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Bill. I'll try to add 'nameinfected' (I believe thats what the blocked is) to the daily and monthly reports. When it comes to stuff like this I"m lost, so I may be emailing you soon enough :) thanks! Matt >>> bhuff@COLLTECH.COM 01/06/05 09:02AM >>> Matt, mailwatch does indeed capture the difference, however there is not a 'provided' interface to view it. It is all in the DB however, and a custom report is trivial to create based on the way that the mailwatch reporting system is designed. In your mailwatch database is a table called maillog. In the maillog table there are columns to track if a given message is spam, if it is high scoring spam, if it is virus infected or if it was name or content infected. Here is a 'describe' of the columns that I am referring too. You can see that you have a very full set of information that is being tracked. It would be trivial to create a report like you are asking for, the data is all there. If you would like some help, contact me off list and I will give you a hand. -- Bill | isspam | tinyint(1) | YES | | 0 | | | ishighspam | tinyint(1) | YES | | 0 | | | issaspam | tinyint(1) | YES | | 0 | | | isrblspam | tinyint(1) | YES | | 0 | | | spamwhitelisted | tinyint(1) | YES | | 0 | | | spamblacklisted | tinyint(1) | YES | | 0 | | | sascore | decimal(7,2) | YES | | 0.00 | | | spamreport | text | YES | | NULL | | | virusinfected | tinyint(1) | YES | | 0 | | | nameinfected | tinyint(1) | YES | | 0 | | | otherinfected | tinyint(1) | YES | | 0 | | Matt Kehler wrote: > Thanks Glenn. I know they are a different color, and I know they show > at the top right when looking at the current (daily) stats. But what > I"m looking for is 'in the month of December, XXXX emails were blocked > due to file attachment'. Better yet, since we service multiple domain > names, add ' .....blocked due to file attachment when destined for > abc123.com ' > > I assume I will have to do my own custom report for that? Even when > filtering for December; it will show emails/spam/virus per day, per > month, etc..but it doesn't seem that blocked are included. Unless I'm > crazy (which very well could be :) > > Matt > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > As replied on theother list.... Red for blocked content, pink for spam > (darker for High Scoring)... You'll note the difference:-). As I said, > even a severely colorblind person like me have no problem with that:-). > > If you like to have reports on each type, you'll just have to select a > relevant subset of limits. Again, it's pretty straightforward. > > -- Glenn > > > -----Original Message----- > From: MailScanner mailing list on behalf of Matt Kehler > Sent: on 2005-01-05 20:04 > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Mailwatch question > I know its a MailWatch question, but it seems as though theres a lot > more MW users on this list than the actual MW list itself...so... :) > > > > If you have MS configured to block emails based on extension (such as > ..pif's for example), do those blocked emails show in the MailWatch > 'spam' statistics, or do they not show at all? Is there a way to > differentiate the emails blocked due to file extension from the emails > blocked due to spam? Our management wants to know how much MailScanner > is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) > as opposed to stuff that we manually configure (ie, the file extensions > that we block regardless of infection or spam) > > > > thx > > Matt > > > > > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission in > error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est destiné ŕ la > personne > ou aux personnes ŕ qui il est adressé. Il peut contenir des informations > privilégiées ou confidentielles. Toute utilisation, divulgation, > distribution, > copie, ou diffusion non autorisée est strictement défendue. Si vous > n'ętes pas > le destinataire de ce message, veuillez en informer l'expéditeur > immédiatement > et lui remettre l'original. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission > in error, please notify the sender immediately and return the original. > Ce courriel et tout document dans cette transmission est destiné ŕ la > personne ou aux personnes ŕ qui il est adressé. Il peut contenir des > informations privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, copie, ou diffusion non autorisée est > strictement défendue. Si vous n'ętes pas le destinataire de ce message, > veuillez en informer l'expéditeur immédiatement et lui remettre > l'original. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- _____ / ___/___ | Bill Huff, CISSP - Director of Technology / /__ __/ | Voice: (512) 263-0770 x 262 / /__/ / | Fax: (512) 263-8921 \___/ /ollective | Cell: (512) 630-5424 \/echnologies | --[ http://www.colltech.com ] -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné ŕ la personne ou aux personnes ŕ qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'ętes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 6 18:06:20 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: I've been reading through the DCC docs prior to the install, and I think I have a handle on it, but thought I'd check in here just to be sure, knowing that someone will either tell me I'm a complete idiot or I'm on the right track. Well, OK, I probably *am* a complete idiot anyway but I still manage to get it right at least some of the time. So, my understanding is that dccm is a milter for sendmail. I'm using sendmail, but I want MailScanner to do the RBL/Razor/DCC checks. Therefore, I don't have to install dccm (which requires rebuilding sendmail - at least as nearly as I can tell in SuSE 9.2). MailScanner/Spamassassin will just use DCCproc or DCCifd which are installed as a matter of course. Right? Or am I missing anything. I read the FAQ regarding using DCCifd, which says this: ------------- 'So, if you use MailScanner on a low scale mail server, or even as a one user's solution, it's better that you run it as DCCproc. If your mailserver scans loads of messages each day, then it'll be better to run it as a daemon.' ------------- I move probably 3000 messages a day inbound. Any recommendations on which would be more efficient (DCCproc or DCCifd) or for that low of a number is it a wash? Thanks much... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bhuff at COLLTECH.COM Thu Jan 6 18:19:12 2005 From: bhuff at COLLTECH.COM (Bill Huff) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am pretty sure that nameinfected means that a rule in filename.rules hit and otherinfected means that a rule in filetype.rules hit. -- Bill Matt Kehler wrote: > Thanks Bill. I'll try to add 'nameinfected' (I believe thats what the > blocked is) to the daily and monthly reports. When it comes to stuff > like this I"m lost, so I may be emailing you soon enough :) > > thanks! > Matt > > >>> bhuff@COLLTECH.COM 01/06/05 09:02AM >>> > Matt, mailwatch does indeed capture the difference, however there is not a > 'provided' interface to view it. It is all in the DB however, and a custom > report is trivial to create based on the way that the mailwatch > reporting system > is designed. > > In your mailwatch database is a table called maillog. In the maillog table > there are columns to track if a given message is spam, if it is high > scoring > spam, if it is virus infected or if it was name or content infected. > > Here is a 'describe' of the columns that I am referring too. You can > see that > you have a very full set of information that is being tracked. It would be > trivial to create a report like you are asking for, the data is all there. > > If you would like some help, contact me off list and I will give you a hand. > > -- > Bill > > | isspam | tinyint(1) | YES | | 0 | | > | ishighspam | tinyint(1) | YES | | 0 | | > | issaspam | tinyint(1) | YES | | 0 | | > | isrblspam | tinyint(1) | YES | | 0 | | > | spamwhitelisted | tinyint(1) | YES | | 0 | | > | spamblacklisted | tinyint(1) | YES | | 0 | | > | sascore | decimal(7,2) | YES | | 0.00 | | > | spamreport | text | YES | | NULL | | > | virusinfected | tinyint(1) | YES | | 0 | | > | nameinfected | tinyint(1) | YES | | 0 | | > | otherinfected | tinyint(1) | YES | | 0 | | > > > Matt Kehler wrote: > > Thanks Glenn. I know they are a different color, and I know they show > > at the top right when looking at the current (daily) stats. But what > > I"m looking for is 'in the month of December, XXXX emails were blocked > > due to file attachment'. Better yet, since we service multiple domain > > names, add ' .....blocked due to file attachment when destined for > > abc123.com ' > > > > I assume I will have to do my own custom report for that? Even when > > filtering for December; it will show emails/spam/virus per day, per > > month, etc..but it doesn't seem that blocked are included. Unless I'm > > crazy (which very well could be :) > > > > Matt > > > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > > As replied on theother list.... Red for blocked content, pink for spam > > (darker for High Scoring)... You'll note the difference:-). As I said, > > even a severely colorblind person like me have no problem with that:-). > > > > If you like to have reports on each type, you'll just have to select a > > relevant subset of limits. Again, it's pretty straightforward. > > > > -- Glenn > > > > > > -----Original Message----- > > From: MailScanner mailing list on behalf of Matt Kehler > > Sent: on 2005-01-05 20:04 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Cc: > > Subject: Mailwatch question > > I know its a MailWatch question, but it seems as though theres a lot > > more MW users on this list than the actual MW list itself...so... :) > > > > > > > > If you have MS configured to block emails based on extension (such as > > ..pif's for example), do those blocked emails show in the MailWatch > > 'spam' statistics, or do they not show at all? Is there a way to > > differentiate the emails blocked due to file extension from the emails > > blocked due to spam? Our management wants to know how much MailScanner > > is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) > > as opposed to stuff that we manually configure (ie, the file extensions > > that we block regardless of infection or spam) > > > > > > > > thx > > > > Matt > > > > > > > > > > This email and/or any documents in this transmission is intended for the > > addressee(s) only and may contain legally privileged or confidential > > information. Any unauthorized use, disclosure, distribution, copying or > > dissemination is strictly prohibited. If you receive this > transmission in > > error, please notify the sender immediately and return the original. > > > > Ce courriel et tout document dans cette transmission est destiné ŕ la > > personne > > ou aux personnes ŕ qui il est adressé. Il peut contenir des informations > > privilégiées ou confidentielles. Toute utilisation, divulgation, > > distribution, > > copie, ou diffusion non autorisée est strictement défendue. Si vous > > n'ętes pas > > le destinataire de ce message, veuillez en informer l'expéditeur > > immédiatement > > et lui remettre l'original. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > This email and/or any documents in this transmission is intended for the > > addressee(s) only and may contain legally privileged or confidential > > information. Any unauthorized use, disclosure, distribution, copying or > > dissemination is strictly prohibited. If you receive this transmission > > in error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est destiné ŕ la > > personne ou aux personnes ŕ qui il est adressé. Il peut contenir des > > informations privilégiées ou confidentielles. Toute utilisation, > > divulgation, distribution, copie, ou diffusion non autorisée est > > strictement défendue. Si vous n'ętes pas le destinataire de ce message, > > veuillez en informer l'expéditeur immédiatement et lui remettre > > l'original. ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > -- > _____ > / ___/___ | Bill Huff, CISSP - Director of Technology > / /__ __/ | Voice: (512) 263-0770 x 262 > / /__/ / | Fax: (512) 263-8921 > \___/ /ollective | Cell: (512) 630-5424 > \/echnologies | --[ http://www.colltech.com > ] -- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > This email and/or any documents in this transmission is intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, copying or > dissemination is strictly prohibited. If you receive this transmission > in error, please notify the sender immediately and return the original. > Ce courriel et tout document dans cette transmission est destiné ŕ la > personne ou aux personnes ŕ qui il est adressé. Il peut contenir des > informations privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, copie, ou diffusion non autorisée est > strictement défendue. Si vous n'ętes pas le destinataire de ce message, > veuillez en informer l'expéditeur immédiatement et lui remettre > l'original. ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- _____ / ___/___ | Bill Huff, CISSP - Director of Technology / /__ __/ | Voice: (512) 263-0770 x 262 / /__/ / | Fax: (512) 263-8921 \___/ /ollective | Cell: (512) 630-5424 \/echnologies | --[ http://www.colltech.com ] -- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Jan 6 18:57:50 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > I move probably 3000 messages a day inbound. Any recommendations on which > would be more efficient (DCCproc or DCCifd) or for that low of a number is > it a wash? This is from the SpamAssassin INSTALL file and it works, that's how easy it is: wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z tar xfvz dcc-dccproc.tar.Z cd dcc-dccproc-* ./configure && make && make install The deamon is included so if you want to use that later on you can. Look here for that but you will not notice any difference. The nice thing is that SA will automatically fall back to dccproc if it can't connect to dccifd so you don't have to worry about it stopping. http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 6 19:05:53 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: Peter Bonivart wrote: > Kevin Miller wrote: >> I move probably 3000 messages a day inbound. Any recommendations on >> which would be more efficient (DCCproc or DCCifd) or for that low of >> a number is it a wash? > > This is from the SpamAssassin INSTALL file and it works, that's how > easy it is: > > wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z > tar xfvz dcc-dccproc.tar.Z > cd dcc-dccproc-* > ./configure && make && make install > > The deamon is included so if you want to use that later on you can. > Look here for that but you will not notice any difference. The nice > thing is that SA will automatically fall back to dccproc if it can't > connect to dccifd so you don't have to worry about it stopping. > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/312.html Thanks Peter! I was looking all over for that snippit, but hadn't gotten to the SpamAssassin install yet. I *knew* I'd read that somewhere (months ago) but just couldn't recall where... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:08:04 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any problems from November until this evening. Suddenly the volume of mail in the mqueue.in directory started to increase without explanation, and while most mail is being delivered successfully, more and more messages are just being repeatedly reprocessed without being delivered. See log for a typical message below. I have tried restarting MailScanner, and even cleaned out the queue manually. However the problem keeps resurfacing. Can anyone advise what could be happening here? No MailScanner configuration files have been changed recently, and only minor changes have been made to sendmail configuration files (mailertable - to forward certain mail to a specific host - and virtusertable - to add some more users). Neither of these changes should have made any impact. There are no relevant errors listed in the sendmail maillog file, apart from signs of some messages being processed ad infinitum. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from=, size=8737, class=0, nrcpts=1, msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, relay=fido.mango.zw [192.168.10.1] Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to=, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted etc etc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:17:28 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: On Thu, 6 Jan 2005, I wrote > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > problems from November until this evening. Suddenly the volume of mail in > the mqueue.in directory started to increase without explanation, and while > most mail is being delivered successfully, more and more messages are > just being repeatedly reprocessed without being delivered. See log for a > typical message below. I append another example of the problem. This is interesting as it involves a message flagged as spam. It is being repeatedly saved in the quarantine folder (copying over older copies of itself), but is never moved out of mqueue.in. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service Jan 6 22:39:40 mail sendmail[17787]: j06KdV53017787: from=, size=33199, class=0, nrcpts=1, msgid=<20050106143548691@DAL1BS070>, proto=SMTP, daemon=MTA, relay=dal1bs070.processrequest.com [216.39.67.120] Jan 6 22:39:40 mail sendmail[17787]: j06KdV53017787: to=, delay=00:00:07, mailer=esmtp, pri=63199, stat=queued Jan 6 22:40:00 mail MailScanner[11052]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:40:00 mail MailScanner[11052]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:41:25 mail MailScanner[11052]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:42:24 mail MailScanner[11317]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:42:24 mail MailScanner[11317]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:42:56 mail MailScanner[11317]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:43:20 mail MailScanner[11218]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:43:20 mail MailScanner[11218]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:43:43 mail MailScanner[11218]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:44:07 mail MailScanner[19384]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:44:07 mail MailScanner[19384]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:44:38 mail MailScanner[19384]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store Jan 6 22:45:34 mail MailScanner[11132]: RBL checks: j06KdV53017787 found in reynolds-t1 Jan 6 22:45:34 mail MailScanner[11132]: Message j06KdV53017787 from 216.39.67.120 (reedconstr-e2-4005916@processrequest.com) to mango.zw is spam, reynolds-t1 Jan 6 22:46:05 mail MailScanner[11132]: Spam Actions: message j06KdV53017787 actions are devnull@fido.mango.zw,forward,store etc etc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.thomas at PSYSOLUTIONS.COM Thu Jan 6 21:15:49 2005 From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: paddy wrote: >rfc2821 seems quite clear on this point: > > If an SMTP server has accepted the task of relaying the mail and > later finds that the destination is incorrect or that the mail cannot > be delivered for some other reason, then it MUST construct an > "undeliverable mail" notification message and send it to the > originator of the undeliverable mail (as indicated by the reverse- > path). > >I can't find the 'get-out clause' that relieves you of this obligation >in general, although I do not profess to have a good knowledge of >all the relevant standards. > > An RFC is not a law. If you don't comply, you are merely noncompliant. This matters where it matters and doesn't where it doesn't. Rich -- MIS Department | |Phone: +1 615 312 5787 840 Crescent Ctr Dr | Psychiatric Solutions Inc |Fax: +1 615 312 5711 Suite 460 | | Franklin, TN 37067 | | ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From tjones at isthmus.com Thu Jan 6 21:16:42 2005 From: tjones at isthmus.com (Thom Jones) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi to Jim and Everyone (I'm new to this list): I just had the same thing happen to me. Result here was that the bigevil.cf and blacklist.cf files got updated a couple days prior and they were huge...huge enough to overwhelm system resources when running SA. This effectively shut down MailScanner as well. Once I reverted back to the earlier (and much smaller) .cf files, things cleared out eventually and got back to normal. I've now been reconfiguring and upgrading in order to use SURBL instead. Not sure if it's the same cause on your end, but hope this helps.... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Jim Holland Sent: Thursday, January 06, 2005 3:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Problem with MailScanner failing to process mqueue.in mail Hi I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any problems from November until this evening. Suddenly the volume of mail in the mqueue.in directory started to increase without explanation, and while most mail is being delivered successfully, more and more messages are just being repeatedly reprocessed without being delivered. See log for a typical message below. I have tried restarting MailScanner, and even cleaned out the queue manually. However the problem keeps resurfacing. Can anyone advise what could be happening here? No MailScanner configuration files have been changed recently, and only minor changes have been made to sendmail configuration files (mailertable - to forward certain mail to a specific host - and virtusertable - to add some more users). Neither of these changes should have made any impact. There are no relevant errors listed in the sendmail maillog file, apart from signs of some messages being processed ad infinitum. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from=, size=8737, class=0, nrcpts=1, msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, relay=fido.mango.zw [192.168.10.1] Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to=, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted etc etc ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Jan 6 21:31:43 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > problems from November until this evening. Suddenly the volume of mail in > the mqueue.in directory started to increase without explanation, and while > most mail is being delivered successfully, more and more messages are > just being repeatedly reprocessed without being delivered. See log for a > typical message below. > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from=, size=8737, class=0, nrcpts=1, msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, relay=fido.mango.zw [192.168.10.1] > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to=, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued > Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted > Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted > Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted > Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from 192.168.10.1 (heavens@mango.zw) is whitelisted I'm not sure but it could be a file locking problem since different MS processes seems to be processing the same message. What lock type do you use, flock or posix? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:44:52 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi On Thu, 6 Jan 2005, Thom Jones wrote: > Hi to Jim and Everyone (I'm new to this list): > I just had the same thing happen to me. > Result here was that the bigevil.cf and blacklist.cf files got updated a > couple days prior and they were huge...huge enough to overwhelm system > resources when running SA. This effectively shut down MailScanner as well. > Once I reverted back to the earlier (and much smaller) .cf files, things > cleared out eventually and got back to normal. > I've now been reconfiguring and upgrading in order to use SURBL instead. > Not sure if it's the same cause on your end, but hope this helps.... Thanks for the feedback. I don't have the resources to run SA on this server, but don't see any sign of running out of resources with the configuration that I am using. The load average is running between 3 and 6, so that looks fine. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 21:49:28 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi On Thu, 6 Jan 2005, Peter Bonivart wrote: > > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > > problems from November until this evening. Suddenly the volume of mail in > > the mqueue.in directory started to increase without explanation, and while > > most mail is being delivered successfully, more and more messages are > > just being repeatedly reprocessed without being delivered. See log for a > > typical message below. > I'm not sure but it could be a file locking problem since different MS > processes seems to be processing the same message. What lock type do you > use, flock or posix? Thanks for the feedback. Since upgrading to sendmail 8.13.1 I changed from flock to posix as recommended. I now see previous mail from another user with a similar problem. I will go through all that correspondence as well. Of course I could/should upgrade to the latest version of MailScanner. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Thu Jan 6 21:54:38 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Peter Bonivart > Sent: Thursday, January 06, 2005 4:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with MailScanner failing to process mqueue.in mail > > Jim Holland wrote: > > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without > any > > problems from November until this evening. Suddenly the volume of mail > in > > the mqueue.in directory started to increase without explanation, and > while > > most mail is being delivered successfully, more and more messages are > > just being repeatedly reprocessed without being delivered. See log for > a > > typical message below. > > > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: from= mango.zw>, size=8737, class=0, nrcpts=1, > msgid=<944800817@p3775.f1.n7211.z5.ftn>, proto=ESMTP, daemon=MTA, > relay=fido.mango.zw [192.168.10.1] > > Jan 6 22:39:37 mail sendmail[17918]: j06KdaZ7017918: to= mweb.co.za>, delay=00:00:01, mailer=esmtp, pri=38737, stat=queued > > Jan 6 22:40:24 mail MailScanner[11052]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > Jan 6 22:42:34 mail MailScanner[11317]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > Jan 6 22:43:29 mail MailScanner[11218]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > Jan 6 22:44:15 mail MailScanner[19384]: Message j06KdaZ7017918 from > 192.168.10.1 (heavens@mango.zw) is whitelisted > > I'm not sure but it could be a file locking problem since different MS > processes seems to be processing the same message. What lock type do you > use, flock or posix? > > -- > /Peter Bonivart > I believe Peter is on the right track here. Sendmail 8.13.1 should have Lock Type = posix Set in MailScanner.conf Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Thu Jan 6 22:03:34 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi Julian > On Thu, 6 Jan 2005, I wrote > > > I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any > > problems from November until this evening. Suddenly the volume of mail in > > the mqueue.in directory started to increase without explanation, and while > > most mail is being delivered successfully, more and more messages are > > just being repeatedly reprocessed without being delivered. See log for a > > typical message below. The problem seems to have been solved by moving a specific problem message out of the mail queue. There were a number of similar messages from the same source, and it seems that each time they sent a message then it caused the failure. Would it be helpful to send you a copy of one of the messages for analysis? It would definitely be unwise to send it to the list as it would clearly cause problems for other people. For information, the message came from: Server: dal1bs070.processrequest.com [216.39.67.120] Sender: Contract Journal and it was listed as spam by reynolds-t1 (t1.dnsbl.net.au), although it may be legitimate mail. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Jan 6 22:34:26 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:28:07 2006 Subject: OT - setting up mailertable Message-ID: >Correct syntax is : > >xyz.com esmtp:[1.1.1.1]:[2.2.2.2]:[3.3.3.3]:[4.4.4.4]:[5.5.5.5] > Thanks Stephane, that worked. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 6 23:00:49 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:07 2006 Subject: Lock type Message-ID: In MailScanner.conf I have posix. In spam.assassin.prefs.conf it says flock. Should I change the latter to posix as well? I'm running sendmail. TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Jan 6 23:15:38 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:07 2006 Subject: Lock type Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > In MailScanner.conf I have posix. In spam.assassin.prefs.conf it says > flock. Should I change the latter to posix as well? I'm running sendmail. The two are separate, if you have a new version of Linux/Sendmail you should probably use posix for MS but in SA you will gain performance by using flock compared to nfssafe. Look at the man page for Mail::SpamAssassin::Conf. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Thu Jan 6 23:23:56 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hm, ISTR there was a report for "tyotals per month" posted to the MailWatch list a while back. Get that (you'll just have to trawl for it in the MailWatch list archive), and then this is real trivial.... set the limit of "blocked content=1", then look at the totals per month;). -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: Thu 1/6/2005 3:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Re: Mailwatch question Thanks Glenn. I know they are a different color, and I know they show at the top right when looking at the current (daily) stats. But what I"m looking for is 'in the month of December, XXXX emails were blocked due to file attachment'. Better yet, since we service multiple domain names, add ' .....blocked due to file attachment when destined for abc123.com ' I assume I will have to do my own custom report for that? Even when filtering for December; it will show emails/spam/virus per day, per month, etc..but it doesn't seem that blocked are included. Unless I'm crazy (which very well could be :) Matt >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> As replied on theother list.... Red for blocked content, pink for spam (darker for High Scoring)... You'll note the difference:-). As I said, even a severely colorblind person like me have no problem with that:-). If you like to have reports on each type, you'll just have to select a relevant subset of limits. Again, it's pretty straightforward. -- Glenn -----Original Message----- From: MailScanner mailing list on behalf of Matt Kehler Sent: on 2005-01-05 20:04 To: MAILSCANNER@JISCMAIL.AC.UK Cc: Subject: Mailwatch question I know its a MailWatch question, but it seems as though theres a lot more MW users on this list than the actual MW list itself...so... :) If you have MS configured to block emails based on extension (such as ...pif's for example), do those blocked emails show in the MailWatch 'spam' statistics, or do they not show at all? Is there a way to differentiate the emails blocked due to file extension from the emails blocked due to spam? Our management wants to know how much MailScanner is blocking due to 'itself' (ie, spam heuristics, virus scanning, etc) as opposed to stuff that we manually configure (ie, the file extensions that we block regardless of infection or spam) thx Matt This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné ŕ la personne ou aux personnes ŕ qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'ętes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email and/or any documents in this transmission is intended for the addressee(s) only and may contain legally privileged or confidential information. Any unauthorized use, disclosure, distribution, copying or dissemination is strictly prohibited. If you receive this transmission in error, please notify the sender immediately and return the original. Ce courriel et tout document dans cette transmission est destiné ŕ la personne ou aux personnes ŕ qui il est adressé. Il peut contenir des informations privilégiées ou confidentielles. Toute utilisation, divulgation, distribution, copie, ou diffusion non autorisée est strictement défendue. Si vous n'ętes pas le destinataire de ce message, veuillez en informer l'expéditeur immédiatement et lui remettre l'original. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ckteo at tri-m.com.sg Fri Jan 7 02:48:18 2005 From: ckteo at tri-m.com.sg (Teo Chee Keong) Date: Thu Jan 12 21:28:07 2006 Subject: Help on configuration Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm trying to configure the MailScanner to allow HTML / IFrame Tag from Some mailing list / domain, but I can't seem to get it right. Can someone guide me on how to do it? Thanks and regards, Teo Chee Keong ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Fri Jan 7 03:10:51 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:07 2006 Subject: Help on configuration Message-ID: Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Teo Chee Keong > Sent: Thursday, January 06, 2005 9:48 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Help on configuration > > Hi, > > I'm trying to configure the MailScanner to allow HTML / IFrame Tag from > Some > mailing list / domain, but I can't seem to get it right. Can someone guide > me on how to do it? > > Thanks and regards, > Teo Chee Keong > In MailScanner.conf, set "Allow IFrame Tags =" to: Allow IFrame Tags = %rules-dir%/IFrame.tag.rules Create the file IFrame.tag.rules in your rules directory which contains lines similar to: From: @.mailer.somedomain.com yes From: *.bulk.baddomain.com no FromOrTo: default disarm This assumes that you don't "Use SpamAssassin" or "Spam Checks" on mail from you own domain. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jan 7 04:55:12 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:07 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > I read the FAQ regarding using DCCifd, which says this: > ------------- > 'So, if you use MailScanner on a low scale mail server, or even as a one > user's > solution, it's better that you run it as DCCproc. > > If your mailserver scans loads of messages each day, then it'll be better to > > run it as a daemon.' > ------------- > I move probably 3000 messages a day inbound. Any recommendations on which > would be more efficient (DCCproc or DCCifd) or for that low of a number is > it a wash? The best thing is to try it out and compare, I think. About 10 MB of code... would you rather load it everytime or have 10 MB of RAM used all the time? Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Fri Jan 7 05:57:13 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:28:07 2006 Subject: Weird maillog Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, After upgrading to M/S 4.37.7 two days ago, i found these so many weird logs : Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, arg1=220-130-160-190.HINET-IP.hinet.net, arg2=220.130.160.190, relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], reject=550 5.0.0 Persistent Virus Source any idea what are those ? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 08:45:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:07 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: >Hi Julian > > > >>On Thu, 6 Jan 2005, I wrote >> >> >> >>>I have been running MailScanner 4.35.9-1 with Sendmail 8.13.1 without any >>>problems from November until this evening. Suddenly the volume of mail in >>>the mqueue.in directory started to increase without explanation, and while >>>most mail is being delivered successfully, more and more messages are >>>just being repeatedly reprocessed without being delivered. See log for a >>>typical message below. >>> >>> > >The problem seems to have been solved by moving a specific problem message >out of the mail queue. There were a number of similar messages from the >same source, and it seems that each time they sent a message then it >caused the failure. Would it be helpful to send you a copy of one of the >messages for analysis? It would definitely be unwise to send it to the >list as it would clearly cause problems for other people. > > The latest release fixed one problem in this area (new version of MIME-tools). If (and only if) you are running MIME-tools 5.415, then upgrade to MIME-tools 5.416. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 7 09:15:19 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] otherinfected == non-content, non-virus... Iframes etc that MS detects by itself. nameinfected is what Matt is after... In the MW report interface called "contained an Unacceptable Attachment". -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Bill Huff > Sent: den 6 januari 2005 19:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailwatch question > > > I am pretty sure that nameinfected means that a rule in > filename.rules hit and > otherinfected means that a rule in filetype.rules hit. > > -- > Bill > > > Matt Kehler wrote: > > Thanks Bill. I'll try to add 'nameinfected' (I believe > thats what the > > blocked is) to the daily and monthly reports. When it > comes to stuff > > like this I"m lost, so I may be emailing you soon enough :) > > > > thanks! > > Matt > > > > >>> bhuff@COLLTECH.COM 01/06/05 09:02AM >>> > > Matt, mailwatch does indeed capture the difference, however > there is not a > > 'provided' interface to view it. It is all in the DB > however, and a custom > > report is trivial to create based on the way that the mailwatch > > reporting system > > is designed. > > > > In your mailwatch database is a table called maillog. In > the maillog table > > there are columns to track if a given message is spam, if > it is high > > scoring > > spam, if it is virus infected or if it was name or content infected. > > > > Here is a 'describe' of the columns that I am referring > too. You can > > see that > > you have a very full set of information that is being > tracked. It would be > > trivial to create a report like you are asking for, the > data is all there. > > > > If you would like some help, contact me off list and I will > give you a hand. > > > > -- > > Bill > > > > | isspam | tinyint(1) | YES | | 0 | | > > | ishighspam | tinyint(1) | YES | | 0 | | > > | issaspam | tinyint(1) | YES | | 0 | | > > | isrblspam | tinyint(1) | YES | | 0 | | > > | spamwhitelisted | tinyint(1) | YES | | 0 | | > > | spamblacklisted | tinyint(1) | YES | | 0 | | > > | sascore | decimal(7,2) | YES | | 0.00 | | > > | spamreport | text | YES | | NULL | | > > | virusinfected | tinyint(1) | YES | | 0 | | > > | nameinfected | tinyint(1) | YES | | 0 | | > > | otherinfected | tinyint(1) | YES | | 0 | | > > > > > > Matt Kehler wrote: > > > Thanks Glenn. I know they are a different color, and I > know they show > > > at the top right when looking at the current (daily) > stats. But what > > > I"m looking for is 'in the month of December, XXXX > emails were blocked > > > due to file attachment'. Better yet, since we service > multiple domain > > > names, add ' .....blocked due to file attachment when > destined for > > > abc123.com ' > > > > > > I assume I will have to do my own custom report for > that? Even when > > > filtering for December; it will show emails/spam/virus > per day, per > > > month, etc..but it doesn't seem that blocked are > included. Unless I'm > > > crazy (which very well could be :) > > > > > > Matt > > > > > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > > > As replied on theother list.... Red for blocked content, > pink for spam > > > (darker for High Scoring)... You'll note the > difference:-). As I said, > > > even a severely colorblind person like me have no > problem with that:-). > > > > > > If you like to have reports on each type, you'll just > have to select a > > > relevant subset of limits. Again, it's pretty straightforward. > > > > > > -- Glenn > > > > > > > > > -----Original Message----- > > > From: MailScanner mailing list on behalf of Matt Kehler > > > Sent: on 2005-01-05 20:04 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Cc: > > > Subject: Mailwatch question > > > I know its a MailWatch question, but it seems as though > theres a lot > > > more MW users on this list than the actual MW list > itself...so... :) > > > > > > > > > > > > If you have MS configured to block emails based on > extension (such as > > > ..pif's for example), do those blocked emails show in > the MailWatch > > > 'spam' statistics, or do they not show at all? Is > there a way to > > > differentiate the emails blocked due to file extension > from the emails > > > blocked due to spam? Our management wants to know how > much MailScanner > > > is blocking due to 'itself' (ie, spam heuristics, virus > scanning, etc) > > > as opposed to stuff that we manually configure (ie, the > file extensions > > > that we block regardless of infection or spam) > > > > > > > > > > > > thx > > > > > > Matt > > > > > > > > > > > > > > > This email and/or any documents in this transmission is > intended for the > > > addressee(s) only and may contain legally privileged or > confidential > > > information. Any unauthorized use, disclosure, > distribution, copying or > > > dissemination is strictly prohibited. If you receive this > > transmission in > > > error, please notify the sender immediately and return > the original. > > > > > > Ce courriel et tout document dans cette transmission est > destiné ŕ la > > > personne > > > ou aux personnes ŕ qui il est adressé. Il peut contenir > des informations > > > privilégiées ou confidentielles. Toute utilisation, divulgation, > > > distribution, > > > copie, ou diffusion non autorisée est strictement > défendue. Si vous > > > n'ętes pas > > > le destinataire de ce message, veuillez en informer l'expéditeur > > > immédiatement > > > et lui remettre l'original. > > > > > > ------------------------ MailScanner list > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > This email and/or any documents in this transmission is > intended for the > > > addressee(s) only and may contain legally privileged or > confidential > > > information. Any unauthorized use, disclosure, > distribution, copying or > > > dissemination is strictly prohibited. If you receive > this transmission > > > in error, please notify the sender immediately and > return the original. > > > Ce courriel et tout document dans cette transmission est > destiné ŕ la > > > personne ou aux personnes ŕ qui il est adressé. Il peut > contenir des > > > informations privilégiées ou confidentielles. Toute utilisation, > > > divulgation, distribution, copie, ou diffusion non autorisée est > > > strictement défendue. Si vous n'ętes pas le destinataire > de ce message, > > > veuillez en informer l'expéditeur immédiatement et lui remettre > > > l'original. ------------------------ MailScanner list > > > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac..uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > *Support MailScanner development - buy the book off the website!* > > > > -- > > _____ > > / ___/___ | Bill Huff, CISSP - Director of Technology > > / /__ __/ | Voice: (512) 263-0770 x 262 > > / /__/ / | Fax: (512) 263-8921 > > \___/ /ollective | Cell: (512) 630-5424 > > \/echnologies | --[ http://www.colltech.com > > ] -- > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > This email and/or any documents in this transmission is > intended for the > > addressee(s) only and may contain legally privileged or > confidential > > information. Any unauthorized use, disclosure, > distribution, copying or > > dissemination is strictly prohibited. If you receive this > transmission > > in error, please notify the sender immediately and return > the original. > > Ce courriel et tout document dans cette transmission est > destiné ŕ la > > personne ou aux personnes ŕ qui il est adressé. Il peut > contenir des > > informations privilégiées ou confidentielles. Toute utilisation, > > divulgation, distribution, copie, ou diffusion non autorisée est > > strictement défendue. Si vous n'ętes pas le destinataire de > ce message, > > veuillez en informer l'expéditeur immédiatement et lui remettre > > l'original. ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > -- > _____ > / ___/___ | Bill Huff, CISSP - Director of Technology > / /__ __/ | Voice: (512) 263-0770 x 262 > / /__/ / | Fax: (512) 263-8921 > \___/ /ollective | Cell: (512) 630-5424 > \/echnologies | --[ http://www.colltech.com ] -- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jan 7 09:37:43 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:07 2006 Subject: Mailwatch question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here's a link to the "Enhanced Total Messages report" by Giannis Kapetanakis: http://sourceforge.net/mailarchive/message.php?msg_id=7984079 Note that Steve has put it in CVS, so it'll be in the (long awaited) 0.6, or you already have it if you run the CVS version. Upon request I might forward the original mail from Giannis, where the files are nice attatchments (less cut'n'paste for you:) I've had this in since the day after he published... An invaluable PHB-impressant;-). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steen, Glenn > Sent: den 7 januari 2005 00:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Mailwatch question > > > Hm, ISTR there was a report for "tyotals per month" posted to > the MailWatch list a while back. Get that (you'll just have > to trawl for it in the MailWatch list archive), and then this > is real trivial.... set the limit of "blocked content=1", > then look at the totals per month;). > > -- Glenn > > > -----Original Message----- > From: MailScanner mailing list on behalf of Matt Kehler > Sent: Thu 1/6/2005 3:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Cc: > Subject: Re: Mailwatch question > Thanks Glenn. I know they are a different color, and I know > they show at the top right when looking at the current > (daily) stats. But what I"m looking for is 'in the month of > December, XXXX emails were blocked due to file attachment'. > Better yet, since we service multiple domain names, add ' > .....blocked due to file attachment when destined for abc123.com ' > > > > I assume I will have to do my own custom report for that? > Even when filtering for December; it will show > emails/spam/virus per day, per month, etc..but it doesn't > seem that blocked are included. Unless I'm crazy (which very > well could be :) > > > > Matt > > > >>> Glenn.Steen@AP1.SE 01/05/05 05:10PM >>> > > As replied on theother list.... Red for blocked content, pink > for spam (darker for High Scoring)... You'll note the > difference:-). As I said, even a severely colorblind person > like me have no problem with that:-). > > > If you like to have reports on each type, you'll just have to > select a relevant subset of limits. Again, it's pretty > straightforward. > > > -- Glenn > > > > -----Original Message----- > > From: MailScanner mailing list on behalf of Matt Kehler > > Sent: on 2005-01-05 20:04 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Cc: > > Subject: Mailwatch question > > I know its a MailWatch question, but it seems as though > theres a lot more MW users on this list than the actual MW > list itself...so... :) > > > > > If you have MS configured to block emails based on extension > (such as ...pif's for example), do those blocked emails show > in the MailWatch 'spam' statistics, or do they not show at > all? Is there a way to differentiate the emails blocked due > to file extension from the emails blocked due to spam? Our > management wants to know how much MailScanner is blocking due > to 'itself' (ie, spam heuristics, virus scanning, etc) as > opposed to stuff that we manually configure (ie, the file > extensions that we block regardless of infection or spam) > > > > > thx > > > Matt > > > > > > This email and/or any documents in this transmission is > intended for the > > addressee(s) only and may contain legally privileged or confidential > > information. Any unauthorized use, disclosure, distribution, > copying or > > dissemination is strictly prohibited. If you receive this > transmission in > > error, please notify the sender immediately and return the original. > > > Ce courriel et tout document dans cette transmission est > destiné ŕ la personne > > ou aux personnes ŕ qui il est adressé. Il peut contenir des > informations > > privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, > > copie, ou diffusion non autorisée est strictement défendue. > Si vous n'ętes pas > > le destinataire de ce message, veuillez en informer > l'expéditeur immédiatement > > et lui remettre l'original. > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > Support MailScanner development - buy the book off the website! > > > > > > This email and/or any documents in this transmission is > intended for the > addressee(s) only and may contain legally privileged or confidential > information. Any unauthorized use, disclosure, distribution, > copying or > dissemination is strictly prohibited. If you receive this > transmission in > error, please notify the sender immediately and return the original. > > Ce courriel et tout document dans cette transmission est > destiné ŕ la personne > ou aux personnes ŕ qui il est adressé. Il peut contenir des > informations > privilégiées ou confidentielles. Toute utilisation, > divulgation, distribution, > copie, ou diffusion non autorisée est strictement défendue. > Si vous n'ętes pas > le destinataire de ce message, veuillez en informer > l'expéditeur immédiatement > et lui remettre l'original. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Jan 7 13:05:07 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:07 2006 Subject: Weird maillog Message-ID: ius wrote: > Hi, > > After upgrading to M/S 4.37.7 two days ago, i found these so many > weird logs : > > Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, > arg1=220-130-160-190.HINET-IP.hinet.net, arg2=220.130.160.190, > relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], > reject=550 5.0.0 Persistent Virus Source > > any idea what are those ? > > Thanks > Have a look at your /etc/mail/access and look for some REJECT lines. Are you running Vispan? This does not appear to be a MailScanner caused issue. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Fri Jan 7 13:29:16 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:07 2006 Subject: Weird maillog Message-ID: > After upgrading to M/S 4.37.7 two days ago, i found these so many > weird logs : > > Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, > arg1=220-130-160-190.HINET-IP.hinet.net, > arg2=220.130.160.190, > relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], > reject=550 5.0.0 Persistent Virus Source > > any idea what are those ? > Are you using Vispan? Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Fri Jan 7 14:04:03 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:07 2006 Subject: Feature Request: Group configuration items for use in rules Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian (+ "the list"), After doing a recent batch of editing a whole slew of configuration rules the other day, it got me thinking. Any chance that you could implement a type of group definitions for use in rules? For example, you could define a group named "AnnoyingManagement" (chosen at random!) that contains a list of email addresses and then reference only the group name in various rule files. This is a very handy feature of most modern firewalls for access lists, and I could foresee it helping to cut down on the length of some of our rules. I have various files that reference the same list of users quite frequently, so if this was implemented, I would only have to edit the group definition instead of all of the different rules that it would effect. Example of how this might work: In /etc/MailScanner/rules/group.rules: AnnoyingManagement: bob@domain.com mike@domain.com jim@domain.com jill@domain.com sarah@domain.com bofhSysadmins: root@domain.com bofh@domain.com support@domain.com In /etc/MailScanner/rules/spam.highscore.rules: To: AnnoyingManagement.group 50 To: bofhSysadmins.group 3 To: default 10 Any comments? -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 14:07:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:07 2006 Subject: Feature Request: Group configuration items for use in rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can already do it. Instead of putting in an email address (or domain name or whatever), give it a full filename. That file contains address patterns (or addresses or domain names or whatever) one per line. It makes it behave exactly as if there were separate rules for every address in the file, all with the same resulting value for the configuration option. Hirsh, Joshua wrote: >Hi Julian (+ "the list"), > > After doing a recent batch of editing a whole slew of configuration rules >the other day, it got me thinking. > > Any chance that you could implement a type of group definitions for use in >rules? For example, you could define a group named "AnnoyingManagement" >(chosen at random!) that contains a list of email addresses and then >reference only the group name in various rule files. > > > This is a very handy feature of most modern firewalls for access lists, and >I could foresee it helping to cut down on the length of some of our rules. I >have various files that reference the same list of users quite frequently, >so if this was implemented, I would only have to edit the group definition >instead of all of the different rules that it would effect. > > > > Example of how this might work: > > In /etc/MailScanner/rules/group.rules: > AnnoyingManagement: bob@domain.com mike@domain.com jim@domain.com >jill@domain.com sarah@domain.com > bofhSysadmins: root@domain.com bofh@domain.com support@domain.com > > > In /etc/MailScanner/rules/spam.highscore.rules: > To: AnnoyingManagement.group 50 > To: bofhSysadmins.group 3 > To: default 10 > > > Any comments? > >-Joshua > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From housey at SME-ECOM.CO.UK Fri Jan 7 14:16:38 2005 From: housey at SME-ECOM.CO.UK (Paul Houselander) Date: Thu Jan 12 21:28:07 2006 Subject: local.cf vs spam.assassin.prefs.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Im running mailscanner with spamassassin and my local.cf file is a symbolic link to spam.assassin.prefs.conf Im going to be using spamd for a separate application im building and I wanted to make use of the sql user preferences (http://svn.apache.org/repos/asf/spamassassin/branches/3.0/sql/README) I will be adding user_scores_dsn DBI:driver:connection user_scores_sql_username dbusername user_scores_sql_password dbpassword Does anyone know if this will cause any problems for MailScanner? I know MailScanner cant use per user settings and wondered if it would just ignore them? Would I be better of having separate local.cf and spam.assassin.prefs.conf files? Thanks Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Fri Jan 7 14:21:43 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:28:07 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: On Thu, Jan 06, 2005 at 03:15:49PM -0600, Richard Thomas wrote: > paddy wrote: > > >rfc2821 seems quite clear on this point: > > > > If an SMTP server has accepted the task of relaying the mail and > > later finds that the destination is incorrect or that the mail cannot > > be delivered for some other reason, then it MUST construct an > > "undeliverable mail" notification message and send it to the > > originator of the undeliverable mail (as indicated by the reverse- > > path). > > > >I can't find the 'get-out clause' that relieves you of this obligation > >in general, although I do not profess to have a good knowledge of > >all the relevant standards. > > > > > > An RFC is not a law. If you don't comply, you are merely noncompliant. > This matters where it matters and doesn't where it doesn't. I second that ! I didn't mean to imply that an rfc is law, but it may be worth considering that in some jurisdictions accepted best practice (and for that matter the use of terms like email or internet email, without further qualification - trades descriptions?) might carry some weight in the context of any legal wranglings (IANAL and I really don't have a clue about this, just speculating). But I didn't mean to imply a legal meaning at all, I'm afraid its just the syle of the language I used. I meant to imply an technical/ethical/moral meaning - what _should_ one do? In particular, as I hoped was clear, to say that I view one option as a poor choice to be avoided if possible, and to solicit discussion of this view, if necessary. Nevertheless, thank you for helping to clarify that: I hadn't realised that anyone would read it that way. Perhaps I mis-read the original email? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Jan 7 14:24:48 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:07 2006 Subject: Feature Request: Group configuration items for use in rules Message-ID: Hi! > Example of how this might work: > > In /etc/MailScanner/rules/group.rules: > AnnoyingManagement: bob@domain.com mike@domain.com jim@domain.com > jill@domain.com sarah@domain.com > bofhSysadmins: root@domain.com bofh@domain.com support@domain.com > > > In /etc/MailScanner/rules/spam.highscore.rules: > To: AnnoyingManagement.group 50 > To: bofhSysadmins.group 3 > To: default 10 Why would you want a expansion like that ? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 15:03:27 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, thanks in advance for any suggestions you may have. I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In reviewing the logs (/var/log/maillog), I see a lot of information about MCP scanning, I have this set to "no" in my MailScanner.conf , should I be seeing any activity for MCP with this disabled? Anyone else expierience this problem? Any ideas what to look at? Thanks! Carl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Jan 7 15:08:18 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrews Carl 448 wrote: > Hi, thanks in advance for any suggestions you may have. > > I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In > reviewing the logs (/var/log/maillog), I see a lot of information > about MCP scanning, I have this set to "no" in my MailScanner.conf , > should I be seeing any activity for MCP with this disabled? > > Anyone else expierience this problem? Any ideas what to look at? > Carl, I have NO reference to MCP (except in msgids) in my maillog so far today (close to 300000 lines). I am also running with MCP Checks = no. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Fri Jan 7 15:10:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, January 7, 2005 15:03, Andrews Carl 448 said: > Hi, thanks in advance for any suggestions you may have. > > I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In > reviewing the logs (/var/log/maillog), I see a lot of information about > MCP > scanning, I have this set to "no" in my MailScanner.conf , should I be > seeing any activity for MCP with this disabled? > > Anyone else expierience this problem? Any ideas what to look at? Have you stopped MS and turned on debuging mode for it and SA as well (If you are running it). You can the restart MS and sit and watch for the delays or errors. Post the output and we can have a look at it for ideas. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jester at SPYDERINTERNET.COM Fri Jan 7 15:40:27 2005 From: jester at SPYDERINTERNET.COM (jester) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: I too am having the same problem. In trying to trace this problem we have tried turning off SA, Razor and DSPAM, and only using RBL checks and the mqueue.in is still continually climbing. After I restart MailScanner it seems to run fine and clear queue in a few minutes, but, after running for over an hour, the queue.in will climb back to over 1k (almost like something is dying, but no idea as to what is). I have checked razor in dbug and shows to be ok, same with SA. I have run MailScanner in debug and all seems fine. I have no idea what could be causing this. Using MailScanner 4.3.3 SA 3.0.2 DSPAM 3.2.4 RedHat 1gig memory Any help would be much appreciated! thanks Michael At 09:03 AM 1/7/2005, you wrote: >Hi, thanks in advance for any suggestions you may have. > >I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >reviewing the logs (/var/log/maillog), I see a lot of information about >MCP scanning, I have this set to "no" in my MailScanner.conf , should I be >seeing any activity for MCP with this disabled? > >Anyone else expierience this problem? Any ideas what to look at? > >Thanks! > >Carl > >-- >SpyderNethas scanned this message for >viruses and >dangerous content. ------------------------ MailScanner list >------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk >with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) >and the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jan 7 16:17:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:07 2006 Subject: Troubleshooting questions Message-ID: Which RBL's and which MTA? I do my RBL's in SA so the RBL isn't treated as a blacklist.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 jester wrote: > I too am having the same problem. In trying to trace this problem we have > tried turning off SA, Razor and DSPAM, and only using RBL checks and the > mqueue.in is still continually climbing. After I restart MailScanner it > seems to run fine and clear queue in a few minutes, but, after running for > over an hour, the queue.in will climb back to over 1k (almost like > something is dying, but no idea as to what is). I have checked razor in > dbug and shows to be ok, same with SA. I have run MailScanner in debug and > all seems fine. I have no idea what could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information about >> MCP scanning, I have this set to "no" in my MailScanner.conf , should >> I be >> seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl >> >> -- >> SpyderNethas scanned this message for >> viruses and >> dangerous content. ------------------------ MailScanner list >> ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk >> with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) >> and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 16:22:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you got 1 message that has been sitting in the mqueue.in for a long time? It could just be 1 or 2 messages causing the problem, that aren't being cleared from the queue for some reason. Do "ls -ltr /var/spool/mqueue.in | tail" and see what the oldest files are. jester wrote: > I too am having the same problem. In trying to trace this problem we have > tried turning off SA, Razor and DSPAM, and only using RBL checks and the > mqueue.in is still continually climbing. After I restart MailScanner it > seems to run fine and clear queue in a few minutes, but, after running > for > over an hour, the queue.in will climb back to over 1k (almost like > something is dying, but no idea as to what is). I have checked razor in > dbug and shows to be ok, same with SA. I have run MailScanner in debug > and > all seems fine. I have no idea what could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information about >> MCP scanning, I have this set to "no" in my MailScanner.conf , should >> I be >> seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jan 7 16:14:07 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrews Carl 448 wrote: > Hi, thanks in advance for any suggestions you may have. > > I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In > reviewing the logs (/var/log/maillog), I see a lot of information about > MCP scanning, I have this set to "no" in my MailScanner.conf , should I > be seeing any activity for MCP with this disabled? > > Anyone else expierience this problem? Any ideas what to look at? There is a troubleshooting section in the FAQs. What version of MailScanner? Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 16:25:04 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am also running RedHat (9.0) 1G ram SA:3.0.1 Thanks again, Carl -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of jester Sent: Friday, January 07, 2005 9:40 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions I too am having the same problem. In trying to trace this problem we have tried turning off SA, Razor and DSPAM, and only using RBL checks and the mqueue.in is still continually climbing. After I restart MailScanner it seems to run fine and clear queue in a few minutes, but, after running for over an hour, the queue.in will climb back to over 1k (almost like something is dying, but no idea as to what is). I have checked razor in dbug and shows to be ok, same with SA. I have run MailScanner in debug and all seems fine. I have no idea what could be causing this. Using MailScanner 4.3.3 SA 3.0.2 DSPAM 3.2.4 RedHat 1gig memory Any help would be much appreciated! thanks Michael At 09:03 AM 1/7/2005, you wrote: >Hi, thanks in advance for any suggestions you may have. > >I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >reviewing the logs (/var/log/maillog), I see a lot of information about >MCP scanning, I have this set to "no" in my MailScanner.conf , should I be >seeing any activity for MCP with this disabled? > >Anyone else expierience this problem? Any ideas what to look at? > >Thanks! > >Carl > >-- >SpyderNethas scanned this message for >viruses and >dangerous content. ------------------------ MailScanner list >------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk >with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ >(http://www.mailscanner.biz/maq/) >and the archives >(http://www.jiscmail.ac.uk/l sts/mailscanner.html). > > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Fri Jan 7 16:39:32 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: Hi Julian On Fri, 7 Jan 2005, Julian Field wrote: > >The problem seems to have been solved by moving a specific problem message > >out of the mail queue. There were a number of similar messages from the > >same source, and it seems that each time they sent a message then it > >caused the failure. Would it be helpful to send you a copy of one of the > >messages for analysis? It would definitely be unwise to send it to the > >list as it would clearly cause problems for other people. > > The latest release fixed one problem in this area (new version of > MIME-tools). If (and only if) you are running MIME-tools 5.415, then > upgrade to MIME-tools 5.416. Thanks for your response. I have upgraded to MailScanner version 4.37.7, which still uses MIME-tools-5.415. As a test I reinserted the problem message into mqueue.in and found that this time it was processed without any problem. For others facing this kind of problem: the short term solution was simply to move the oldest message out of mqueue.in, as that was the message that was causing the hangup. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From myeasytech at YAHOO.COM.HK Fri Jan 7 16:39:54 2005 From: myeasytech at YAHOO.COM.HK (hkbyte) Date: Thu Jan 12 21:28:08 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am learning how to write custom function. I attached my function to Non Spam actions. If my return value are 'deliver' and 'store' , both work properly as I want. But when I change 'store' return value to 'bounce' , it failed and the maillog said "Does not make sense to bounce non-spam". How can I send a custom bounce back message to sender. Thanks. hkbyte. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 16:51:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: >Hi Julian > >On Fri, 7 Jan 2005, Julian Field wrote: > > > >>>The problem seems to have been solved by moving a specific problem message >>>out of the mail queue. There were a number of similar messages from the >>>same source, and it seems that each time they sent a message then it >>>caused the failure. Would it be helpful to send you a copy of one of the >>>messages for analysis? It would definitely be unwise to send it to the >>>list as it would clearly cause problems for other people. >>> >>> >>The latest release fixed one problem in this area (new version of >>MIME-tools). If (and only if) you are running MIME-tools 5.415, then >>upgrade to MIME-tools 5.416. >> >> > >Thanks for your response. > >I have upgraded to MailScanner version 4.37.7, which still uses >MIME-tools-5.415. > It actually uses a patched version of 5.415 as the 5.416 wasn't ready when I needed it to be. The patches provide the same functionality as 5.416 does. > As a test I reinserted the problem message into >mqueue.in and found that this time it was processed without any problem. > >For others facing this kind of problem: the short term solution was simply >to move the oldest message out of mqueue.in, as that was the message that >was causing the hangup. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jan 7 16:59:38 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Andrews Carl 448 wrote: > debug: Net::DNS version is 0.31, but need 0.34 You could start by upgrading to 0.48, old Net::DNS versions have caused a lot of trouble for others. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 17:04:35 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. Doing it now. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Peter Bonivart Sent: Friday, January 07, 2005 11:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions Andrews Carl 448 wrote: > debug: Net::DNS version is 0.31, but need 0.34 You could start by upgrading to 0.48, old Net::DNS versions have caused a lot of trouble for others. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jan 7 17:03:40 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > About 10 MB of code... would you rather load it everytime or have 10 MB > of RAM used all the time? It doesn't have to actually load it from disk every time unless you're really starved for memory and then your server is already crawling anyway. It's a fairly light operation to reuse old pages in memory. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Jan 7 17:07:28 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: jester wrote: > I too am having the same problem. In trying to trace this problem we > have tried turning off SA, Razor and DSPAM, and only using RBL checks > and the mqueue.in is still continually climbing. After I restart > MailScanner it seems to run fine and clear queue in a few minutes, > but, after running for over an hour, the queue.in will climb back to > over 1k (almost like something is dying, but no idea as to what is). > I have checked razor in dbug and shows to be ok, same with SA. I have > run MailScanner in debug and all seems fine. I have no idea what > could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information >> about MCP scanning, I have this set to "no" in my MailScanner.conf , >> should I be seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl >> >> -- >> SpyderNethas scanned this message for >> viruses and dangerous content. ------------------------ MailScanner >> list ------------------------ >> To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) >> and the archives >> (http://www.jiscmail.ac.uk /lists/mailscanner.html). >> >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Are either of you running the bigevil ruleset by chance? local caching nameserver? What is the system load? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 17:09:59 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I WAS running bigevil, but have taken it off as a possible problem. Here is an output from sar: 06:30:00 AM CPU %user %nice %system %idle 06:40:01 AM all 57.81 0.00 15.23 26.96 06:50:05 AM all 60.78 0.00 15.46 23.76 07:00:04 AM all 65.73 0.00 16.22 18.06 07:10:07 AM all 63.30 0.00 16.32 20.38 07:20:01 AM all 61.95 0.00 15.86 22.18 07:30:04 AM all 63.02 0.00 16.35 20.63 07:40:01 AM all 59.53 0.00 16.26 24.22 07:50:02 AM all 50.43 0.00 15.69 33.88 08:00:06 AM all 58.38 0.00 19.44 22.18 08:10:01 AM all 52.45 0.00 13.47 34.08 08:20:00 AM all 34.92 0.00 11.90 53.17 08:30:01 AM all 39.00 0.00 12.71 48.29 08:40:00 AM all 42.83 0.00 13.41 43.76 08:50:00 AM all 50.41 0.00 15.12 34.47 09:00:00 AM all 50.95 0.00 12.69 36.36 09:10:00 AM all 40.63 0.00 12.46 46.91 09:20:01 AM all 46.27 0.00 13.42 40.32 09:30:01 AM all 42.10 0.00 11.73 46.17 09:40:00 AM all 36.15 0.00 10.33 53.52 09:50:00 AM all 23.29 0.00 8.03 68.68 10:00:00 AM all 26.20 0.00 9.98 63.82 10:10:01 AM all 23.46 0.00 8.55 67.99 10:20:02 AM all 27.52 0.00 10.37 62.11 10:30:01 AM all 39.44 0.00 11.16 49.41 10:40:00 AM all 40.79 0.00 15.53 43.67 10:50:02 AM all 36.37 0.00 16.14 47.49 11:00:13 AM all 40.42 0.00 14.27 45.31 Average: all 52.40 0.00 14.47 33.12 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Mike Kercher Sent: Friday, January 07, 2005 11:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions jester wrote: > I too am having the same problem. In trying to trace this problem we > have tried turning off SA, Razor and DSPAM, and only using RBL checks > and the mqueue.in is still continually climbing. After I restart > MailScanner it seems to run fine and clear queue in a few minutes, > but, after running for over an hour, the queue.in will climb back to > over 1k (almost like something is dying, but no idea as to what is). > I have checked razor in dbug and shows to be ok, same with SA. I have > run MailScanner in debug and all seems fine. I have no idea what > could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! > > thanks > Michael > > > At 09:03 AM 1/7/2005, you wrote: > >> Hi, thanks in advance for any suggestions you may have. >> >> I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >> reviewing the logs (/var/log/maillog), I see a lot of information >> about MCP scanning, I have this set to "no" in my MailScanner.conf , >> should I be seeing any activity for MCP with this disabled? >> >> Anyone else expierience this problem? Any ideas what to look at? >> >> Thanks! >> >> Carl >> >> -- >> SpyderNethas scanned this message for >> viruses and dangerous content. ------------------------ MailScanner >> list ------------------------ >> To unsubscribe, email >> jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ >> (http://www.mailscanner.biz/maq/) >> and the archives >> (http://www.jiscmail.ac.uk /lists/mailscanner.html). >> >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Are either of you running the bigevil ruleset by chance? local caching nameserver? What is the system load? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 7 17:18:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stop using BigEvil, upgrade to SpamAssassin 3 and you get it automatically (without having to use the huge ruleset). BigEvil is now provided by the SURBL domains. Check out www.surbl.org for more info. If you need to keep running SA 2, then run the latest SA2 with the SURBL plugin installed. That gets around the huge ruleset problem in the same way. It's just easier to use SA3. Andrews Carl 448 wrote: > I WAS running bigevil, but have taken it off as a possible problem. > Here is an output from sar: > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Fri Jan 7 17:25:21 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am running SA 3.0.1. Did not know bigevil was part of it :-<. I removed bigevil from the configuration yesterday, but my mqueue.in still continues to increase. I have also just updated Net:DNS to 0.48, my mqueue.in is currently at 800. Thanks! Carl -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: Friday, January 07, 2005 11:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Troubleshooting questions Stop using BigEvil, upgrade to SpamAssassin 3 and you get it automatically (without having to use the huge ruleset). BigEvil is now provided by the SURBL domains. Check out www.surbl.org for more info. If you need to keep running SA 2, then run the latest SA2 with the SURBL plugin installed. That gets around the huge ruleset problem in the same way. It's just easier to use SA3. Andrews Carl 448 wrote: > I WAS running bigevil, but have taken it off as a possible problem. > Here is an output from sar: > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jester at SPYDERINTERNET.COM Fri Jan 7 16:46:26 2005 From: jester at SPYDERINTERNET.COM (jester) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: We have cleared the mqueue.in a few days ago. Ive allready restarted MailScanner this morning so all I have in mqueue.in are as follows: -rw------- 1 root root 1148 Jan 7 10:36 qfj07GarGD022570 -rw------- 1 root root 15295 Jan 7 10:36 dfj07GarGD022570 -rw------- 1 root root 942 Jan 7 10:36 qfj07GauGD022584 -rw------- 1 root root 493 Jan 7 10:36 dfj07GauGD022584 -rw------- 1 root root 1051 Jan 7 10:37 qfj07GarGD022572 -rw------- 1 root root 1062 Jan 7 10:37 dfj07GarGD022572 -rw------- 1 root root 1001 Jan 7 10:37 qfj07Gb2GD022615 -rw------- 1 root root 2036 Jan 7 10:37 dfj07Gb2GD022615 -rw------- 1 root root 1026 Jan 7 10:37 qfj07GaNGD022487 -rw------- 1 root root 660 Jan 7 10:37 dfj07GaNGD022487 but within an hour or so we will have over 400-500. We have just also upgraded to the latest MailScanner (this morning 1/7/05) so Im hoping this will help. Yes, i have noticed msg's being held in the mqueue.in but previously we have just deleted them after 1 month. I have not noticed any difference from msg's that are held to those that are delivered to mqueue. The held ones doesnt appear to be stopping the process. Thanks Michael At 10:22 AM 1/7/2005, you wrote: >Have you got 1 message that has been sitting in the mqueue.in for a long >time? It could just be 1 or 2 messages causing the problem, that aren't >being cleared from the queue for some reason. >Do "ls -ltr /var/spool/mqueue.in | tail" and see what the oldest files are. > >jester wrote: > >>I too am having the same problem. In trying to trace this problem we have >>tried turning off SA, Razor and DSPAM, and only using RBL checks and the >>mqueue.in is still continually climbing. After I restart MailScanner it >>seems to run fine and clear queue in a few minutes, but, after running >>for >>over an hour, the queue.in will climb back to over 1k (almost like >>something is dying, but no idea as to what is). I have checked razor in >>dbug and shows to be ok, same with SA. I have run MailScanner in debug >>and >>all seems fine. I have no idea what could be causing this. >> >>Using MailScanner 4.3.3 >>SA 3.0.2 >>DSPAM 3.2.4 >>RedHat 1gig memory >> >>Any help would be much appreciated! >> >>thanks >>Michael >> >> >>At 09:03 AM 1/7/2005, you wrote: >> >>>Hi, thanks in advance for any suggestions you may have. >>> >>>I am getting a HUGHE (40,000 ) buildup of messages in mqueue.in. In >>>reviewing the logs (/var/log/maillog), I see a lot of information about >>>MCP scanning, I have this set to "no" in my MailScanner.conf , should >>>I be >>>seeing any activity for MCP with this disabled? >>> >>>Anyone else expierience this problem? Any ideas what to look at? >>> >>>Thanks! >>> >>>Carl >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >-- >Spydernet has scanned this message for viruses and >dangerous content. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From t.d.lee at DURHAM.AC.UK Fri Jan 7 17:36:53 2005 From: t.d.lee at DURHAM.AC.UK (David Lee) Date: Thu Jan 12 21:28:08 2006 Subject: Buglet and suggested fix Message-ID: Ouch. I've just installed MS 4.37.7 on a new Fedora Core 2 box, and it "blackholed" the first few emails (nothing delivered, nothing bounced). Fortunately it is a test box. For the "mqueue.in" and "incoming", (also "quarantine") directories, our convention differs from the defaults in "MailScanner.conf" . Alas, what caught us out is that the MailScanner startup procedure doesn't read MailScanner.conf for these values, but instead has them separately hardcoded in "/etc/sysconfig/MailScanner" as INQDIR and WORKDIR. This replication of data (compare: single source and multiple derivations) seems unnecessary. Further, "/etc/sysconfig/MailScanner" already has an example of deriving information from "MailScanner.conf" at its: MTA=`perl ... /etc/MailScanner/MailScanner.conf` Could I suggest that "/etc/sysconfig/MailScanner" be adjusted in future releases to use a similar technique to set INQDIR and WORKDIR, please? Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.thomas at PSYSOLUTIONS.COM Fri Jan 7 17:37:14 2005 From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas) Date: Thu Jan 12 21:28:08 2006 Subject: Stop Sendmail from bouncing unknown user? Message-ID: paddy wrote: >But I didn't mean to imply a legal meaning at all, I'm afraid its just >the syle of the language I used. > > I get you now. It just seemed that you were implying that the RFC *should* be followed. I was simply suggesting a weaker position. >I meant to imply an technical/ethical/moral meaning - what _should_ one do? > > I would suggest that depends on context. Our users, for example, just want to receive email, don't want to be deluged by spam and wouldn't even know what an RFC was. As such, I have no problems setting up my mail server to be noncompliant. It's not hard to think of situtions (though I would suggest they are rare) where full RFC compliance was required. >In particular, as I hoped was clear, to say that I view one option as >a poor choice to be avoided if possible, and to solicit discussion of >this view, if necessary. > > Unfortunately, the forging of return headers has made replies, particularly warning of virus or spam detection, to those addresses at best useless and at worst, an annoyance of equal magnitude to the original mail. I would expect that if the RFC were rewritten, that section would be modified to change that "MUST" to a "SHOULD" or "MAY" or include wording about exceptions being made where there is reason to doubt that the reverse path is the true originator. Really, I hate dropping mail on the floor. Part of the big plus of SMTP is that generally, mail either gets delivered or bounced so it is usually possible to trace errors. Unfortunately, it turns out that SMTP was too reliant on the honesty of people and to stick to the rules reduces its usefulness greatly. Rich -- MIS Department | |Phone: +1 615 312 5787 840 Crescent Ctr Dr | Psychiatric Solutions Inc |Fax: +1 615 312 5711 Suite 460 | | Franklin, TN 37067 | | ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From martelm at quark.vsc.edu Fri Jan 7 19:00:07 2005 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: --On Friday, January 7, 2005 4:51 PM +0000 Julian Field wrote: > It actually uses a patched version of 5.415 as the 5.416 wasn't ready > when I needed it to be. The patches provide the same functionality as > 5.416 does. Patched since when ? I ask because I hate RPM, and so I've been using the tar version and insatlling things manually. I haven't re-installed 5.4.15 since it was included in earlier versions. Personally, what I would find usefull is when a new release is made, if you could mention any of the supporting actors that need to be updated as well. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Vermont State Colleges martelm@quark.vsc.edu | Systems Administrator http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jan 7 19:04:15 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > Patched since when ? I ask because I hate RPM, and so I've been using the > tar version and insatlling things manually. I haven't re-installed 5.4.15 > since it was included in earlier versions. > > Personally, what I would find usefull is when a new release is made, if you > could mention any of the supporting actors that need to be updated as well. I also use the tar version for my Sun servers and install.sh takes care of it for me. Can't you use that? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jan 7 18:38:38 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] jester wrote: > I too am having the same problem. In trying to trace this problem we have > tried turning off SA, Razor and DSPAM, and only using RBL checks and the > mqueue.in is still continually climbing. After I restart MailScanner it > seems to run fine and clear queue in a few minutes, but, after running > for > over an hour, the queue.in will climb back to over 1k (almost like > something is dying, but no idea as to what is). I have checked razor in > dbug and shows to be ok, same with SA. I have run MailScanner in debug > and > all seems fine. I have no idea what could be causing this. > > Using MailScanner 4.3.3 > SA 3.0.2 > DSPAM 3.2.4 > RedHat 1gig memory > > Any help would be much appreciated! Are you running a caching name server? If not do so as it could well be DNS issues. Some ISPs get excited about too many DNS requests and start to tar pit for example. The other slow down I have also seen is a slow down due to IPv6 resolution so it's also worth a check if you are not running IPv6 on your network. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jester at SPYDERINTERNET.COM Fri Jan 7 23:28:09 2005 From: jester at SPYDERINTERNET.COM (jester) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: No cache servers and no IPV6, but what has worked is a reinstall of all the MailScanner modules (html parser, SA and Razor) and forced the new copies of the files over the old ones. This seems to have solved the queue problem and is working fine now. Im not sure why this has fixed my problem (since same files, same sizes and all) , but its ran for over 5 hrs now and the mqueue.in is less than 10 now consistently. I know longer see delays or large build ups. Thanks to all for all the help!! Michael At 12:38 PM 1/7/2005, you wrote: >jester wrote: > >>I too am having the same problem. In trying to trace this problem we have >>tried turning off SA, Razor and DSPAM, and only using RBL checks and the >>mqueue.in is still continually climbing. After I restart MailScanner it >>seems to run fine and clear queue in a few minutes, but, after running >>for >>over an hour, the queue.in will climb back to over 1k (almost like >>something is dying, but no idea as to what is). I have checked razor in >>dbug and shows to be ok, same with SA. I have run MailScanner in debug >>and >>all seems fine. I have no idea what could be causing this. >> >>Using MailScanner 4.3.3 >>SA 3.0.2 >>DSPAM 3.2.4 >>RedHat 1gig memory >> >>Any help would be much appreciated! > >Are you running a caching name server? If not do so as it could well be >DNS issues. Some ISPs get excited about too many DNS requests and start >to tar pit for example. The other slow down I have also seen is a slow >down due to IPv6 resolution so it's also worth a check if you are not >running IPv6 on your network. > >Drew > >-- >In line with our policy, this message has >been scanned for viruses and dangerous >content by MailScanner, and is believed to be clean. >www.themarshalls.co.uk/policy > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >-- >Spydernet has scanned this message for viruses and >dangerous content. > > >!DSPAM:41df18c8161032079651118! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ius at ALPHA.RBRANA.CO.ID Sat Jan 8 01:18:08 2005 From: ius at ALPHA.RBRANA.CO.ID (ius) Date: Thu Jan 12 21:28:08 2006 Subject: Weird maillog Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: >ius wrote: > > >>Hi, >> >>After upgrading to M/S 4.37.7 two days ago, i found these so many >>weird logs : >> >>Jan 7 12:57:27 blowfish sendmail[870]: ruleset=check_relay, >>arg1=220-130-160-190.HINET-IP.hinet.net, arg2=220.130.160.190, >>relay=220-130-160-190.HINET-IP.hinet.net [220.130.160.190], >>reject=550 5.0.0 Persistent Virus Source >> >>any idea what are those ? >> >>Thanks >> >> >> > > >Have a look at your /etc/mail/access and look for some REJECT lines. Are >you running Vispan? This does not appear to be a MailScanner caused issue. > >Mike > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Yes, i'm using vispan. Again this morning a found the same log messages, and you're right there's modification on the /etc/mail/access. What should i do ? I don't want vispan modify it. I'm sorry for suspecting mailscanner the cause of this. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Sat Jan 8 01:30:52 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon::Blacknight Solutions) Date: Thu Jan 12 21:28:08 2006 Subject: Weird maillog Message-ID: > > > Yes, i'm using vispan. Again this morning a found the same log messages, > and you're right there's modification on the /etc/mail/access. What > should i do ? I don't want vispan modify it. > I'm sorry for suspecting mailscanner the cause of this. Check your vispan config. You've obviously set it to block using the access file -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Tel. +353 (0)59 9137101 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Jan 8 02:13:17 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: Weird maillog Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ius wrote: > Yes, i'm using vispan. Again this morning a found the same log messages, > and you're right there's modification on the /etc/mail/access. What > should i do ? I don't want vispan modify it. > I'm sorry for suspecting mailscanner the cause of this. Change this to 0 in Vispan.conf: UseAccess = 1 -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joey at JOESMITH.NET Sat Jan 8 03:01:30 2005 From: joey at JOESMITH.NET (Joe Smith) Date: Thu Jan 12 21:28:08 2006 Subject: Large number of messages in mqueue.in Message-ID: On Wed, 5 Jan 2005, Steve Swaney wrote: > Since both MailScanners went left about the same time I'd suspect a local > infrastructure problem like slow network or DNS problem. FYI, when I set these values to 'no' it was enough overhead reduction for the MailScanner machine to get caught up from a 32000 message backlog overnight. And this was while still allowing inbound mail to the queue. We almost turned off spamassassin temporarily, but decided to change these settings to see what the effect would be. Detailed Spam Report = no Include Scores In SpamAssassin Report = no Always Include SpamAssassin Report = no ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sat Jan 8 02:56:42 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:28:08 2006 Subject: newbie - testing config Message-ID: I have just installed MailScanner and am trying to test the configuration. I'm trying to get gtube to go through the scanner. I see in my /var/log/maillog that Jan 7 21:34:47 prsvr02 MailScanner[23412]: New Batch: Scanning 1 messages, 2313 bytes Jan 7 21:34:48 prsvr02 MailScanner[23412]: Spam Checks: Found 1 spam messages Jan 7 21:34:48 prsvr02 MailScanner[23412]: Virus and Content Scanning: Starting But the message is not delivered (it shouldn't have been), but I expected it to be quarantined. I don't see it in /var/spool/mqueue or /var/spool/mqueue.in. I'm using sendmail, clamav, spamassasin. Any help, please? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Sat Jan 8 04:15:17 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:28:08 2006 Subject: newbie - testing config Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check /var/spool/MailScanner/quarantine -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Diane Rolland Sent: Friday, January 07, 2005 8:57 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: newbie - testing config I have just installed MailScanner and am trying to test the configuration. I'm trying to get gtube to go through the scanner. I see in my /var/log/maillog that Jan 7 21:34:47 prsvr02 MailScanner[23412]: New Batch: Scanning 1 messages, 2313 bytes Jan 7 21:34:48 prsvr02 MailScanner[23412]: Spam Checks: Found 1 spam messages Jan 7 21:34:48 prsvr02 MailScanner[23412]: Virus and Content Scanning: Starting But the message is not delivered (it shouldn't have been), but I expected it to be quarantined. I don't see it in /var/spool/mqueue or /var/spool/mqueue.in. I'm using sendmail, clamav, spamassasin. Any help, please? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Sat Jan 8 05:35:49 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is the second time I have had this happen in 6 weeks. Incoming and outgoing email will get stuck in the postfix queue. This time it went on for almost 7 hours before anyone noticed. After restarting Mailscanner (which also restarts postfix) everything will then get delivered. Any thoughts or suggestions as to why this is happening. I had to completely take Mailscanner out of the process of things untill I can track down the exact problem. I did not find much of anything in my log files. What can I look for in my log files? Thanks, Schrock ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jan 8 07:36:41 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] jester wrote: > No cache servers and no IPV6, but what has worked is a reinstall of all the > MailScanner modules (html parser, SA and Razor) and forced the new copies > of the files over the old ones. This seems to have solved the queue problem > and is working fine now. > > Im not sure why this has fixed my problem (since same files, same sizes and > all) , but its ran for over 5 hrs now and the mqueue.in is less than 10 now > consistently. I know longer see delays or large build ups. > > Thanks to all for all the help!! > > Michael > A bit late but the problem was mostly with SA. First could you try the SA lint test as provided in mailwatch, it gives you a very nice report indicating the time taken for each step. Some things that I do on a regular basis to trim the entries in bayes. Path to spam.assassin.prefs.conf may differ in your case. sa-learn --sync -p /etc/MailScanner/spam.assassin.prefs.conf sa-learn --force-expire -p /etc/MailScanner/spam.assassin.prefs.conf Next (if the previous commands didn't do wonders), try re-creating your entire bayesian db (after a backup, of course). This worked for me, though ymmv. You could also try replacing your bayes with the starter db from http://fsl.com/support Though I don't really see any errors related to bayes in the debug output, you could possibly try this out. Hope this works for you (it did for me). - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Jan 8 10:55:07 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:08 2006 Subject: newbie - testing config Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: > Jan 7 21:34:47 prsvr02 MailScanner[23412]: New Batch: Scanning 1 > messages, 2313 > bytes > Jan 7 21:34:48 prsvr02 MailScanner[23412]: Spam Checks: Found 1 spam > messages > Jan 7 21:34:48 prsvr02 MailScanner[23412]: Virus and Content Scanning: > Starting > > But the message is not delivered (it shouldn't have been), but I expected > it to be quarantined. I don't see it in /var/spool/mqueue > or /var/spool/mqueue.in. Since gtube scores 1000 points in SA, what is your "High Scoring Spam Actions" set to in MailScanner.conf? You need "store" there to quarantine messages. Have you set "Log Spam" to "yes"? It helps when looking in the mail log. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:45:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Buglet and suggested fix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good idea. Will do. David Lee wrote: >Ouch. I've just installed MS 4.37.7 on a new Fedora Core 2 box, and it >"blackholed" the first few emails (nothing delivered, nothing bounced). >Fortunately it is a test box. > >For the "mqueue.in" and "incoming", (also "quarantine") directories, our >convention differs from the defaults in "MailScanner.conf" . > >Alas, what caught us out is that the MailScanner startup procedure doesn't >read MailScanner.conf for these values, but instead has them separately >hardcoded in "/etc/sysconfig/MailScanner" as INQDIR and WORKDIR. > >This replication of data (compare: single source and multiple derivations) >seems unnecessary. Further, "/etc/sysconfig/MailScanner" already has an >example of deriving information from "MailScanner.conf" at its: > MTA=`perl ... /etc/MailScanner/MailScanner.conf` > >Could I suggest that "/etc/sysconfig/MailScanner" be adjusted in future >releases to use a similar technique to set INQDIR and WORKDIR, please? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:49:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > jester wrote: > >> I too am having the same problem. In trying to trace this problem we >> have >> tried turning off SA, Razor and DSPAM, and only using RBL checks and the >> mqueue.in is still continually climbing. After I restart MailScanner it >> seems to run fine and clear queue in a few minutes, but, after running >> for >> over an hour, the queue.in will climb back to over 1k (almost like >> something is dying, but no idea as to what is). I have checked razor in >> dbug and shows to be ok, same with SA. I have run MailScanner in debug >> and >> all seems fine. I have no idea what could be causing this. >> >> Using MailScanner 4.3.3 >> SA 3.0.2 >> DSPAM 3.2.4 >> RedHat 1gig memory >> >> Any help would be much appreciated! > > > Are you running a caching name server? If not do so as it could well be > DNS issues. Some ISPs get excited about too many DNS requests and start > to tar pit for example. The other slow down I have also seen is a slow > down due to IPv6 resolution so it's also worth a check if you are not > running IPv6 on your network. Have you tried running a few batches through it in Debug=yes mode? Are you running MIME-tools 5.415? If so, upgrade to 5.416 (latest) or my patched 5.415 (which I distribute with 4.37.7) as this fixes a potentially important problem. -- -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:51:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Problem with MailScanner failing to process mqueue.in mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > --On Friday, January 7, 2005 4:51 PM +0000 Julian Field > wrote: > > >> It actually uses a patched version of 5.415 as the 5.416 wasn't ready >> when I needed it to be. The patches provide the same functionality as >> 5.416 does. > > > Patched since when ? I ask because I hate RPM, and so I've been using > the > tar version and insatlling things manually. I haven't re-installed > 5.4.15 > since it was included in earlier versions. > > Personally, what I would find usefull is when a new release is made, > if you > could mention any of the supporting actors that need to be updated as > well. Sorry, I forgot to put it in the ChangeLog. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:52:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Troubleshooting questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That re-install would have installed the upgraded MIME-tools, which is where the problem probably was. jester wrote: > No cache servers and no IPV6, but what has worked is a reinstall of > all the > MailScanner modules (html parser, SA and Razor) and forced the new copies > of the files over the old ones. This seems to have solved the queue > problem > and is working fine now. > > Im not sure why this has fixed my problem (since same files, same > sizes and > all) , but its ran for over 5 hrs now and the mqueue.in is less than > 10 now > consistently. I know longer see delays or large build ups. > > At 12:38 PM 1/7/2005, you wrote: > >> jester wrote: >> >>> I too am having the same problem. In trying to trace this problem we >>> have >>> tried turning off SA, Razor and DSPAM, and only using RBL checks and >>> the >>> mqueue.in is still continually climbing. After I restart MailScanner it >>> seems to run fine and clear queue in a few minutes, but, after running >>> for >>> over an hour, the queue.in will climb back to over 1k (almost like >>> something is dying, but no idea as to what is). I have checked razor in >>> dbug and shows to be ok, same with SA. I have run MailScanner in debug >>> and >>> all seems fine. I have no idea what could be causing this. >>> >>> Using MailScanner 4.3.3 >>> SA 3.0.2 >>> DSPAM 3.2.4 >>> RedHat 1gig memory >>> >>> Any help would be much appreciated! >> >> >> Are you running a caching name server? If not do so as it could well be >> DNS issues. Some ISPs get excited about too many DNS requests and start >> to tar pit for example. The other slow down I have also seen is a slow >> down due to IPv6 resolution so it's also worth a check if you are not >> running IPv6 on your network. >> >> Drew >> >> -- >> In line with our policy, this message has >> been scanned for viruses and dangerous >> content by MailScanner, and is believed to be clean. >> www.themarshalls.co.uk/policy >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> Spydernet has scanned this message for viruses and >> dangerous content. >> >> >> !DSPAM:41df18c8161032079651118! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 8 14:54:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try upgrading to the very latest MIME-tools and see if this fixes the problem. Avery Day wrote: > This is the second time I have had this happen in 6 weeks. Incoming and > outgoing email will get stuck in the postfix queue. This time it went on > for almost 7 hours before anyone noticed. After restarting Mailscanner > (which also restarts postfix) everything will then get delivered. Any > thoughts or suggestions as to why this is happening. I had to completely > take Mailscanner out of the process of things untill I can track down > the exact problem. I did not find much of anything in my log files. What > can I look for in my log files? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schrock at DAYZED.COM Sat Jan 8 22:34:47 2005 From: schrock at DAYZED.COM (Avery Day) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I am running perl-MIME-tools-5.415-2 the latest RPM package available for RHEL 3.0 Thanks, schrock Julian Field wrote: > Try upgrading to the very latest MIME-tools and see if this fixes the > problem. > > Avery Day wrote: > >> This is the second time I have had this happen in 6 weeks. Incoming and >> outgoing email will get stuck in the postfix queue. This time it went on >> for almost 7 hours before anyone noticed. After restarting Mailscanner >> (which also restarts postfix) everything will then get delivered. Any >> thoughts or suggestions as to why this is happening. I had to completely >> take Mailscanner out of the process of things untill I can track down >> the exact problem. I did not find much of anything in my log files. What >> can I look for in my log files? > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------------------------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > ------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 9 12:12:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Postfix messages freeze up in queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The latest 5.415-3 (which is the same as 5.416) is provided with the most recent MailScanner release. You can also just use CPAN to upgrade to 5.416. Avery Day wrote: > Julian, > > I am running perl-MIME-tools-5.415-2 the latest RPM package available > for RHEL 3.0 > > Thanks, > schrock > > > Julian Field wrote: > >> Try upgrading to the very latest MIME-tools and see if this fixes the >> problem. >> >> Avery Day wrote: >> >>> This is the second time I have had this happen in 6 weeks. Incoming and >>> outgoing email will get stuck in the postfix queue. This time it >>> went on >>> for almost 7 hours before anyone noticed. After restarting Mailscanner >>> (which also restarts postfix) everything will then get delivered. Any >>> thoughts or suggestions as to why this is happening. I had to >>> completely >>> take Mailscanner out of the process of things untill I can track down >>> the exact problem. I did not find much of anything in my log files. >>> What >>> can I look for in my log files? >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jvane at INVITATION.ORG Sun Jan 9 19:47:48 2005 From: jvane at INVITATION.ORG (Jim Van Etten) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: For some reason when I upgraded my spamassassin to 3.0.1 from 2.6 most of the spam is getting through. I never had this problem before. I have cleared my bayes directory so it could start fresh. The header for X-Spam-Status looks like this for example: No, score=1.6 required=5.0 tests=FIN_FREE,FORGED_RCVD_HELO, FROM_ENDS_IN_NUMS,HTML_FONT_BIG,HTML_IMAGE_RATIO_04,HTML_MESSAGE, HTML_TAG_BALANCE_BODY,URI_OFFERS autolearn=no version=3.0.1 How in the world can the score be only 1.6 while detecting all the listed items. This should score much higher. Any help would be greatly appreciated. Thanks Jim ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 9 19:58:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Clear out all your old spamassassin rules directories. Also, what is generating the X-Spam-Status header? This sure ain't MailScanner. Jim Van Etten wrote: >For some reason when I upgraded my spamassassin to 3.0.1 from 2.6 most of >the spam is getting through. I never had this problem before. I have cleared >my bayes directory so it could start fresh. > >The header for X-Spam-Status looks like this for example: > >No, score=1.6 required=5.0 tests=FIN_FREE,FORGED_RCVD_HELO, >FROM_ENDS_IN_NUMS,HTML_FONT_BIG,HTML_IMAGE_RATIO_04,HTML_MESSAGE, >HTML_TAG_BALANCE_BODY,URI_OFFERS autolearn=no version=3.0.1 > >How in the world can the score be only 1.6 while detecting all the listed >items. This should score much higher. Any help would be greatly appreciated. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Sun Jan 9 21:14:16 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:28:08 2006 Subject: clamav error.. Message-ID: Hi there, hope everyone slipped through into the new year.. my question.. just tested to send me the eicar-testfile as tar.gz in two different files. one names *.tar.gz and one *.tgz all worked fine..but still some error in the logfile, which made me think.. here are the errors: Jan 9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning: Starting Jan 9 22:10:38 marcel MailScanner[30889]: eicar.com Jan 9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput: unrecognised line "eicar.com". Please contact the authors! Jan 9 22:10:38 marcel MailScanner[30889]: /tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: Eicar-Test-Signature FOUND Jan 9 22:10:38 marcel MailScanner[30889]: /tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected Archive FOUND Jan 9 22:10:38 marcel MailScanner[30889]: (Real infected archive: /var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz) and within the warning all virus-scanners reported eicar..except Clamscan.. At Sun Jan 9 22:10:41 2005 the virus scanner said: ClamAV: eigar.tgz contains a virus AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar --> eicar.com <<< Contains code of the Eicar-Test-Signature virus F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File Bitdefender: Found virus EICAR-Test-File (not a virus) in file eigar.tgz i do not use the perl-module for clamscan..but the original programm.. maybe i should switch?? greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 9 21:53:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: clamav error.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In the cleaned message, or in the postmaster notification generated by MailScanner, does it say that MailScanner detected the virus with ClamAV? i.e. is the problem "real" or is it just in the logs? Marcel Blenkers wrote: >Hi there, > >hope everyone slipped through into the new year.. > >my question.. > >just tested to send me the eicar-testfile as tar.gz in two different >files. >one names *.tar.gz and one *.tgz > >all worked fine..but still some error in the logfile, which made me >think.. > >here are the errors: > >Jan 9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning: >Starting >Jan 9 22:10:38 marcel MailScanner[30889]: eicar.com >Jan 9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput: >unrecognised line "eicar.com". Please contact the authors! >Jan 9 22:10:38 marcel MailScanner[30889]: >/tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: Eicar-Test-Signature >FOUND >Jan 9 22:10:38 marcel MailScanner[30889]: >/tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected Archive FOUND >Jan 9 22:10:38 marcel MailScanner[30889]: (Real infected archive: >/var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz) > > >and within the warning all virus-scanners reported eicar..except >Clamscan.. > >At Sun Jan 9 22:10:41 2005 the virus scanner said: > ClamAV: eigar.tgz contains a virus > AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar >--> eicar.com <<< Contains code of the Eicar-Test-Signature virus > F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File > Bitdefender: Found virus EICAR-Test-File (not a virus) in file >eigar.tgz > > >i do not use the perl-module for clamscan..but the original programm.. > >maybe i should switch?? > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jvane at INVITATION.ORG Mon Jan 10 02:46:58 2005 From: jvane at INVITATION.ORG (Jim VanEtten) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: Where would this directory be for Mailscanners implementation of Spamassassin? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Mon Jan 10 08:15:43 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:28:08 2006 Subject: clamav error.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is the problem I've been taking about. It let the virus pass to my mail server. Koen Julian Field wrote: > In the cleaned message, or in the postmaster notification generated by > MailScanner, does it say that MailScanner detected the virus with ClamAV? > i.e. is the problem "real" or is it just in the logs? > > Marcel Blenkers wrote: > >> Hi there, >> >> hope everyone slipped through into the new year.. >> >> my question.. >> >> just tested to send me the eicar-testfile as tar.gz in two different >> files. >> one names *.tar.gz and one *.tgz >> >> all worked fine..but still some error in the logfile, which made me >> think.. >> >> here are the errors: >> >> Jan 9 22:10:38 marcel MailScanner[30889]: Virus and Content Scanning: >> Starting >> Jan 9 22:10:38 marcel MailScanner[30889]: eicar.com >> Jan 9 22:10:38 marcel MailScanner[30889]: ProcessClamAVOutput: >> unrecognised line "eicar.com". Please contact the authors! >> Jan 9 22:10:38 marcel MailScanner[30889]: >> /tmp/clamav.802/clamav-5d4b8ff291ddb019/eicar.com: Eicar-Test-Signature >> FOUND >> Jan 9 22:10:38 marcel MailScanner[30889]: >> /tmp/clamav.802/clamav-a8e63d9ddfd8c9fe/eigar.tgz: Infected Archive >> FOUND >> Jan 9 22:10:38 marcel MailScanner[30889]: (Real infected archive: >> /var/spool/MailScanner/incoming/30889/./j09LAUH6000794/eigar.tgz) >> >> >> and within the warning all virus-scanners reported eicar..except >> Clamscan.. >> >> At Sun Jan 9 22:10:41 2005 the virus scanner said: >> ClamAV: eigar.tgz contains a virus >> AntiVir: ALERT: [Eicar-Test-Signature virus] eigar.tgz --> eigar.tar >> --> eicar.com <<< Contains code of the Eicar-Test-Signature virus >> F-Prot: eigar.tgz->?->eicar.com Infection: EICAR_Test_File >> Bitdefender: Found virus EICAR-Test-File (not a virus) in file >> eigar.tgz >> >> >> i do not use the perl-module for clamscan..but the original programm.. >> >> maybe i should switch?? >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 10 09:04:20 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:08 2006 Subject: Upgrade to 3.0 has increased my spam 100 fold Message-ID: Jim looks like the upgrade is using some broken (non-3.x syntax) rules somewhere. use spamassassin -p /path/to/spam.assassin.prefs.conf -D --lint to find out what rules are working anymore. Also as Julian suggests the /etc/mail/spamassassin is the normal place for 'local' rules to be placed. I'd also check that you've not got spamd/spamc running/configured somehow as the X-Spam-Status isn't a MailScanner header... In order to find out what rules have what scores make sure the following is set in MailScanner.conf.. SpamScore Number Instead Of Stars = yes Include Scores In SpamAssassin Report = yes Spam Score Number Format = %5.2f -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jim Van Etten wrote: > For some reason when I upgraded my spamassassin to 3.0.1 from 2.6 most of > the spam is getting through. I never had this problem before. I have cleared > my bayes directory so it could start fresh. > > The header for X-Spam-Status looks like this for example: > > No, score=1.6 required=5.0 tests=FIN_FREE,FORGED_RCVD_HELO, > FROM_ENDS_IN_NUMS,HTML_FONT_BIG,HTML_IMAGE_RATIO_04,HTML_MESSAGE, > HTML_TAG_BALANCE_BODY,URI_OFFERS autolearn=no version=3.0.1 > > How in the world can the score be only 1.6 while detecting all the listed > items. This should score much higher. Any help would be greatly appreciated. > > Thanks > Jim > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From emil at NETSAMSKIPTI.IS Mon Jan 10 15:06:28 2005 From: emil at NETSAMSKIPTI.IS (Emil Valsson) Date: Thu Jan 12 21:28:08 2006 Subject: Attachment scanning. Message-ID: Hello, I have a small problem. I dont want MailScanner to scan or trash messages that have attachments over maybe 0.5 or 1M. How would I do that? I tried to set the following in clamd.conf: ArchiveMaxFileSize 1M That has no effect, he is still trashing attachments, especially .zip files. Im using the latest MailScanner for Redhat/Fedora and latest clamav. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 16:18:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Attachment scanning. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check in your MailScanner.conf file for the settings Maximum Attachment Size Maximum Message Size Emil Valsson wrote: > Hello, I have a small problem. I dont want MailScanner to scan or > trash messages that have attachments over maybe 0.5 or 1M. How would I > do that? > I tried to set the following in clamd.conf: > > ArchiveMaxFileSize 1M > > That has no effect, he is still trashing attachments, especially .zip > files. Im using the latest MailScanner for Redhat/Fedora and latest > clamav. > > Thank you. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 16:50:35 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Everyone. We have been using MailScanner for a couple of years now, and I must say that it is great! My company has been steadily growing larger and larger, and we do business with quite a few people via email. Our clients, upon seeing some sort of proof from us, will give us an okay to print via email, and the need to archive mail for a sort of paper trail when disputes arise has always been in the back of our mind. We have about 4 or 5 people who deal with these clients, and they hang onto their mail for a couple of months before deleting everything. Sometimes we instances come up where if we had the email, we would have gotten paid for the job, but unfortunately was deleted. I have been trying to work out a solution using MailScanner to archive a months worth of mail, tar it up and burn these off to CD or something. We have one MailServer, sitting on the Internet side of our firewall, that all of our 20+ employees who have email, check via POP3. Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, ViSpan, and SquirrelMail I am curious to know if anyone is currently, or has considered, setting up some sort of archiving action and how you may have approached it? Does anyone have any thoughts or guidance. I have looked through the FAQ's and am working my mind through the "Archive Mail =" configuration so as to set up some sort of streamlined process to maybe backup mail for these 4 or 5 users weekly, then all the weeklys into a monthly, montly's onto a CD. as well as some way to retrieve and view the messages easily to find the particular mail. Any thoughts, ideas, or redirects? Any help or comments would be welcomed. Thank you, Craig D. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Jan 10 16:56:01 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you considered using IMAP for your email? All your mail is kept on the server, so you can keep it as long as you want. I have a few thousand emails over many months stored right now. I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, ClamAV, and SpamAssassin. Our mail server allows you to use either IMAP or POP. If you want to know more, I am usually around on the #mailscanner chatroom on IRC. MailScanner on IRC Community Support irc.freenode.net #mailscanner On Mon, 2005-01-10 at 11:50, Craig Daters wrote: Hello Everyone. We have been using MailScanner for a couple of years now, and I must say that it is great! My company has been steadily growing larger and larger, and we do business with quite a few people via email. Our clients, upon seeing some sort of proof from us, will give us an okay to print via email, and the need to archive mail for a sort of paper trail when disputes arise has always been in the back of our mind. We have about 4 or 5 people who deal with these clients, and they hang onto their mail for a couple of months before deleting everything. Sometimes we instances come up where if we had the email, we would have gotten paid for the job, but unfortunately was deleted. I have been trying to work out a solution using MailScanner to archive a months worth of mail, tar it up and burn these off to CD or something. We have one MailServer, sitting on the Internet side of our firewall, that all of our 20+ employees who have email, check via POP3. Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, ViSpan, and SquirrelMail I am curious to know if anyone is currently, or has considered, setting up some sort of archiving action and how you may have approached it? Does anyone have any thoughts or guidance. I have looked through the FAQ's and am working my mind through the "Archive Mail =" configuration so as to set up some sort of streamlined process to maybe backup mail for these 4 or 5 users weekly, then all the weeklys into a monthly, montly's onto a CD. as well as some way to retrieve and view the messages easily to find the particular mail. Any thoughts, ideas, or redirects? Any help or comments would be welcomed. Thank you, Craig D. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Mon Jan 10 16:57:15 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:08 2006 Subject: OT: One-Way Email List Server Message-ID: I know this is OT. Looking for some insight from my peers. Does anyone know of a email list management application (free or otherwise) besides Lsoft's product that supports one-way lists? Either windows or *nix is fine. I know of major-domo and listproc, howerver I'm not sure if any of those supports just simple one way lists. Thanks Errol ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Mon Jan 10 17:05:13 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:28:08 2006 Subject: OT: One-Way Email List Server Message-ID: Mailgust is one that I know of...pretty full featured. http://www.mailgust.org/ Errol Neal wrote: >I know this is OT. Looking for some insight from my peers. >Does anyone know of a email list management application (free or >otherwise) besides Lsoft's product that supports one-way lists? Either >windows or *nix is fine. I know of major-domo and listproc, howerver I'm >not sure if any of those supports just simple one way lists. >Thanks > > >Errol > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 10 17:04:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: Craig I do the entire outside email traffic. tar it up after three days, then manually burnt to CD once I get enough to fit onto a CD. If you make the "Archive Mail = users.rule" you can populate the rule file with the users you want to archive. I then have a script that's called by cron to tar.gz up the directories.. #!/usr/bin/perl # # IMPORTANT NOTE: # # Change the next line to 0 instead of 1 to enable this script. # By default it will be disabled and will not do anything. # $disabled = 0; $archive_dir = '/usr/MailScanner/archive/'; $backup_dir = '/usr/MailScanner/backup_archive'; $days_to_keep = 2; exit if $disabled; # Standardise the format of the directory name die 'Path for archive_dir must be absolute' unless $archive_dir =~ /^\//; $archive_dir =~ s/\/$//; # Delete trailing slash # Now get the content list for the directory. opendir(QDIR, $archive_dir) or die "Couldn't read directory $archive_dir"; # Loop through this list looking for any *directory* which hasn't been # modified in the last $days_to_keep days. # Unfortunately this will do nothing if the filesystem is backed up using tar. while($entry = readdir(QDIR)) { next if $entry =~ /^\./; $backup_file = $backup_dir . '/' . $entry . '.tgz'; $entry = $archive_dir . '/' . $entry; system("tar zcf $backup_file --remove-files $entry ; rm -rf $entry") if -d $entry && -M $entry > $days_to_keep; } closedir(QDIR); -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Craig Daters wrote: > Hello Everyone. We have been using MailScanner for a couple of years > now, and I must say that it is great! My company has been steadily > growing larger and larger, and we do business with quite a few people > via email. Our clients, upon seeing some sort of proof from us, will > give us an okay to print via email, and the need to archive mail for a > sort of paper trail when disputes arise has always been in the back of > our mind. > > We have about 4 or 5 people who deal with these clients, and they hang > onto their mail for a couple of months before deleting everything. > Sometimes we instances come up where if we had the email, we would have > gotten paid for the job, but unfortunately was deleted. > > I have been trying to work out a solution using MailScanner to archive a > months worth of mail, tar it up and burn these off to CD or something. > > We have one MailServer, sitting on the Internet side of our firewall, > that all of our 20+ employees who have email, check via POP3. > > Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, > ViSpan, and SquirrelMail > > I am curious to know if anyone is currently, or has considered, setting > up some sort of archiving action and how you may have approached it? > Does anyone have any thoughts or guidance. > > I have looked through the FAQ's and am working my mind through the > "Archive Mail =" configuration so as to set up some sort of streamlined > process to maybe backup mail for these 4 or 5 users weekly, then all the > weeklys into a monthly, montly's onto a CD. as well as some way to > retrieve and view the messages easily to find the particular mail. > > Any thoughts, ideas, or redirects? Any help or comments would be welcomed. > > Thank you, > > Craig D. > > -- > > Craig Daters (craig@westpress.com) > Systems Administrator > West Press Print Communications > > 1663 West Grant Road > Tucson, Arizona 85705 > (520) 624-4939 > (520) 624-2715 fax > > www.westpress.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Mon Jan 10 17:05:40 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Got two questions today 1) Is there a simple way to import variables in inline signatures (short of writing custom functions or modifying MailScanner) to at least include things like message id. One of our 2005 goals is not to reinvent the wheel. 2) Any feedback on "uceprotect.net" blacklists? They appear to be free and have a high correlation with our internally generated blacklists. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Mon Jan 10 17:07:11 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: One more catch.. FULL html support :/ -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Errol Neal Sent: Monday, January 10, 2005 11:57 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: One-Way Email List Server I know this is OT. Looking for some insight from my peers. Does anyone know of a email list management application (free or otherwise) besides Lsoft's product that supports one-way lists? Either windows or *nix is fine. I know of major-domo and listproc, howerver I'm not sure if any of those supports just simple one way lists. Thanks Errol ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Mon Jan 10 17:10:25 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Errol Neal > Sent: Monday, January 10, 2005 12:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: One-Way Email List Server > > One more catch.. FULL html support :/ > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Errol Neal > Sent: Monday, January 10, 2005 11:57 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: One-Way Email List Server > > I know this is OT. Looking for some insight from my peers. > Does anyone know of a email list management application (free or > otherwise) besides Lsoft's product that supports one-way lists? Either > windows or *nix is fine. I know of major-domo and listproc, howerver I'm > not sure if any of those supports just simple one way lists. > Thanks > > > Errol > We use and like GNU MailMan. HTML is OK. http://www.gnu.org/software/mailman/ Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon Jan 10 17:19:48 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: Errol Neal wrote: > One more catch.. FULL html support :/ > Mailman? Don't recall if it does one-way lists, but I'd be really surprised if it didn't... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jan 10 17:11:14 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:08 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hkbyte wrote: > I am learning how to write custom function. I attached my function to > Non Spam actions. If my return value are 'deliver' and 'store' , both > work properly as I want. But when I change 'store' return value to > 'bounce' , it failed and the maillog said "Does not make sense to > bounce non-spam". How can I send a custom bounce back message to sender. > Thanks. Bounce back message to a spammer is useless, as they are usually; Not going to care. Not going to read it. Will see it as a valid domain, and will turn their attacks up. See number 1 and 2 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 17:28:24 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > Have you considered using IMAP for your email? All your mail is kept > on the server, so you can keep it as long as you want. I have a few > thousand emails over many months stored right now. > > I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, > ClamAV, and SpamAssassin. > > Our mail server allows you to use either IMAP or POP. > > If you want to know more, I am usually around on the #mailscanner > chatroom on IRC. > > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > > On Mon, 2005-01-10 at 11:50, Craig Daters wrote: > >> /Hello Everyone. We have been using MailScanner for a couple of years >>now, and I must say that it is great! My company has been steadily >>growing larger and larger, and we do business with quite a few people >>via email. Our clients, upon seeing some sort of proof from us, will >>give us an okay to print via email, and the need to archive mail for a >>sort of paper trail when disputes arise has always been in the back of >>our mind. >> >>We have about 4 or 5 people who deal with these clients, and they hang >>onto their mail for a couple of months before deleting everything. >>Sometimes we instances come up where if we had the email, we would have >>gotten paid for the job, but unfortunately was deleted. >> >>I have been trying to work out a solution using MailScanner to archive a >>months worth of mail, tar it up and burn these off to CD or something. >> >>We have one MailServer, sitting on the Internet side of our firewall, >>that all of our 20+ employees who have email, check via POP3. >> >>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>ViSpan, and SquirrelMail >> >>I am curious to know if anyone is currently, or has considered, setting >>up some sort of archiving action and how you may have approached it? >>Does anyone have any thoughts or guidance. >> >>I have looked through the FAQ's and am working my mind through the >>"Archive Mail =" configuration so as to set up some sort of streamlined >>process to maybe backup mail for these 4 or 5 users weekly, then all the >>weeklys into a monthly, montly's onto a CD. as well as some way to >>retrieve and view the messages easily to find the particular mail. >> >>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >> >>Thank you, >> >>Craig D. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >>/ >>/ www.westpress.com >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ ( http://www.mailscanner.biz/maq/ ) and >>the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html ). >> >>Support MailScanner development - buy the book off the website! / >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* I have considered IMAP, but I don't know enough about it to make an informed decision to use it. I have only ever used POP3. I would suspect also that I might want to use Quota's for this type of config, and I do not know much about that either. We process a couple of gigabytes a month worth of email with all of the file attachments that we take in, so I would be afraid of my drive filling up too soon. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Jan 10 17:34:57 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig, I forgot to mention that all my users and quota management are done via MySQL. If you are worried about disk space, IMAP does build up. You don't have to have everyone on IMAP, as you can put important email on IMAP and others on POP. On Mon, 2005-01-10 at 12:28, Craig Daters wrote: Wess Bechard wrote: > Have you considered using IMAP for your email? All your mail is kept > on the server, so you can keep it as long as you want. I have a few > thousand emails over many months stored right now. > > I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, > ClamAV, and SpamAssassin. > > Our mail server allows you to use either IMAP or POP. > > If you want to know more, I am usually around on the #mailscanner > chatroom on IRC. > > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > > On Mon, 2005-01-10 at 11:50, Craig Daters wrote: > >> /Hello Everyone. We have been using MailScanner for a couple of years >>now, and I must say that it is great! My company has been steadily >>growing larger and larger, and we do business with quite a few people >>via email. Our clients, upon seeing some sort of proof from us, will >>give us an okay to print via email, and the need to archive mail for a >>sort of paper trail when disputes arise has always been in the back of >>our mind. >> >>We have about 4 or 5 people who deal with these clients, and they hang >>onto their mail for a couple of months before deleting everything. >>Sometimes we instances come up where if we had the email, we would have >>gotten paid for the job, but unfortunately was deleted. >> >>I have been trying to work out a solution using MailScanner to archive a >>months worth of mail, tar it up and burn these off to CD or something. >> >>We have one MailServer, sitting on the Internet side of our firewall, >>that all of our 20+ employees who have email, check via POP3. >> >>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>ViSpan, and SquirrelMail >> >>I am curious to know if anyone is currently, or has considered, setting >>up some sort of archiving action and how you may have approached it? >>Does anyone have any thoughts or guidance. >> >>I have looked through the FAQ's and am working my mind through the >>"Archive Mail =" configuration so as to set up some sort of streamlined >>process to maybe backup mail for these 4 or 5 users weekly, then all the >>weeklys into a monthly, montly's onto a CD. as well as some way to >>retrieve and view the messages easily to find the particular mail. >> >>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >> >>Thank you, >> >>Craig D. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >>/ >>/ www.westpress.com >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ ( http://www.mailscanner.biz/maq/ ) and >>the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html ). >> >>Support MailScanner development - buy the book off the website! / >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* I have considered IMAP, but I don't know enough about it to make an informed decision to use it. I have only ever used POP3. I would suspect also that I might want to use Quota's for this type of config, and I do not know much about that either. We process a couple of gigabytes a month worth of email with all of the file attachments that we take in, so I would be afraid of my drive filling up too soon. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 17:37:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > 1) Is there a simple way to import variables in inline signatures (short > of writing custom functions or modifying MailScanner) to at least > include things like message id. One of our 2005 goals is not to reinvent > the wheel. Can I ask why you want this, and what you are trying to achieve? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 17:38:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > hkbyte wrote: > >> I am learning how to write custom function. I attached my function to >> Non Spam actions. If my return value are 'deliver' and 'store' , both >> work properly as I want. But when I change 'store' return value to >> 'bounce' , it failed and the maillog said "Does not make sense to >> bounce non-spam". How can I send a custom bounce back message to sender. >> Thanks. > > > Bounce back message to a spammer is useless, as they are usually; He wants to bounce back to a NON-spammer. Bouncing a message which is not spam doesn't make much sense to me (hence the error message). Why would you want to reject mail you have decided you want to deliver? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 17:39:01 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Craig > > I do the entire outside email traffic. > > tar it up after three days, then manually burnt to CD once I get enough > to fit onto a CD. > > If you make the "Archive Mail = users.rule" you can populate the rule > file with the users you want to archive. > > I then have a script that's called by cron to tar.gz up the directories.. > > #!/usr/bin/perl > > > # > # IMPORTANT NOTE: > # > # Change the next line to 0 instead of 1 to enable this script. > # By default it will be disabled and will not do anything. > # > > $disabled = 0; > > > > $archive_dir = '/usr/MailScanner/archive/'; > $backup_dir = '/usr/MailScanner/backup_archive'; > $days_to_keep = 2; > > exit if $disabled; > > # Standardise the format of the directory name > die 'Path for archive_dir must be absolute' unless $archive_dir =~ /^\//; > $archive_dir =~ s/\/$//; # Delete trailing slash > > # Now get the content list for the directory. > opendir(QDIR, $archive_dir) or die "Couldn't read directory $archive_dir"; > > # Loop through this list looking for any *directory* which hasn't been > # modified in the last $days_to_keep days. > # Unfortunately this will do nothing if the filesystem is backed up > using tar. > while($entry = readdir(QDIR)) { > next if $entry =~ /^\./; > $backup_file = $backup_dir . '/' . $entry . '.tgz'; > $entry = $archive_dir . '/' . $entry; > system("tar zcf $backup_file --remove-files $entry ; rm -rf > $entry") if > -d $entry && -M $entry > $days_to_keep; > } > closedir(QDIR); > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Craig Daters wrote: > >> Hello Everyone. We have been using MailScanner for a couple of years >> now, and I must say that it is great! My company has been steadily >> growing larger and larger, and we do business with quite a few people >> via email. Our clients, upon seeing some sort of proof from us, will >> give us an okay to print via email, and the need to archive mail for a >> sort of paper trail when disputes arise has always been in the back of >> our mind. >> >> We have about 4 or 5 people who deal with these clients, and they hang >> onto their mail for a couple of months before deleting everything. >> Sometimes we instances come up where if we had the email, we would have >> gotten paid for the job, but unfortunately was deleted. >> >> I have been trying to work out a solution using MailScanner to archive a >> months worth of mail, tar it up and burn these off to CD or something. >> >> We have one MailServer, sitting on the Internet side of our firewall, >> that all of our 20+ employees who have email, check via POP3. >> >> Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >> ViSpan, and SquirrelMail >> >> I am curious to know if anyone is currently, or has considered, setting >> up some sort of archiving action and how you may have approached it? >> Does anyone have any thoughts or guidance. >> >> I have looked through the FAQ's and am working my mind through the >> "Archive Mail =" configuration so as to set up some sort of streamlined >> process to maybe backup mail for these 4 or 5 users weekly, then all the >> weeklys into a monthly, montly's onto a CD. as well as some way to >> retrieve and view the messages easily to find the particular mail. >> >> Any thoughts, ideas, or redirects? Any help or comments would be >> welcomed. >> >> Thank you, >> >> Craig D. >> >> -- >> >> Craig Daters (craig@westpress.com) >> Systems Administrator >> West Press Print Communications >> >> 1663 West Grant Road >> Tucson, Arizona 85705 >> (520) 624-4939 >> (520) 624-2715 fax >> >> www.westpress.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Thanks Martin, This gives me an idea of how to start a backup script. I do not want to back up all of it, as this would be to big. I only want to back up like 4 or 5 users email is all. Then be able to restore it somewhere to be able to find a particular message, preferably from a windows machine as no one other than myself knows how to use Linux.... -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 10 17:47:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: > Thanks Martin, > > This gives me an idea of how to start a backup script. I do not want to > back up all of it, as this would be to big. I only want to back up like > 4 or 5 users email is all. Then be able to restore it somewhere to be > able to find a particular message, preferably from a windows machine as > no one other than myself knows how to use Linux.... > > -- > > Craig Daters (craig@westpress.com) > Systems Administrator > West Press Print Communications > Craig you could get the users into MailWatch so they can release their own email from within the DB...you'd have to keep the uncompressed emails around for more days though as the MW interace only deals with the rfc-822 format emails, not uncompresseing/extracting on the fly. The MW stuff can (and will) look into the users table to allow non-admin users to check their own email for spam etc... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rzewnickie at RFA.ORG Mon Jan 10 17:53:02 2005 From: rzewnickie at RFA.ORG (Eric Dantan Rzewnicki) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: On Mon, Jan 10, 2005 at 08:19:48AM -0900, Kevin Miller wrote: > Errol Neal wrote: > > One more catch.. FULL html support :/ > Mailman? Don't recall if it does one-way lists, but I'd be really surprised > if it didn't... If by one way lists the OP means a list that only sends out to the members, but that the members cannot post to, then this is easy in Mailman. We have a number of lists that work that way. Basically you only allow whoever is authorized to post the newsletter or announcement or whatever to post to that list. Noone else can post. We use it for stuff like press releases. -- Eric Dantan Rzewnicki | Systems Engineer I Technical Operations Division | Radio Free Asia 2025 M Street, NW | Washington, DC 20036 | 202-530-4900 CONFIDENTIAL COMMUNICATION This e-mail message is intended only for the use of the addressee and may contain information that is privileged and confidential. Any unauthorized dissemination, distribution, or copying is strictly prohibited. If you receive this transmission in error, please contact network@rfa.org. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 17:53:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > Martin Hepworth wrote: > >> Craig >> >> I do the entire outside email traffic. >> >> tar it up after three days, then manually burnt to CD once I get enough >> to fit onto a CD. >> >> If you make the "Archive Mail = users.rule" you can populate the rule >> file with the users you want to archive. >> >> I then have a script that's called by cron to tar.gz up the >> directories.. >> >> > Thanks Martin, > > This gives me an idea of how to start a backup script. I do not want to > back up all of it, as this would be to big. I only want to back up like > 4 or 5 users email is all. Then be able to restore it somewhere to be > able to find a particular message, preferably from a windows machine as > no one other than myself knows how to use Linux.... > Use a ruleset to only archive the mail for a few users, and archive each of them into a separate mbox file. See the comment above the "Archive Mail" setting for info on this. An mbox file is, more or less, a plain old text file containing all the messages archived into that file. If you back these up into a .tgz file somewhere, your Windows staff can use Winzip to open up the archive and then use any old text editor (or even Word if they must!) and search the text file for relevant keywords/dates/whatever. The Windows users will have to get used to seeing the full headers of each message, but they will soon get used to it. And it's enormously easier and faster to search than most other ways of hunting through messages in a large mailbox. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Mon Jan 10 18:00:21 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Can I ask why you want this, and what you are trying to achieve? Its more of a political issue than technical accomplishment but becuase of the size and the number of different clients we have it comes up more often than I'd like to admit it. I don't stand behind these requests or acknowledge that they make sense -- I just need to execute them. 1) Certain users require different signatures and mail actions depending on their department membership or job function. For example, certain marketing departments are required to include disclaimers about the message/product. Law firms and stock brokerages need to include additional timestamps when the message is processed at the mail server for an employee that deals with customers but not for marketing/etc that deal with other businesses (ie, when is the transaction confirmation sent out of the network). 2) Certain users and companies require different signatures depending on the time of the day the message is relayed. They use third party chat/im software that indicates their chat availability so if the message is sent during the business hours the chat/online link is included in the signature. 3) Most users want to inline the senders IP address, email address, etc so that the recipients can easilly see where the message came from without looking at the message headers. Although I've explained that this can be easilly spoofed I think we can use a link in combination with sql logging to provide an additional level of authenticity/verification. ... and other general requests like signatures, fortunes, etc. We're seeing a bigger and bigger trend in enterprises where they are looking to move more of the functions to the mail server and turn their mail client into a dumb mail reading/writing terminal. This despite their $$$ investments in tools like Outlook/Exchange which most people are finding hard to use. -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Jan 10 18:30:56 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:28:08 2006 Subject: One-Way Email List Server Message-ID: Hi! >>> One more catch.. FULL html support :/ >> Mailman? Don't recall if it does one-way lists, but I'd be really surprised >> if it didn't... > If by one way lists the OP means a list that only sends out to the > members, but that the members cannot post to, then this is easy in > Mailman. We have a number of lists that work that way. Basically you > only allow whoever is authorized to post the newsletter or announcement > or whatever to post to that list. Noone else can post. We use it for > stuff like press releases. You can eitehr restrict postings by listmembers of by admins only (moderated). Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 18:46:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:08 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fair enough. You can already put in $from and $subject as it stands. If you apply this patch to Message.pm you will be able to use $id as well. -----SNIP----- --- Message.pm.old 2004-12-22 17:22:02.000000000 +0000 +++ Message.pm 2005-01-10 18:41:49.000000000 +0000 @@ -2474,7 +2474,7 @@ # Work out the list of all the infected attachments, including # reports applying to the whole message - my($attach, $text, %infected, $filename, $from, $subject); + my($attach, $text, %infected, $filename, $from, $subject, $id); while (($attach, $text) = each %{$this->{allreports}}) { # It affects the entire message if the entity of this file matches # the entity of the entire message. @@ -2492,6 +2492,7 @@ $infected{MailScanner::Config::LanguageValue($this, 'notnamed')} = 1; } $filename = join(', ', keys %infected); + $id = $this->{id}; $from = $this->{from}; $subject = $this->{subject}; -----SNIP----- Vlad Mazek wrote: >> >> Can I ask why you want this, and what you are trying to achieve? > > > Its more of a political issue than technical accomplishment but becuase > of the size and the number of different clients we have it comes up more > often than I'd like to admit it. I don't stand behind these requests or > acknowledge that they make sense -- I just need to execute them. > > 1) Certain users require different signatures and mail actions depending > on their department membership or job function. For example, certain > marketing departments are required to include disclaimers about the > message/product. Law firms and stock brokerages need to include > additional timestamps when the message is processed at the mail server > for an employee that deals with customers but not for marketing/etc that > deal with other businesses (ie, when is the transaction confirmation > sent out of the network). > > 2) Certain users and companies require different signatures depending on > the time of the day the message is relayed. They use third party chat/im > software that indicates their chat availability so if the message is > sent during the business hours the chat/online link is included in the > signature. > > 3) Most users want to inline the senders IP address, email address, etc > so that the recipients can easilly see where the message came from > without looking at the message headers. Although I've explained that > this can be easilly spoofed I think we can use a link in combination > with sql logging to provide an additional level of > authenticity/verification. > > ... and other general requests like signatures, fortunes, etc. We're > seeing a bigger and bigger trend in enterprises where they are looking > to move more of the functions to the mail server and turn their mail > client into a dumb mail reading/writing terminal. This despite their $$$ > investments in tools like Outlook/Exchange which most people are finding > hard to use. > > -Vlad > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:05:27 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > Craig, > > I forgot to mention that all my users and quota management are done via > MySQL. > > If you are worried about disk space, IMAP does build up. You don't have > to have everyone on IMAP, as you can put important email on IMAP and > others on POP. > > On Mon, 2005-01-10 at 12:28, Craig Daters wrote: > >>/Wess Bechard wrote: >>> Have you considered using IMAP for your email? All your mail is kept >>> on the server, so you can keep it as long as you want. I have a few >>> thousand emails over many months stored right now. >>> >>> I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, >>> ClamAV, and SpamAssassin. >>> >>> Our mail server allows you to use either IMAP or POP. >>> >>> If you want to know more, I am usually around on the #mailscanner >>> chatroom on IRC. >>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> >>> On Mon, 2005-01-10 at 11:50, Craig Daters wrote: >>> >>>> /Hello Everyone. We have been using MailScanner for a couple of years >>>>now, and I must say that it is great! My company has been steadily >>>>growing larger and larger, and we do business with quite a few people >>>>via email. Our clients, upon seeing some sort of proof from us, will >>>>give us an okay to print via email, and the need to archive mail for a >>>>sort of paper trail when disputes arise has always been in the back of >>>>our mind. >>>> >>>>We have about 4 or 5 people who deal with these clients, and they hang >>>>onto their mail for a couple of months before deleting everything. >>>>Sometimes we instances come up where if we had the email, we would have >>>>gotten paid for the job, but unfortunately was deleted. >>>> >>>>I have been trying to work out a solution using MailScanner to archive a >>>>months worth of mail, tar it up and burn these off to CD or something. >>>> >>>>We have one MailServer, sitting on the Internet side of our firewall, >>>>that all of our 20+ employees who have email, check via POP3. >>>> >>>>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>>>ViSpan, and SquirrelMail >>>> >>>>I am curious to know if anyone is currently, or has considered, setting >>>>up some sort of archiving action and how you may have approached it? >>>>Does anyone have any thoughts or guidance. >>>> >>>>I have looked through the FAQ's and am working my mind through the >>>>"Archive Mail =" configuration so as to set up some sort of streamlined >>>>process to maybe backup mail for these 4 or 5 users weekly, then all the >>>>weeklys into a monthly, montly's onto a CD. as well as some way to >>>>retrieve and view the messages easily to find the particular mail. >>>> >>>>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >>>> >>>>Thank you, >>>> >>>>Craig D. >>>> >>>>-- >>>> >>>>Craig Daters (craig@westpress.com) >>>>Systems Administrator >>>>West Press Print Communications >>>> >>>>1663 West Grant Road >>>>Tucson, Arizona 85705 >>>>(520) 624-4939 >>>>(520) 624-2715 fax >>>>/ >>>>/ //_www.westpress.com_ <_http://www.westpress.com_> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ ( _http://www.mailscanner.biz/maq/_ <_http://www.mailscanner.biz/maq/_> ) and >>>>the archives ( _http://www.jiscmail.ac.uk/lists/mailscanner.html_ <_http://www.jiscmail.ac.uk/lists/mailscanner.html_> ). >>>> >>>>Support MailScanner development - buy the book off the website! / >>>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) >>> and the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >>> >>> *Support MailScanner development - buy the book off the website!* >> >>I have considered IMAP, but I don't know enough about it to make an >>informed decision to use it. I have only ever used POP3. >> >>I would suspect also that I might want to use Quota's for this type of >>config, and I do not know much about that either. We process a couple of >>gigabytes a month worth of email with all of the file attachments that >>we take in, so I would be afraid of my drive filling up too soon. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >> >>_www.westpress.com_ >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) and >>the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >> >>Support MailScanner development - buy the book off the website!/ >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* How do you manage your users and quota via MySQL? -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:09:04 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:08 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Craig Daters wrote: > >> Martin Hepworth wrote: >> >>> Craig >>> >>> I do the entire outside email traffic. >>> >>> tar it up after three days, then manually burnt to CD once I get enough >>> to fit onto a CD. >>> >>> If you make the "Archive Mail = users.rule" you can populate the rule >>> file with the users you want to archive. >>> >>> I then have a script that's called by cron to tar.gz up the >>> directories.. >>> >>> >> Thanks Martin, >> >> This gives me an idea of how to start a backup script. I do not want to >> back up all of it, as this would be to big. I only want to back up like >> 4 or 5 users email is all. Then be able to restore it somewhere to be >> able to find a particular message, preferably from a windows machine as >> no one other than myself knows how to use Linux.... >> > Use a ruleset to only archive the mail for a few users, and archive each > of them into a separate mbox file. See the comment above the "Archive > Mail" setting for info on this. An mbox file is, more or less, a plain > old text file containing all the messages archived into that file. If > you back these up into a .tgz file somewhere, your Windows staff can use > Winzip to open up the archive and then use any old text editor (or even > Word if they must!) and search the text file for relevant > keywords/dates/whatever. > > The Windows users will have to get used to seeing the full headers of > each message, but they will soon get used to it. And it's enormously > easier and faster to search than most other ways of hunting through > messages in a large mailbox. > This is what I was more or less leaning towards, I wasn't sure if there was a more elegant way to go about it.... -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Mon Jan 10 19:07:04 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: >> Thanks Martin, >> >> This gives me an idea of how to start a backup script. I do not want to >> back up all of it, as this would be to big. I only want to back up like >> 4 or 5 users email is all. Then be able to restore it somewhere to be >> able to find a particular message, preferably from a windows machine as >> no one other than myself knows how to use Linux.... >> >> -- >> >> Craig Daters (craig@westpress.com) >> Systems Administrator >> West Press Print Communications >> > > Craig > > you could get the users into MailWatch so they can release their own > email from within the DB...you'd have to keep the uncompressed emails > around for more days though as the MW interace only deals with the > rfc-822 format emails, not uncompresseing/extracting on the fly. > > The MW stuff can (and will) look into the users table to allow non-admin > users to check their own email for spam etc... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Martin, Sorry to jump in here but something you said caught my attention. You said "The MW stuff can (and will) look into the users table to allow non-admin users to check their own email for spam etc..." Can you clarify: are you saying that if the user has a real login account on the server, they would be able to log into MailWatch and see their spam and infected emails and release mail themselves? Or do they use their email user/password, which I guess would make more sense, now wouldn't it ;-) Dave Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Jan 10 19:14:35 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] With Courier-IMAP/POP, I used authdaemon, which is part of the Courier-IMAP package. I simply tell authdaemon to use MySQL to check the email address and password. Quotas are handled on the same user table. Gentoo: http://www.gentoo.org/doc/en/virt-mail-howto.xml This document details how to create a virtual mailhosting system based upon postfix, mysql, courier-imap, and cyrus-sasl. I modified this setup to work with MailScanner, ClamAV, and SpamAssassin. You can use this guide for other distros, as it does give you the configurations to use, and the names of the programs, which are available to most distros. On Mon, 2005-01-10 at 14:05, Craig Daters wrote: Wess Bechard wrote: > Craig, > > I forgot to mention that all my users and quota management are done via > MySQL. > > If you are worried about disk space, IMAP does build up. You don't have > to have everyone on IMAP, as you can put important email on IMAP and > others on POP. > > On Mon, 2005-01-10 at 12:28, Craig Daters wrote: > >>/Wess Bechard wrote: >>> Have you considered using IMAP for your email? All your mail is kept >>> on the server, so you can keep it as long as you want. I have a few >>> thousand emails over many months stored right now. >>> >>> I am using Mailscanner, Postfix, Courier-IMAP, Courier-POP, Cyrus-SASL, >>> ClamAV, and SpamAssassin. >>> >>> Our mail server allows you to use either IMAP or POP. >>> >>> If you want to know more, I am usually around on the #mailscanner >>> chatroom on IRC. >>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> >>> On Mon, 2005-01-10 at 11:50, Craig Daters wrote: >>> >>>> /Hello Everyone. We have been using MailScanner for a couple of years >>>>now, and I must say that it is great! My company has been steadily >>>>growing larger and larger, and we do business with quite a few people >>>>via email. Our clients, upon seeing some sort of proof from us, will >>>>give us an okay to print via email, and the need to archive mail for a >>>>sort of paper trail when disputes arise has always been in the back of >>>>our mind. >>>> >>>>We have about 4 or 5 people who deal with these clients, and they hang >>>>onto their mail for a couple of months before deleting everything. >>>>Sometimes we instances come up where if we had the email, we would have >>>>gotten paid for the job, but unfortunately was deleted. >>>> >>>>I have been trying to work out a solution using MailScanner to archive a >>>>months worth of mail, tar it up and burn these off to CD or something. >>>> >>>>We have one MailServer, sitting on the Internet side of our firewall, >>>>that all of our 20+ employees who have email, check via POP3. >>>> >>>>Installed along side of MailScanner is MailWatch, SpamAssassin, ClamAV, >>>>ViSpan, and SquirrelMail >>>> >>>>I am curious to know if anyone is currently, or has considered, setting >>>>up some sort of archiving action and how you may have approached it? >>>>Does anyone have any thoughts or guidance. >>>> >>>>I have looked through the FAQ's and am working my mind through the >>>>"Archive Mail =" configuration so as to set up some sort of streamlined >>>>process to maybe backup mail for these 4 or 5 users weekly, then all the >>>>weeklys into a monthly, montly's onto a CD. as well as some way to >>>>retrieve and view the messages easily to find the particular mail. >>>> >>>>Any thoughts, ideas, or redirects? Any help or comments would be welcomed. >>>> >>>>Thank you, >>>> >>>>Craig D. >>>> >>>>-- >>>> >>>>Craig Daters (craig@westpress.com) >>>>Systems Administrator >>>>West Press Print Communications >>>> >>>>1663 West Grant Road >>>>Tucson, Arizona 85705 >>>>(520) 624-4939 >>>>(520) 624-2715 fax >>>>/ >>>>/ //_www.westpress.com_ <_http://www.westpress.com_> >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ ( _http://www.mailscanner.biz/maq/_ <_http://www.mailscanner.biz/maq/_> ) and >>>>the archives ( _http://www.jiscmail.ac.uk/lists/mailscanner.html_ <_http://www.jiscmail.ac.uk/lists/mailscanner.html_> ). >>>> >>>>Support MailScanner development - buy the book off the website! / >>>> >>> MailScanner on IRC >>> Community Support >>> irc.freenode.net >>> #mailscanner >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) >>> and the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >>> >>> *Support MailScanner development - buy the book off the website!* >> >>I have considered IMAP, but I don't know enough about it to make an >>informed decision to use it. I have only ever used POP3. >> >>I would suspect also that I might want to use Quota's for this type of >>config, and I do not know much about that either. We process a couple of >>gigabytes a month worth of email with all of the file attachments that >>we take in, so I would be afraid of my drive filling up too soon. >> >>-- >> >>Craig Daters (craig@westpress.com) >>Systems Administrator >>West Press Print Communications >> >>1663 West Grant Road >>Tucson, Arizona 85705 >>(520) 624-4939 >>(520) 624-2715 fax >> >>_www.westpress.com_ >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (_http://www.mailscanner.biz/maq/_) and >>the archives (_http://www.jiscmail.ac.uk/lists/mailscanner.html_). >> >>Support MailScanner development - buy the book off the website!/ >> > MailScanner on IRC > Community Support > irc.freenode.net > #mailscanner > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* How do you manage your users and quota via MySQL? -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! Wess Bechard System Administrator eliquidMEDIA International www.eliquid.com MailScanner on IRC Community Support irc.freenode.net #mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:50:36 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: >> Thanks Martin, >> >> This gives me an idea of how to start a backup script. I do not want to >> back up all of it, as this would be to big. I only want to back up like >> 4 or 5 users email is all. Then be able to restore it somewhere to be >> able to find a particular message, preferably from a windows machine as >> no one other than myself knows how to use Linux.... >> >> -- >> >> Craig Daters (craig@westpress.com) >> Systems Administrator >> West Press Print Communications >> > > Craig > > you could get the users into MailWatch so they can release their own > email from within the DB...you'd have to keep the uncompressed emails > around for more days though as the MW interace only deals with the > rfc-822 format emails, not uncompresseing/extracting on the fly. > > The MW stuff can (and will) look into the users table to allow non-admin > users to check their own email for spam etc... > I do have other users set up to check their quarantined stuff, and I had considered storing the email in the DB, but was unsure how this would affect the load on our server as we process almost 2GB of mail a month, (due to all the file attachments/jobs that we receive to print...) and the resulting DB would be almost as large for the few users that I want to keep mail around for. If I don't need to be worried about it though, I'm all over it :) -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 19:52:51 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > With Courier-IMAP/POP, I used authdaemon, which is part of the > Courier-IMAP package. I simply tell authdaemon to use MySQL to check > the email address and password. Quotas are handled on the same user table. > > Gentoo: http://www.gentoo.org/doc/en/virt-mail-howto.xml > This document details how to create a virtual mailhosting system based > upon postfix, mysql, courier-imap, and cyrus-sasl. > > I modified this setup to work with MailScanner, ClamAV, and SpamAssassin. > > You can use this guide for other distros, as it does give you the > configurations to use, and the names of the programs, which are > available to most distros. > > On Mon, 2005-01-10 at 14:05, Craig Daters wrote: > I will have to check this out. Thanks -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jan 10 21:21:30 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:28:09 2006 Subject: Installing/Using DCC sanity check Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Ugo Bellavance wrote: > >> About 10 MB of code... would you rather load it everytime or have 10 MB >> of RAM used all the time? > > > It doesn't have to actually load it from disk every time unless you're > really starved for memory and then your server is already crawling > anyway. It's a fairly light operation to reuse old pages in memory. > Hmm, you're right, I didn't think enough I guess. I guess that's why there isn't much difference between running dccproc and dccifd. If anyone has comparison data, please let us know. Thanks, > -- > /Peter Bonivart > > --Unix lovers do it in the Sun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at SUDORA.COM Mon Jan 10 21:54:03 2005 From: james at SUDORA.COM (James A. Pattie) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | Craig Daters wrote: | |> Martin Hepworth wrote: |> |>> Craig |>> |>> I do the entire outside email traffic. |>> |>> tar it up after three days, then manually burnt to CD once I get enough |>> to fit onto a CD. |>> |>> If you make the "Archive Mail = users.rule" you can populate the rule |>> file with the users you want to archive. |>> |>> I then have a script that's called by cron to tar.gz up the |>> directories.. |>> |>> |> Thanks Martin, |> |> This gives me an idea of how to start a backup script. I do not want to |> back up all of it, as this would be to big. I only want to back up like |> 4 or 5 users email is all. Then be able to restore it somewhere to be |> able to find a particular message, preferably from a windows machine as |> no one other than myself knows how to use Linux.... |> | Use a ruleset to only archive the mail for a few users, and archive each | of them into a separate mbox file. See the comment above the "Archive | Mail" setting for info on this. An mbox file is, more or less, a plain | old text file containing all the messages archived into that file. If | you back these up into a .tgz file somewhere, your Windows staff can use | Winzip to open up the archive and then use any old text editor (or even | Word if they must!) and search the text file for relevant | keywords/dates/whatever. | | The Windows users will have to get used to seeing the full headers of | each message, but they will soon get used to it. And it's enormously | easier and faster to search than most other ways of hunting through | messages in a large mailbox. Or you use Mozilla Thunderbird and import the mbox file into their "Local Folders" and then use the nice gui to search, print, etc. - -- James A. Pattie james@sudora.com Linux -- SysAdmin / Programmer Sudora, LLC http://www.sudora.com/ GPG Key Available at https://services.sudora.com/gpgkeys/james.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB4vl7Sl+1j6z8MycRAuniAJ41kzSw1ULxp23OYzU8FW/1fex86ACfTFGK a/XgQJ8L2eoBC1aUGSG/mkw= =LCun -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Mon Jan 10 22:03:36 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James A. Pattie wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > | Craig Daters wrote: > | > |> Martin Hepworth wrote: > |> > |>> Craig > |>> > |>> I do the entire outside email traffic. > |>> > |>> tar it up after three days, then manually burnt to CD once I get enough > |>> to fit onto a CD. > |>> > |>> If you make the "Archive Mail = users.rule" you can populate the rule > |>> file with the users you want to archive. > |>> > |>> I then have a script that's called by cron to tar.gz up the > |>> directories.. > |>> > |>> > |> Thanks Martin, > |> > |> This gives me an idea of how to start a backup script. I do not want to > |> back up all of it, as this would be to big. I only want to back up like > |> 4 or 5 users email is all. Then be able to restore it somewhere to be > |> able to find a particular message, preferably from a windows machine as > |> no one other than myself knows how to use Linux.... > |> > | Use a ruleset to only archive the mail for a few users, and archive each > | of them into a separate mbox file. See the comment above the "Archive > | Mail" setting for info on this. An mbox file is, more or less, a plain > | old text file containing all the messages archived into that file. If > | you back these up into a .tgz file somewhere, your Windows staff can use > | Winzip to open up the archive and then use any old text editor (or even > | Word if they must!) and search the text file for relevant > | keywords/dates/whatever. > | > | The Windows users will have to get used to seeing the full headers of > | each message, but they will soon get used to it. And it's enormously > | easier and faster to search than most other ways of hunting through > | messages in a large mailbox. > > Or you use Mozilla Thunderbird and import the mbox file into their "Local > Folders" and then use the nice gui to search, print, etc. > > - -- > James A. Pattie > james@sudora.com > > Linux -- SysAdmin / Programmer > Sudora, LLC > http://www.sudora.com/ > I had no idea Thunderbird could do this! I knew that I liked this app for a reason :) I will deffinately have to remember this, thanks James. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at bithose.com Mon Jan 10 22:49:04 2005 From: mailscanner at bithose.com (Jameel Akari) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: While we're on the subject of the Archive function and the fact that it can dump to an mbox file, is there a way to tell MailScanner to use a new mbox file while it is running? This would be handy so that an external script could rotate to a new mbox file for each day/week.. otherwise you end up with a huge file that becomes unwieldy after a few days. If you just cron something to copy/move files around, you can end up with race conditions and mail output following old filehandles and general ugliness. To be safe, it seems like you'd have to stop and restart MailScanner while you move the file(s) around. Or perhaps you can have some sort of rule or macro define that filename so that it automatically switches to a new file each day, something like: archive_$DATE.mbox -> archive_20040110.mbox for today, archve_20040111.mbox for tomorrow, etc. Then you only work on the rotated-out file. And is it generally considered "ok" to just cat mbox files together? So if I had two MailScanner servers that generated their own Archive mbox files, and I want one consolidated file, can they just be cat'ed together? Or is order important? And at risk of being burnt at the stake for heresy, how well might it handle a single mbox between two machines over NFS? -- #!/jameel/akari sleep 4800; make clean && make breakfast ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 10 23:18:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jameel Akari wrote: > While we're on the subject of the Archive function and the fact that it > can dump to an mbox file, is there a way to tell MailScanner to use a new > mbox file while it is running? Your best bet is to HUP MailScanner and then immediately move new mbox files into place. It takes a second or two before the first message will be processed, which should give you enough time to get the new mboxes in place. Though obviously this isn't as "Solid" as it should be, I quite agree. Ideally you should stop and restart. > Or perhaps you can have some sort of rule or macro define that > filename so > that it automatically switches to a new file each day, something like: > archive_$DATE.mbox -> archive_20040110.mbox for today, > archve_20040111.mbox for tomorrow, etc. Then you only work on the > rotated-out file. That's not a bad idea, but makes it ever more complex to use and configure. > And at risk of being burnt at the stake for heresy, how well might it > handle a single mbox between two machines over NFS? It can be done (we do it) reliably. But it is pretty hard as you need to be totally paranoid about the locking. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cslyon at gmail.com Tue Jan 11 04:53:45 2005 From: cslyon at gmail.com (Chris Lyon) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: I have seen a few messages float around the list on this subject and wanted to give some of my input on it. I have been tracking the "User unknown" messages for about a week now on one of my MailScanner systems and have found something odd. About 90% of all the "User unknown" messages are coming from different hosts not seen before. So in other words a single IP address will open an SMTP connection, send a message anywhere from 5 to 29 recipients and drop the connection. We will generate the "User unknown" back to then during the connection since they are not on the list. That same IP address will usually will do this style of attack three or four times in a few seconds. Only about 10% of all the "User unknown" attacks show the same IP address again. (This has only been a week and maybe this number will change) The names they are using are standard dictionary stuff. bob@, jeff@, todd@...etc. So what are they hunting for? Are they trying to get past the spam engine? Are they hunting for valid names? I think they doing all of the above but am mainly hunting for names. So with that said is using LDAP on the MTA giving too much information back to the spammers as what addresses are good/bad? Any feedback? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From myeasytech at YAHOO.COM.HK Tue Jan 11 05:47:16 2005 From: myeasytech at YAHOO.COM.HK (hkbyte) Date: Thu Jan 12 21:28:09 2006 Subject: Writing Custom Function Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> hkbyte wrote: >> >>> I am learning how to write custom function. I attached my function to >>> Non Spam actions. If my return value are 'deliver' and 'store' , both >>> work properly as I want. But when I change 'store' return value to >>> 'bounce' , it failed and the maillog said "Does not make sense to >>> bounce non-spam". How can I send a custom bounce back message to >>> sender. >>> Thanks. >> >> >> >> Bounce back message to a spammer is useless, as they are usually; > > > He wants to bounce back to a NON-spammer. Bouncing a message which is > not spam doesn't make much sense to me (hence the error message). Why > would you want to reject mail you have decided you want to deliver? > Julian, I want to restrict user to send outgoing email based on some restrictions. I want to tell the sender why his mail is rejected. BTW, I have another question about the "@headers" attributes. It seems that the format are different with different MTAs. Is there any simple way I can retreive some header fields? e.g. The return-path and date fields. --hkbyte ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jan 11 06:59:32 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig, > 4 or 5 users email is all. Then be able to restore it somewhere to be > able to find a particular message, preferably from a windows > machine as > no one other than myself knows how to use Linux.... I am glad to see that you are being helped. However: Is there _any_ reason why nearly all of your mails contain a consiberable part of all previous mail as a quote? This makes reading your mails very hard! Please stop that. Only quote the necessary parts and if possible, answer part after part and not quote everything on top and then answer in one paragraph afterwards. Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Tue Jan 11 08:34:31 2005 From: dh at UPTIME.AT ([UTF-8] David HĂśhn) Date: Thu Jan 12 21:28:09 2006 Subject: Buglet in Report? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello. I am not quite sure whether this is an MTA or Mailscanner issue. When I get a Bad Filename Report with the full hearders in it, it seems that the MIME decoding on the subject is not properly applied. Since I gets oemthing similar to this: The following e-mails were found to have: Bad Filename Detected ~ Sender: XXXX IP Address: 213.46.255.21 ~ Recipient: XXXXX ~ Subject: =?iso-8859-1?Q?Re:_{Bad_Filename}_Timetable_f=FCr_Dienstag?= ~ MessageID: j0B8UHAp017705 ~ Achtung: MailScanner: Attempt to hide real filename extension (protokoll com.sult.doc) Now for 8859-1 that is a none issue, for something like big5 it gets annoying :) - -d - -- nee anata wo mitsukete soshite nidoto wasurezu ~ donna ni munega itakutemo soba ni iru no ~ zutto...zutto...zutto Key fingerprint = FD77 F0B7 5C65 F546 EB08 A4EC 3CCA 1A32 7E24 291E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) iD8DBQFB44+XPMoaMn4kKR4RA2nYAJkBtP3Ep5W7iZbBcCMj+tzZONzbtACgnjCe xK4KlDeq8Ij2CEWPMHh02EY= =RWPW -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From misterpo at IFRANCE.COM Tue Jan 11 09:02:13 2005 From: misterpo at IFRANCE.COM (Mister PO) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: Hello all, My Mailscanner RedHat 9 Linux server logs its activity in the /var/log/maillog file. I have added the following section to /etc/logrotate.conf to purge logs daily : /var/log/maillog { daily create rotate 3 } but my log file is still growing and logrotate doesn't do its job. Do I need stop and start MailScanner to help logrotate do its job ? I know there is a postrotate instruction, but is there prerotate one ? Thanks in advance for your help, PO. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 09:02:47 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: CCraig Daters wrote: > Martin Hepworth wrote: > >>> Thanks Martin, >>> >>> This gives me an idea of how to start a backup script. I do not want to >>> back up all of it, as this would be to big. I only want to back up like >>> 4 or 5 users email is all. Then be able to restore it somewhere to be >>> able to find a particular message, preferably from a windows machine as >>> no one other than myself knows how to use Linux.... >>> >>> -- >>> >>> Craig Daters (craig@westpress.com) >>> Systems Administrator >>> West Press Print Communications >>> >> >> Craig >> >> you could get the users into MailWatch so they can release their own >> email from within the DB...you'd have to keep the uncompressed emails >> around for more days though as the MW interace only deals with the >> rfc-822 format emails, not uncompresseing/extracting on the fly. >> >> The MW stuff can (and will) look into the users table to allow non-admin >> users to check their own email for spam etc... >> > I do have other users set up to check their quarantined stuff, and I had > considered storing the email in the DB, but was unsure how this would > affect the load on our server as we process almost 2GB of mail a month, > (due to all the file attachments/jobs that we receive to print...) and > the resulting DB would be almost as large for the few users that I want > to keep mail around for. > > If I don't need to be worried about it though, I'm all over it :) > > -- > Craig Daters (craig@westpress.com) > Systems Administrator > West Press Print Communications Craig The Database doesn't hold the actual email, that is left on the disk in either rfc822 or queue file format depending on the settings in MailScanner.conf If you're already using the non-admin user's function to check against quarantined stuff then its more of less the same thing for 'normal' email. You just need to make sure you are archiving the email for X days for those users an dthey can then forward the email to themselves if they are daft enough to have a deleted the billing/work email. Thinking about all this, wouldn't it be better to add better controls into the work flow so that work/billing info is held per job somewhere like a document repository. That way if someone isn't available for work you can still see their work to be done etc??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 09:07:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: Chris We use something similar to this. I can't say that I've analysed where the non-user errors are coming from, but 66% of all the inbound spam is for non-existant users. So this keeps my server load down quite a bit.. Given the effectiveness of MS/SA/ClamAV/Sophos at trapping unwanted emails I'm not that worried that the bad guys might be brute force harvesting email addresses this way. In fact bring it on! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Lyon wrote: > I have seen a few messages float around the list on this subject and > wanted to give some of my input on it. I have been tracking the "User > unknown" > messages for about a week now on one of my MailScanner systems and > have found something odd. About 90% of all the "User unknown" messages > are coming from different hosts not seen before. So in other words a > single IP address will open an SMTP connection, send a message > anywhere from 5 to 29 recipients and drop the connection. We will > generate the "User unknown" back to then during the connection since > they are not on the list. That same IP address will usually will do > this style of attack three or four times in a few seconds. Only about > 10% of all the "User unknown" attacks show the same IP address again. > (This has only been a week and maybe this number will > change) The names they are using are standard dictionary stuff. bob@, > jeff@, todd@...etc. So what are they hunting for? Are they trying to > get past the spam engine? Are they hunting for valid names? > > > I think they doing all of the above but am mainly hunting for names. > So with that said is using LDAP on the MTA giving too much information > back to the spammers as what addresses are good/bad? > > > Any feedback? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 09:14:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Jameel Akari wrote: > >> While we're on the subject of the Archive function and the fact that it >> can dump to an mbox file, is there a way to tell MailScanner to use a >> new >> mbox file while it is running? > > > Your best bet is to HUP MailScanner and then immediately move new mbox > files into place. It takes a second or two before the first message will > be processed, which should give you enough time to get the new mboxes in > place. > > Though obviously this isn't as "Solid" as it should be, I quite agree. > Ideally you should stop and restart. > >> Or perhaps you can have some sort of rule or macro define that >> filename so >> that it automatically switches to a new file each day, something like: >> archive_$DATE.mbox -> archive_20040110.mbox for today, >> archve_20040111.mbox for tomorrow, etc. Then you only work on the >> rotated-out file. > > > That's not a bad idea, but makes it ever more complex to use and > configure. I have implemented this in the attached patch for Message.pm. You can put the magic string _DATE_ anywhere in the "Archive Mail" setting (more than once if you want to). This keyword will be replaced with the current date in yyyymmdd format when the archive is written. Let me know how you get on. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] --- Message.pm.old 2005-01-10 18:46:10.000000000 +0000 +++ Message.pm 2005-01-11 09:05:58.000000000 +0000 @@ -205,6 +205,14 @@ # Work out where to archive/copy this message. # Could do all the archiving in a different separate place. $archiveplaces = MailScanner::Config::Value('archivemail', $this); + if ($archiveplaces =~ /_DATE_/) { + # Only do the work for the date substitution if we really have to + my($day, $month, $year, $date); + ($day, $month, $year) = (localtime)[3,4,5]; + $date = sprintf("%04d%02d%02d", $year+1900, $month+1, $day); + $archiveplaces =~ s/_DATE_/$date/g; + #print STDERR "Archive location is $archiveplaces\n"; + } @{$this->{archiveplaces}} = ((defined $archiveplaces)?split(" ", $archiveplaces):()); bless $this, $type; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 11 09:37:42 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: The logging of mail-related entries to a maillog file is usually not done directly by each program (sendmail, MailScanner ...), but rather by the syslogd daemon. So the "resposible program" that need be informed the file has changed is syslogd. So you'd need an entry to handle all "syslogds files", and in that have a postrotate /usr/bin/killall -HUP syslogd # endscript ... or similar. man syslogd syslog.conf .... might be good reading;) (Many, if not most systems come with an entry for syslogd already configured) -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mister PO > Sent: den 11 januari 2005 10:02 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Logrotate and MailScanner > > > Hello all, > > My Mailscanner RedHat 9 Linux server logs its activity in the > /var/log/maillog file. > > I have added the following section to /etc/logrotate.conf to > purge logs daily : > > /var/log/maillog { > daily > create > rotate 3 > } > > but my log file is still growing and logrotate doesn't do its job. > > Do I need stop and start MailScanner to help logrotate do its job ? > > I know there is a postrotate instruction, but is there prerotate one ? > > Thanks in advance for your help, > > PO. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 11 09:46:10 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: I'd tend to agree with Martin here. Even if the domain would be mapped, ATM this type of thing has more benefit than badness. Also, the names you cite ring a bell... Some viruses "guess" names like that, and there the sole purpose is spreading, not really "mapping out the domain" (ie no "intelligence", nor "reporting" is really involved). -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: den 11 januari 2005 10:07 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: LDAP/MTA helping Spammers? > > > Chris > > We use something similar to this. I can't say that I've analysed where > the non-user errors are coming from, but 66% of all the > inbound spam is > for non-existant users. So this keeps my server load down > quite a bit.. > > Given the effectiveness of MS/SA/ClamAV/Sophos at trapping unwanted > emails I'm not that worried that the bad guys might be brute force > harvesting email addresses this way. In fact bring it on! > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Chris Lyon wrote: > > I have seen a few messages float around the list on this subject and > > wanted to give some of my input on it. I have been tracking > the "User > > unknown" > > messages for about a week now on one of my MailScanner systems and > > have found something odd. About 90% of all the "User > unknown" messages > > are coming from different hosts not seen before. So in other words a > > single IP address will open an SMTP connection, send a message > > anywhere from 5 to 29 recipients and drop the connection. We will > > generate the "User unknown" back to then during the connection since > > they are not on the list. That same IP address will usually will do > > this style of attack three or four times in a few seconds. > Only about > > 10% of all the "User unknown" attacks show the same IP > address again. > > (This has only been a week and maybe this number will > > change) The names they are using are standard dictionary > stuff. bob@, > > jeff@, todd@...etc. So what are they hunting for? Are they trying to > > get past the spam engine? Are they hunting for valid names? > > > > > > I think they doing all of the above but am mainly hunting for names. > > So with that said is using LDAP on the MTA giving too much > information > > back to the spammers as what addresses are good/bad? > > > > > > Any feedback? > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgutlon at YAHOO.COM Tue Jan 11 10:17:34 2005 From: rgutlon at YAHOO.COM (Rick Gutlon) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: I believe you need to restart cron in order for the changes in your logrotate.conf file to take effect. An example would be /etc/rc.d/init.d/crond restart Regards - --- Mister PO wrote: > Hello all, > > My Mailscanner RedHat 9 Linux server logs its > activity in the > /var/log/maillog file. > > I have added the following section to > /etc/logrotate.conf to purge logs daily : > > /var/log/maillog { > daily > create > rotate 3 > } > > but my log file is still growing and logrotate > doesn't do its job. > > Do I need stop and start MailScanner to help > logrotate do its job ? > > I know there is a postrotate instruction, but is > there prerotate one ? > > Thanks in advance for your help, > > PO. > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From p.g.m.peters at utwente.nl Tue Jan 11 10:24:24 2005 From: p.g.m.peters at utwente.nl (Peter Peters) Date: Thu Jan 12 21:28:09 2006 Subject: MS supporting Sendmail X? Message-ID: Any idea whether MS wiil support sendmail X? It appears Sendmail X will be completly different from the current Sendmail esp. i.r.t. queue handling. It looks like Sendmail X goes the "different programmes for different functions" way. -- Peter Peters, senior netwerkbeheerder Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Tue Jan 11 10:34:25 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:28:09 2006 Subject: Logrotate and MailScanner Message-ID: Um, no... That is generally not how it's done. True, logrotate is run from cron, but the only time you need inform cron is when you add logrotate as such, not when you change logrotate.conf (ex: on most linux distros the logrotate command is run from a script in /etc/cron.daily (which are run by the runparts thing), and is invoked like logrotate /etc/logrotate.conf ... which would lead to changes to that file (or any file it references) to be automatically included). What is needed is to either change a preexisting entry for syslogd files (ex: many linux distros would have that in /etc/logrotate.d/syslogd), or creating one. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Gutlon > Sent: den 11 januari 2005 11:18 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Logrotate and MailScanner > > > I believe you need to restart cron in order for the > changes in your logrotate.conf file to take effect. An > example would be /etc/rc.d/init.d/crond restart > > Regards - > > --- Mister PO wrote: > > > Hello all, > > > > My Mailscanner RedHat 9 Linux server logs its > > activity in the > > /var/log/maillog file. > > > > I have added the following section to > > /etc/logrotate.conf to purge logs daily : > > > > /var/log/maillog { > > daily > > create > > rotate 3 > > } > > > > but my log file is still growing and logrotate > > doesn't do its job. > > > > Do I need stop and start MailScanner to help > > logrotate do its job ? > > > > I know there is a postrotate instruction, but is > > there prerotate one ? > > > > Thanks in advance for your help, > > > > PO. > > > > ------------------------ MailScanner list > > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with > > the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ > > (http://www.mailscanner.biz/maq/) and > > the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - now with 250MB free storage. Learn more. > http://info.mail.yahoo.com/mail_250 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ddw at BAS.AC.UK Tue Jan 11 10:34:47 2005 From: ddw at BAS.AC.UK (Douglas Willis) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Is anyone running this module on an Opteron system? If so what OS an versions are you running? -- Douglas Willis (ddw@nerc-bas.ac.uk) British Antarctic Survey High Cross, Madingley Road Cambridge, CB3 0ET, United Kingdom tel: +44 1223 221400, fax: +44 1223 362616 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony.johansson at SVENSKAKYRKAN.SE Tue Jan 11 12:26:54 2005 From: tony.johansson at SVENSKAKYRKAN.SE (Tony Johansson) Date: Thu Jan 12 21:28:09 2006 Subject: Forward blocked files Message-ID: Is it possible to not just block filenames or filetypes but forward these messages to a specific mailbox? I do not want to quarantine viruses, just forward non-infected files that we normally block. /Tony ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Tue Jan 11 14:03:59 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Douglas Willis > Sent: Tuesday, January 11, 2005 5:35 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SAVI-Perl & AMD Opteron processors. > > Hi, > > Is anyone running this module on an Opteron system? > > If so what OS an versions are you running? > > -- > Douglas Willis (ddw@nerc-bas.ac.uk) Two Opteron systems: System 1: -------------------------------------------------------------- model name : AMD Opteron(tm) Processor 242 stepping : 8 cpu MHz : 1593.924 cache size : 1024 KB MemTotal: 2057732 kB OS: CentOS release 3.3 (final) Kernel: 2.4.21-20.0.1.ELsmp # MailScanner -V Running on Linux mta20.safeguardmail.net 2.4.21-20.0.1.ELsmp #1 SMP Fri Dec 3 01:31:00 GMT 2004 i686 athlon i386 GNU/Linux This is CentOS release 3.3 (final) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.10 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000002 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI -------------------------------------------------------------- System 2: -------------------------------------------------------------- model name : AMD Opteron(tm) Processor 242 physical id : 0 siblings : 1 stepping : 10 MemTotal: 2057732 kB OS: Red Hat Enterprise Linux ES release 3 (Taroon Update 4) Kernel: 2.4.21-20.0.1.ELsmp # MailScanner -V 'Running on Linux mta10.safeguardmail.net 2.4.21-20.ELsmp #1 SMP Wed Aug 18 20:34:58 EDT 2004 x86_64 x86_64 x86_64 GNU/Linux This is Red Hat Enterprise Linux ES release 3 (Taroon Update 4) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.37.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 3.05 MIME::Base64 5.415 MIME::Decoder 5.415 MIME::Decoder::UU 5.415 MIME::Head 5.415 MIME::Parser 3.03 MIME::QuotedPrint 5.415 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.00 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.01 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000002 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.31 URI Both systems are fully up2date except for the kernels. Both System run very well. Neither is heavily loaded yet. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jan 11 14:53:51 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: Most of the "dangerous content" checks that I carry out with MailScanner are controlled via rules files. In all cases the actions of the rules is to either "deliver", "delete", "striphtml" or "attachment". I do not use "disarm" with one exception. In MailScanner.conf I have Allow WebBugs = disarm If I see in the logs "Content Checks: Detected and will disarm HTML message in jBAtTRU022337" does this _only_ refer to the "disarming" of web bugs or can it also refer to actions taken over other content which did not involve the specific "disarm" action? Looking at the log records for other "dangerous content" actions the empirical answer to the above question is "yes". Could this be confirmed please. Thanks Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ddw at BAS.AC.UK Tue Jan 11 14:56:26 2005 From: ddw at BAS.AC.UK (Douglas Willis) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Douglas Willis >>Sent: Tuesday, January 11, 2005 5:35 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: SAVI-Perl & AMD Opteron processors. >> >>Hi, >> >>Is anyone running this module on an Opteron system? >> >>If so what OS an versions are you running? >> >>-- >>Douglas Willis (ddw@nerc-bas.ac.uk) >> >> > > >Two Opteron systems: > >System 1: >-------------------------------------------------------------- >model name : AMD Opteron(tm) Processor 242 >stepping : 8 >cpu MHz : 1593.924 >cache size : 1024 KB >MemTotal: 2057732 kB >OS: CentOS release 3.3 (final) >Kernel: 2.4.21-20.0.1.ELsmp > ># MailScanner -V >Running on >Linux mta20.safeguardmail.net 2.4.21-20.0.1.ELsmp #1 SMP Fri Dec 3 01:31:00 >GMT 2004 i686 athlon i386 GNU/Linux >This is CentOS release 3.3 (final) >This is Perl version 5.008000 (5.8.0) > >This is MailScanner version 4.37.7 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.01 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.04 Fcntl >2.71 File::Basename >2.05 File::Copy >2.01 FileHandle >1.05 File::Path >0.13 File::Temp >1.23 HTML::Entities >3.26 HTML::Parser >2.24 HTML::TokeParser >1.20 IO >1.09 IO::File >1.122 IO::Pipe >3.05 MIME::Base64 >5.415 MIME::Decoder >5.415 MIME::Decoder::UU >5.415 MIME::Head >5.415 MIME::Parser >3.03 MIME::QuotedPrint >5.415 MIME::Tools >0.09 Net::CIDR >1.05 POSIX >1.75 Socket >0.03 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >1.806 DB_File >1.10 Digest >1.01 Digest::HMAC >2.20 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >0.13 Mail::ClamAV >3.000002 Mail::SpamAssassin >missing Mail::SPF::Query >missing Net::CIDR::Lite >0.48 Net::DNS >missing Net::LDAP >1.94 Parse::RecDescent >missing SAVI > > What sort of mail volumes are you running through them? I notice that neither is using SAVI. Is this due to the code not compiling on the Opteron or just because you use other Anti-Virus solutions? -- Douglas Willis (ddw@nerc-bas.ac.uk) British Antarctic Survey High Cross, Madingley Road Cambridge, CB3 0ET, United Kingdom tel: +44 1223 221400, fax: +44 1223 362616 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jan 11 15:09:22 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:09 2006 Subject: custom inline signatures and RBL feedback Message-ID: Will this make it to the next version? I'd love to be able to use it in the inline warnings/sigs, etc. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, January 10, 2005 1:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: custom inline signatures and RBL feedback Fair enough. You can already put in $from and $subject as it stands. If you apply this patch to Message.pm you will be able to use $id as well. -----SNIP----- --- Message.pm.old 2004-12-22 17:22:02.000000000 +0000 +++ Message.pm 2005-01-10 18:41:49.000000000 +0000 @@ -2474,7 +2474,7 @@ # Work out the list of all the infected attachments, including # reports applying to the whole message - my($attach, $text, %infected, $filename, $from, $subject); + my($attach, $text, %infected, $filename, $from, $subject, $id); while (($attach, $text) = each %{$this->{allreports}}) { # It affects the entire message if the entity of this file matches # the entity of the entire message. @@ -2492,6 +2492,7 @@ $infected{MailScanner::Config::LanguageValue($this, 'notnamed')} = 1; } $filename = join(', ', keys %infected); + $id = $this->{id}; $from = $this->{from}; $subject = $this->{subject}; -----SNIP----- Vlad Mazek wrote: >> >> Can I ask why you want this, and what you are trying to achieve? > > > Its more of a political issue than technical accomplishment but > becuase of the size and the number of different clients we have it > comes up more often than I'd like to admit it. I don't stand behind > these requests or acknowledge that they make sense -- I just need to execute them. > > 1) Certain users require different signatures and mail actions > depending on their department membership or job function. For example, > certain marketing departments are required to include disclaimers > about the message/product. Law firms and stock brokerages need to > include additional timestamps when the message is processed at the > mail server for an employee that deals with customers but not for > marketing/etc that deal with other businesses (ie, when is the > transaction confirmation sent out of the network). > > 2) Certain users and companies require different signatures depending > on the time of the day the message is relayed. They use third party > chat/im software that indicates their chat availability so if the > message is sent during the business hours the chat/online link is > included in the signature. > > 3) Most users want to inline the senders IP address, email address, > etc so that the recipients can easilly see where the message came from > without looking at the message headers. Although I've explained that > this can be easilly spoofed I think we can use a link in combination > with sql logging to provide an additional level of > authenticity/verification. > > ... and other general requests like signatures, fortunes, etc. We're > seeing a bigger and bigger trend in enterprises where they are looking > to move more of the functions to the mail server and turn their mail > client into a dumb mail reading/writing terminal. This despite their > $$$ investments in tools like Outlook/Exchange which most people are > finding hard to use. > > -Vlad > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 15:14:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It will disarm those features you told it to. The "disarm HTML" in the message means it will be trying to disarm the requested bits of the HTML. If you didn't specify "disarm" then it won't do it, it will only disarm the bits you told it to. Hope that answers your question. Given a question "a or b" the answer cannot easily be "yes" :-) Quentin Campbell wrote: >Most of the "dangerous content" checks that I carry out with MailScanner >are controlled via rules files. In all cases the actions of the rules is >to either "deliver", "delete", "striphtml" or "attachment". > >I do not use "disarm" with one exception. In MailScanner.conf I have > > Allow WebBugs = disarm > >If I see in the logs "Content Checks: Detected and will disarm HTML >message in jBAtTRU022337" does this _only_ refer to the "disarming" of >web bugs or can it also refer to actions taken over other content which >did not involve the specific "disarm" action? > >Looking at the log records for other "dangerous content" actions the >empirical answer to the above question is "yes". Could this be confirmed >please. > >Thanks > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 15:15:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: custom inline signatures and RBL feedback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh yes, don't worry. It will be in the next release. Anything else you need in that bit while I'm at it? Alex Neuman van der Hans wrote: >Will this make it to the next version? I'd love to be able to use it in the >inline warnings/sigs, etc. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: Monday, January 10, 2005 1:47 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: custom inline signatures and RBL feedback > >Fair enough. You can already put in > $from >and > $subject >as it stands. > >If you apply this patch to Message.pm you will be able to use $id as well. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Tue Jan 11 15:23:16 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: Julian If the only thing I have told MailScanner to "disarm" are web bugs, then why is it apparently finding web bugs in mail that contain no tags in the HTML? The mail in question probably orginates as RTF from Outlook clients. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 11 January 2005 15:15 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question > >It will disarm those features you told it to. The "disarm HTML" in the >message means it will be trying to disarm the requested bits of the >HTML. If you didn't specify "disarm" then it won't do it, it will only >disarm the bits you told it to. > >Hope that answers your question. Given a question "a or b" the answer >cannot easily be "yes" :-) > >Quentin Campbell wrote: > >>Most of the "dangerous content" checks that I carry out with >MailScanner >>are controlled via rules files. In all cases the actions of >the rules is >>to either "deliver", "delete", "striphtml" or "attachment". >> >>I do not use "disarm" with one exception. In MailScanner.conf I have >> >> Allow WebBugs = disarm >> >>If I see in the logs "Content Checks: Detected and will disarm HTML >>message in jBAtTRU022337" does this _only_ refer to the "disarming" of >>web bugs or can it also refer to actions taken over other >content which >>did not involve the specific "disarm" action? >> >>Looking at the log records for other "dangerous content" actions the >>empirical answer to the above question is "yes". Could this >be confirmed >>please. >> >>Thanks >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>-------------------------------------------------------------- >---------- >>"Any opinion expressed above is mine. The University can get its own." >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 15:33:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: "Banned Content" question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you have told it to disarm web bugs, it has to search the message for them, at which point it will also disarm them. I think that's how it works... :-) Quentin Campbell wrote: >Julian > >If the only thing I have told MailScanner to "disarm" are web bugs, then >why is it apparently finding web bugs in mail that contain no tags >in the HTML? > >The mail in question probably orginates as RTF from Outlook clients. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 11 January 2005 15:15 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question >> >>It will disarm those features you told it to. The "disarm HTML" in the >>message means it will be trying to disarm the requested bits of the >>HTML. If you didn't specify "disarm" then it won't do it, it will only >>disarm the bits you told it to. >> >>Hope that answers your question. Given a question "a or b" the answer >>cannot easily be "yes" :-) >> >>Quentin Campbell wrote: >> >> >> >>>Most of the "dangerous content" checks that I carry out with >>> >>> >>MailScanner >> >> >>>are controlled via rules files. In all cases the actions of >>> >>> >>the rules is >> >> >>>to either "deliver", "delete", "striphtml" or "attachment". >>> >>>I do not use "disarm" with one exception. In MailScanner.conf I have >>> >>> Allow WebBugs = disarm >>> >>>If I see in the logs "Content Checks: Detected and will disarm HTML >>>message in jBAtTRU022337" does this _only_ refer to the "disarming" of >>>web bugs or can it also refer to actions taken over other >>> >>> >>content which >> >> >>>did not involve the specific "disarm" action? >>> >>>Looking at the log records for other "dangerous content" actions the >>>empirical answer to the above question is "yes". Could this >>> >>> >>be confirmed >> >> >>>please. >>> >>>Thanks >>> >>>Quentin >>>--- >>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> University of Newcastle, >>> Newcastle upon Tyne, >>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>-------------------------------------------------------------- >>> >>> >>---------- >> >> >>>"Any opinion expressed above is mine. The University can get its own." >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Tue Jan 11 15:36:08 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: I'm testing MailScanner and I'm getting the following rejected message sent back to the postmaster for Notification mesasges... I can send emails successfully to this account, but the Notification messages get rejected. Any ideas? Thanks, Diane The original message was received at Sun, 9 Jan 2005 16:34:10 -0600 from localhost [127.0.0.1] with id j09MYAcI009862 ----- The following addresses had permanent fatal errors ----- (reason: 550 Administrative prohibition) ----- Transcript of session follows ----- ... while talking to kdinet.com.mail5.psmtp.com.: >>> DATA <<< 550 Administrative prohibition 554 5.0.0 Service unavailable [-- Attachment #2 --] [-- Type: message/delivery-status, Encoding: 7bit, Size: 0.3K --] Reporting-MTA: dns; prsvr02.km-law.local Arrival-Date: Sun, 9 Jan 2005 16:34:10 -0600 Final-Recipient: RFC822; drolland@kdinet.com Action: failed Status: 5.2.0 Remote-MTA: DNS; kdinet.com.mail5.psmtp.com Diagnostic-Code: SMTP; 550 Administrative prohibition Last-Attempt-Date: Sun, 9 Jan 2005 16:34:12 -0600 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jan 11 15:41:38 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:09 2006 Subject: custom inline signatures and RBL feedback Message-ID: $to (envelope and header), $rcvd_from_ip, $reason_for_munging_the_message (it's spam, it's a virus, it's bad content), $action (disarmed this, disarmed that, deleted, stored, etc.) These are just suggestions, not requests. Would love the functionality, though! Good luck, and Happy New Year... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, January 11, 2005 10:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: custom inline signatures and RBL feedback Oh yes, don't worry. It will be in the next release. Anything else you need in that bit while I'm at it? Alex Neuman van der Hans wrote: >Will this make it to the next version? I'd love to be able to use it in >the inline warnings/sigs, etc. > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Monday, January 10, 2005 1:47 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: custom inline signatures and RBL feedback > >Fair enough. You can already put in > $from >and > $subject >as it stands. > >If you apply this patch to Message.pm you will be able to use $id as well. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Tue Jan 11 15:55:30 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:09 2006 Subject: SAVI-Perl & AMD Opteron processors. Message-ID: Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Douglas Willis > Sent: Tuesday, January 11, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: SAVI-Perl & AMD Opteron processors. > > Steve Swaney wrote: > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Douglas Willis > >>Sent: Tuesday, January 11, 2005 5:35 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: SAVI-Perl & AMD Opteron processors. > >> > >>Hi, > >> > >>Is anyone running this module on an Opteron system? > >> > >>If so what OS an versions are you running? > >> > >>-- > >>Douglas Willis (ddw@nerc-bas.ac.uk) > >> > >> > > > > > >Two Opteron systems: > > > > > What sort of mail volumes are you running through them? > > I notice that neither is using SAVI. > Is this due to the code not compiling on the Opteron or just because you > use other Anti-Virus solutions? > They have only recently come on line so there is very low volume, just around 10,000 per day. Load never seems to get much above 0.5 on the system that's running MailWatch and hovers around 0.0 on the other system. We're running bitdefender clamav so no SAVI is necessary. We've had no problem compiling or installing anything. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cslyon at gmail.com Tue Jan 11 16:28:40 2005 From: cslyon at gmail.com (Chris Lyon) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: On Tue, 11 Jan 2005 10:46:10 +0100, Steen, Glenn wrote: > I'd tend to agree with Martin here. Even if the domain would be mapped, > ATM this type of thing has more benefit than badness. I am not disagreeing that the benefit isn't there but from a security standpoint it is always better to give less information that more information. So either at the MTA or in MS wouldn't it be better to just silently delete? Not sending any "User unknown"? > > Also, the names you cite ring a bell... Some viruses "guess" names like > that, and there the sole purpose is spreading, not really "mapping out > the domain" (ie no "intelligence", nor "reporting" is really involved). I do recall a few of these virus but I would also think they would be coming back from the same IP over and over. That accounts for only 10% of the 5000 hits in a week on our system. > > -- Glenn > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > > Sent: den 11 januari 2005 10:07 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: LDAP/MTA helping Spammers? > > > > > > Chris > > > > We use something similar to this. I can't say that I've analysed where > > the non-user errors are coming from, but 66% of all the > > inbound spam is > > for non-existant users. So this keeps my server load down > > quite a bit.. > > > > Given the effectiveness of MS/SA/ClamAV/Sophos at trapping unwanted > > emails I'm not that worried that the bad guys might be brute force > > harvesting email addresses this way. In fact bring it on! > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > Chris Lyon wrote: > > > I have seen a few messages float around the list on this subject and > > > wanted to give some of my input on it. I have been tracking > > the "User > > > unknown" > > > messages for about a week now on one of my MailScanner systems and > > > have found something odd. About 90% of all the "User > > unknown" messages > > > are coming from different hosts not seen before. So in other words a > > > single IP address will open an SMTP connection, send a message > > > anywhere from 5 to 29 recipients and drop the connection. We will > > > generate the "User unknown" back to then during the connection since > > > they are not on the list. That same IP address will usually will do > > > this style of attack three or four times in a few seconds. > > Only about > > > 10% of all the "User unknown" attacks show the same IP > > address again. > > > (This has only been a week and maybe this number will > > > change) The names they are using are standard dictionary > > stuff. bob@, > > > jeff@, todd@...etc. So what are they hunting for? Are they trying to > > > get past the spam engine? Are they hunting for valid names? > > > > > > > > > I think they doing all of the above but am mainly hunting for names. > > > So with that said is using LDAP on the MTA giving too much > > information > > > back to the spammers as what addresses are good/bad? > > > > > > > > > Any feedback? > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 16:31:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: Julian nice to know the commercial world eventually catches up.. What's New in Eudora 6.2 Email ScamWatch ScamWatch combats "phishing" schemes that use disguised URL's to gather personal information. Eudora now detects if the URL in the link differs suspiciously from the host name and warns you to exercise caution before making the connection. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 11 16:39:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: Chris Lyon wrote: > On Tue, 11 Jan 2005 10:46:10 +0100, Steen, Glenn wrote: > >>I'd tend to agree with Martin here. Even if the domain would be mapped, >>ATM this type of thing has more benefit than badness. > > > I am not disagreeing that the benefit isn't there but from a security > standpoint it is always better to give less information that more > information. So either at the MTA or in MS wouldn't it be better to > just silently delete? Not sending any "User unknown"? > Depends on risk you attach to having your email addresses 'known'. Also depends on the server load (66% of my inbound email is spam/malware for non existant addresses)....and if the message does get through you end up bouncing it by the final MX and then having to deal with the bounce of the bounce as the 'from' address prob won't work either.... A straight '550 no such user' from the MailScanner inbound MTA is much cleaner IHMO. For me the risk of having someone brute force the email addresses buy guessing is less than the email gateway being DOS-ed by thousands of emails I need to get MS to process to decide what to do with it. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 16:39:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would be very interested to hear if it is actually any good at it. I finally stopped paying Eudora for not fixing bugs, when Thunderbird appeared. Far superior app, it doesn't crash and it actually does what it says on the tin! The only thing I miss is PGP support (it has Enigmail which has GPG, but no PGP which I need for 1 purpose). Martin Hepworth wrote: > Julian > > nice to know the commercial world eventually catches up.. > > What's New in Eudora 6.2 Email > > ScamWatch > ScamWatch combats "phishing" schemes that use disguised URL's to gather > personal information. Eudora now detects if the URL in the link differs > suspiciously from the host name and warns you to exercise caution before > making the connection. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Tue Jan 11 16:52:51 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Lyon wrote: >I am not disagreeing that the benefit isn't there but from a security >standpoint it is always better to give less information that more >information. So either at the MTA or in MS wouldn't it be better to >just silently delete? Not sending any "User unknown"? > > Definately not better to silently delete, unless you have unlimited bandwidth. These are just probes off fresh machines, the second you accept the email without an error code that email address is validated and sold and you are placed in a second wave of attacks where they throw an even bigger dictionary at you. As per your direct email to me: Fresh (ie, not in a blacklist) owned boxes are used to launch dictionary attacks first -- some RBLs run a check against the IP for reverse dns, open proxy, rfc-ignorant, etc. Spammers usually they try to load balance their attacks through the entire block that the system has access to which is why you are seeing such a low hit rate per IP. Try plotting the amount of hits against a /24 instead of just a single ip. After the dictionary attacks, they are used to launch spam, then viruses and finally they are switched to open relay where dozens of people who have purchased the spamming software can use the compromised systems to launch their own content. The faster and sooner you can block them, the better. If it is a legitimate system, you will have the administrator contact you. At ExchangeDefender we field about 2-3 trouble tickets per day from remote mail admins but we block between 100-300 per day and slighly over 400 a day on weekends. Think about it this way: What are the odds that a mail system with no PTR will connect to my network and attempt to hit 20+ unknown recipients? -Vlad Mazek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue Jan 11 17:53:15 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:28:09 2006 Subject: LDAP/MTA helping Spammers? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I am not disagreeing that the benefit isn't there but from a > security standpoint it is always better to give less > information that more information. So either at the MTA or in > MS wouldn't it be better to just silently delete? Not sending any > "User unknown"? Good lord no. If a perfectly valid sender misspells the recipient noone will ever know! Moreover you have to distinguish between viruses/worms that are trying to brute-force stuff and spammers trying all kinds of addresses. There is no medicine against viruses/worms brute-force attacks. You can teergrube them a bit but you will not stop them. Our statistics show however that at least some spam-networks seem to "recognize" that certain accounts do not work anymore and will delete those e-mails from their lists. A lot of our customers started of with thousands of delivery attempts to non-existing users and from the point we started sending back "550 user unknown" things got a _LOT_ better for them. Of course you give hackers etc. a bit more insight since you tell them which addresses are valid and which ones are not. This is not a big risk though since security by obscurity never worked out. It aids but it is not sufficient anyways. And as I stated above, the risk of loosing valid mail due to silently deleting is not acceptable for most business users. Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Tue Jan 11 18:43:26 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Rożek) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > The only thing I miss is PGP support (it has Enigmail which has GPG, but > no PGP which I need for 1 purpose). Is it what your're looking for? 01/05/2005 Enigmail v0.90.0 has been released. Complete OpenPGP key management http://software.newsforge.com/article.pl?sid=05/01/06/1557216 -- Regards, Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at TRCINTL.COM Tue Jan 11 19:11:00 2005 From: lists at TRCINTL.COM (Kyle Harris) Date: Thu Jan 12 21:28:09 2006 Subject: AV Update Logging to SysLog Message-ID: I have a small script I put together a while back that looks through the mail log and gives me some basic information such as when the AV's that I'm running last updated and what viruses each AV has found. It is very similar to Vispan only it runs from the command line and gives very basic, daily information. Anyway, I recently discovered that some of the MailScanner autoupdate scripts do not write to the SysLog (my script looks for these entries). I use ClamAV, eTrust, and BitDefender. ClamAV (and eTrust) write something such as follows to the maillog: Found clamav installed Running autoupdate for clamav ClamAV did not need updating (or ClamAV updated, if that is the case) However, the BitDefender autoupdate script writes nothing to the maillog file. I took a look at some of the other autoupdate scripts and it appears that there are others that don't write to the SysLog. For the sake of continuity, anyone else think it would be a good idea for them to all log updates in a similar manner? In the event the answer is yes, I took a look at the BitDefender autoupdate that comes with MailScanner and found it to be a bit difficult to follow. I then had a look at the clamav-autoupdate script that Julian originally wrote and I found it quite easy to modify it to work with BitDefender. I have attached that script to this message in case it would be of use to anyone else, and it does log updates to SysLog. I believe it is a bit cleaner than the original script, however I have done limited testing of it. Thoughts? Kyle H. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "bitdefender-autoupdate") ] [ 2.7KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Tue Jan 11 19:47:37 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcin Rożek wrote: > Julian Field wrote: > >> The only thing I miss is PGP support (it has Enigmail which has GPG, but >> no PGP which I need for 1 purpose). > > Is it what your're looking for? > > 01/05/2005 Enigmail v0.90.0 has been released. Complete OpenPGP key > management > > http://software.newsforge.com/article.pl?sid=05/01/06/1557216 I only installed it today, so presumably I have the latest version. I need to use an encryption key which uses the IDEA algorithm, which I understand GPG does not support. I can work around it at the moment, so it's not a killer problem. More awkward though as I have to do the PGP signing via the clipboard and the PGP app. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at SUDORA.COM Tue Jan 11 20:23:00 2005 From: james at SUDORA.COM (James A. Pattie) Date: Thu Jan 12 21:28:09 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Craig Daters wrote: | James A. Pattie wrote: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Julian Field wrote: |> | Craig Daters wrote: |> | |> |> Martin Hepworth wrote: |> |> |> |>> Craig |> |>> |> |>> I do the entire outside email traffic. |> |>> |> |>> tar it up after three days, then manually burnt to CD once I get |> enough |> |>> to fit onto a CD. |> |>> |> |>> If you make the "Archive Mail = users.rule" you can populate the rule |> |>> file with the users you want to archive. |> |>> |> |>> I then have a script that's called by cron to tar.gz up the |> |>> directories.. |> |>> |> |>> |> |> Thanks Martin, |> |> |> |> This gives me an idea of how to start a backup script. I do not |> want to |> |> back up all of it, as this would be to big. I only want to back up |> like |> |> 4 or 5 users email is all. Then be able to restore it somewhere to be |> |> able to find a particular message, preferably from a windows |> machine as |> |> no one other than myself knows how to use Linux.... |> |> |> | Use a ruleset to only archive the mail for a few users, and archive |> each |> | of them into a separate mbox file. See the comment above the "Archive |> | Mail" setting for info on this. An mbox file is, more or less, a plain |> | old text file containing all the messages archived into that file. If |> | you back these up into a .tgz file somewhere, your Windows staff can |> use |> | Winzip to open up the archive and then use any old text editor (or even |> | Word if they must!) and search the text file for relevant |> | keywords/dates/whatever. |> | |> | The Windows users will have to get used to seeing the full headers of |> | each message, but they will soon get used to it. And it's enormously |> | easier and faster to search than most other ways of hunting through |> | messages in a large mailbox. |> |> Or you use Mozilla Thunderbird and import the mbox file into their "Local |> Folders" and then use the nice gui to search, print, etc. |> |> - -- |> James A. Pattie |> james@sudora.com |> |> Linux -- SysAdmin / Programmer |> Sudora, LLC |> http://www.sudora.com/ |> | I had no idea Thunderbird could do this! I knew that I liked this app | for a reason :) Yup, I just found out how to do it yesterday before I saw this thread. :) It's currently a manual process, but the instructions were really easy. I ran across it in the Thunderbird FAQ section. | | I will deffinately have to remember this, thanks James. - -- James A. Pattie james@sudora.com Linux -- SysAdmin / Programmer Sudora, LLC http://www.sudora.com/ GPG Key Available at https://services.sudora.com/gpgkeys/james.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5DWjSl+1j6z8MycRAgj1AJ9K0mJ2SNS3l35RhgbATbkOi9PCfgCbBJwo 1PX+fCTnaz9p3XEqMVLMp7o= =SiMe -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Tue Jan 11 20:44:31 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Rożek) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I only installed it today, so presumably I have the latest version. I > need to use an encryption key which uses the IDEA algorithm, which I > understand GPG does not support. Perhaps this will help... http://www.gnupg.org/(en)/documentation/faqs.html#q3.3 -- Regards, Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Jan 11 20:39:33 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: We have just finished updating spamassassin to Version 3 and I remember seeing something on this list about which extra rules you should remove if you use rules_du_jour here is a list of the extra's I have… -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf -rw-r--r-- 1 root root 3927 Apr 24 2004 70_sare_bayes_poison_nxm.cf -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf -rw-r--r-- 1 root root 13211 May 11 2004 72_sare_bml_post25x.cf -rw-r--r-- 1 root root 10147 May 1 2004 99_sare_fraud_post25x.cf -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf -rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus-warnings.cf -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf Thank you. Philip Parsons ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 20:51:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcin Rożek wrote: > Julian Field wrote: > >> I only installed it today, so presumably I have the latest version. I >> need to use an encryption key which uses the IDEA algorithm, which I >> understand GPG does not support. > > Perhaps this will help... > http://www.gnupg.org/(en)/documentation/faqs.html#q3.3 That looks just the job. Now I've just got to figure out how to get it into a Darwin "port"... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 11 21:04:21 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: > I'm testing MailScanner and I'm getting the following rejected message > sent back to the postmaster for Notification mesasges... > > I can send emails successfully to this account, but the Notification > messages get rejected. > > Any ideas? > > Thanks, > Diane > > The original message was received at Sun, 9 Jan 2005 16:34:10 -0600 > from localhost [127.0.0.1] > with id j09MYAcI009862 > > ----- The following addresses had permanent fatal errors ----- > > (reason: 550 Administrative prohibition) > > ----- Transcript of session follows ----- > ... while talking to kdinet.com.mail5.psmtp.com.: >>>> DATA > <<< 550 Administrative prohibition > > 554 5.0.0 Service unavailable > > [-- Attachment #2 --] > [-- Type: message/delivery-status, Encoding: 7bit, Size: 0.3K --] > > Reporting-MTA: dns; prsvr02.km-law.local > Arrival-Date: Sun, 9 Jan 2005 16:34:10 -0600 > > Final-Recipient: RFC822; drolland@kdinet.com > Action: failed > Status: 5.2.0 > Remote-MTA: DNS; kdinet.com.mail5.psmtp.com > Diagnostic-Code: SMTP; 550 Administrative prohibition > Last-Attempt-Date: Sun, 9 Jan 2005 16:34:12 -0600 > Diane, This could be a restriction caused by rules on the MTA, or it could be a permissions thing. I am assuming from your post in the ClamAV group a couple days ago that you are using Postfix? If so, double-check the settings in MailScanner.conf, especially the Systems Settings section (near the top) and the Notices to System Administrators section (nearer the bottom). I don't use Postfix so I'll have to defer to someone else who does for detailed settings, however, the comments are pretty clear. Don't give up, there are a few here who use Postfix successfully and I'm sure you'll get the help you need. It may be helpful to include your specific configuration and maybe a snippet of your MailScanner.conf (System Settings) to get a more detailed response. Kind regards, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 11 21:12:47 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: >It may be helpful to include your specific configuration and maybe a snippet >of your MailScanner.conf (System Settings) to get a more detailed response. > > And indeed the part of the mail log that details the events around the bounce. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Jan 11 21:13:35 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Ken Goods wrote: > >> It may be helpful to include your specific configuration and maybe a >> snippet of your MailScanner.conf (System Settings) to get a more >> detailed response. >> >> > And indeed the part of the mail log that details the events around the > bounce. > > Drew Better yet! Thanks Drew. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jan 11 21:18:27 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] At 03:39 PM 1/11/2005, Philip Parsons wrote: >We have just finished updating spamassassin to Version 3 and I remember >seeing something on this list about which extra rules you should remove if >you use rules_du_jour here is a list of the extra's I have^Ĺ > >-rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf I don't know about the others, I don't think any of them are included, but antidrug is built into SA 3.x and you should remove it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Jan 11 21:27:03 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: I don't use any extra rulesets after upgrading to SA3.x Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Philip Parsons Sent: Tuesday, January 11, 2005 2:40 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Updated spamassassin to version 3 We have just finished updating spamassassin to Version 3 and I remember seeing something on this list about which extra rules you should remove if you use rules_du_jour here is a list of the extra's I have. -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf -rw-r--r-- 1 root root 3927 Apr 24 2004 70_sare_bayes_poison_nxm.cf -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf -rw-r--r-- 1 root root 13211 May 11 2004 72_sare_bml_post25x.cf -rw-r--r-- 1 root root 10147 May 1 2004 99_sare_fraud_post25x.cf -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf -rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus-warnings.cf -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf Thank you. Philip Parsons ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 21:33:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Marcin Rożek wrote: > >> Julian Field wrote: >> >>> I only installed it today, so presumably I have the latest version. I >>> need to use an encryption key which uses the IDEA algorithm, which I >>> understand GPG does not support. >> >> >> Perhaps this will help... >> http://www.gnupg.org/(en)/documentation/faqs.html#q3.3 > > > That looks just the job. Now I've just got to figure out how to get it > into a Darwin "port"... Done it. Many thanks for the pointer to the faq. Enigmail will be more useful now :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Tue Jan 11 21:59:03 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ken Goods > Sent: Tuesday, January 11, 2005 3:14 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Notification messages failing > > Drew Marshall wrote: > > Ken Goods wrote: > > > >> It may be helpful to include your specific configuration > and maybe a > >> snippet of your MailScanner.conf (System Settings) to get a more > >> detailed response. > >> > >> > > And indeed the part of the mail log that details the events > around the > > bounce. > > > > Drew Thanks guys! MTA is sendmail not postfix. Below are my System settings and the portion of the maillog file # System settings # --------------- # # How many MailScanner processes do you want to run at a time? # There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic. # If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure. # If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB. # # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 # User to run as (not normally used for sendmail) # If you want to change the ownership or permissions of the quarantine or # temporary files created by MailScanner, please see the "Incoming Work" # settings later in this file. #Run As User = mail #Run As User = postfix Run As User = # Group to run as (not normally used for sendmail) #Run As Group = mail #Run As Group = postfix Run As Group = # How often (in seconds) should each process check the incoming mail # queue for new messages? If you have a quiet mail server, you might # want to increase this value so it causes less load on your server, at # the cost of slightly increasing the time taken for an average message # to be processed. Queue Scan Interval = 5 # Set location of incoming mail queue # # This can be any one of # 1. A directory name # Example: /var/spool/mqueue.in # 2. A wildcard giving directory names # Example: /var/spool/mqueue.in/* # 3. The name of a file containing a list of directory names, # which can in turn contain wildcards. # Example: /etc/MailScanner/mqueue.in.list.conf # # If you are using sendmail and have your queues split into qf, df, xf # directories, then just specify the main directory, do not give me the # directory names of the qf,df,xf directories. # Example: if you have /var/spool/mqueue.in/qf # /var/spool/mqueue.in/df # /var/spool/mqueue.in/xf # then just tell me /var/spool/mqueue.in. I will find the subdirectories # automatically. # Incoming Queue Dir = /var/spool/mqueue.in # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/mqueue # Set where to unpack incoming messages before scanning them # This can completely safely use tmpfs or a ramdisk, which will # give you a significant performance improvement. # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Incoming Work Dir = /var/spool/MailScanner/incoming # Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset. Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id number so you can stop MailScanner PID file = /var/run/MailScanner.pid # To avoid resource leaks, re-start periodically Restart Every = 14400 # Set whether to use postfix, sendmail, exim or zmailer. # If you are using postfix, then see the "SpamAssassin User State Dir" # setting near the end of this file MTA = sendmail # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It is the command used to attempt delivery of outgoing cleaned/disinfected # messages. # This is not usually required for sendmail. # This can also be the filename of a ruleset. #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf #For sendmail users: Sendmail2 = /usr/sbin/sendmail #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf Sendmail2 = /usr/sbin/sendmail maillog Jan 9 15:01:04 prsvr02 MailScanner[9035]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:04 prsvr02 update.virus.scanners: Delaying cron job up to 600 seconds Jan 9 15:01:04 prsvr02 MailScanner[9035]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:04 prsvr02 MailScanner[9035]: Using locktype = flock Jan 9 15:01:04 prsvr02 MailScanner[9035]: New Batch: Scanning 2 messages, 5972 bytes Jan 9 15:01:05 prsvr02 MailScanner[9035]: Virus and Content Scanning: Starting Jan 9 15:01:05 prsvr02 MailScanner[9035]: Filename Checks: Windows/DOS Executable (j09KPQHP008851 eicar.com) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Filename Checks: Windows/DOS Executable (j09KPhCe008852 eicar.com) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Other Checks: Found 2 problems Jan 9 15:01:05 prsvr02 MailScanner[9035]: Content Checks: Detected and will disarm HTML message in j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Content Checks: Detected and will disarm HTML message in j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved entire message to /var/spool/MailScanner/quarantine/20050109/j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar.com" to /var/spool/MailScanner/quarantine/20050109/j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar_com.zip" to /var/spool/MailScanner/quarantine/20050109/j09KPQHP008851 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved entire message to /var/spool/MailScanner/quarantine/20050109/j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar.com" to /var/spool/MailScanner/quarantine/20050109/j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Saved infected "eicar_com.zip" to /var/spool/MailScanner/quarantine/20050109/j09KPhCe008852 Jan 9 15:01:05 prsvr02 MailScanner[9035]: Cleaned: Delivered 2 cleaned messages Jan 9 15:01:05 prsvr02 sendmail[9057]: j09L1574009057: from=<>, size=856, class=0, nrcpts=1, msgid=<200501092101.j09L1574009057@prsvr02.km-law.local>, relay=root@localhost Jan 9 15:01:05 prsvr02 sendmail[9060]: j09KPQHP008851: to=, delay=00:35:39, xdelay=00:00:00, mailer=local, pri=122347, dsn=2.0.0, stat=Sent Jan 9 15:01:05 prsvr02 sendmail[9060]: j09KPhCe008852: to=, delay=00:35:22, xdelay=00:00:00, mailer=local, pri=122513, dsn=2.0.0, stat=Sent Jan 9 15:01:05 prsvr02 sendmail[9061]: j09L15fH009061: from=<>, size=1110, class=0, nrcpts=1, msgid=<200501092101.j09L1574009057@prsvr02.km-law.local>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Jan 9 15:01:05 prsvr02 sendmail[9061]: j09L15fH009061: to=, delay=00:00:00, mailer=esmtp, pri=31110, stat=queued Jan 9 15:01:05 prsvr02 sendmail[9057]: j09L1574009057: to=drolland@kdinet.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30856, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j09L15fH009061 Message accepted for delivery) Jan 9 15:01:05 prsvr02 sendmail[9064]: j09L15pe009064: from=<>, size=856, class=0, nrcpts=1, msgid=<200501092101.j09L15pe009064@prsvr02.km-law.local>, relay=root@localhost Jan 9 15:01:05 prsvr02 sendmail[9066]: j09L15pB009066: from=<>, size=1110, class=0, nrcpts=1, msgid=<200501092101.j09L15pe009064@prsvr02.km-law.local>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Jan 9 15:01:05 prsvr02 sendmail[9066]: j09L15pB009066: to=, delay=00:00:00, mailer=esmtp, pri=31110, stat=queued Jan 9 15:01:05 prsvr02 sendmail[9064]: j09L15pe009064: to=drolland@kdinet.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30856, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j09L15pB009066 Message accepted for delivery) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Sender Warnings: Delivered 2 warnings to virus senders Jan 9 15:01:05 prsvr02 sendmail[9067]: j09L1511009067: from=postmaster, size=3437, class=0, nrcpts=1, msgid=<200501092101.j09L1511009067@prsvr02.km-law.local>, relay=root@localhost Jan 9 15:01:05 prsvr02 sendmail[9069]: j09L15SK009069: from=, size=3712, class=0, nrcpts=1, msgid=<200501092101.j09L1511009067@prsvr02.km-law.local>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] Jan 9 15:01:05 prsvr02 sendmail[9067]: j09L1511009067: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33437, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j09L15SK009069 Message accepted for delivery) Jan 9 15:01:05 prsvr02 MailScanner[9035]: Notices: Warned about 2 messages Jan 9 15:01:05 prsvr02 MailScanner[9035]: New Batch: Scanning 3 messages, 7267 bytes Jan 9 15:01:08 prsvr02 MailScanner[9035]: Virus and Content Scanning: Starting Jan 9 15:01:08 prsvr02 MailScanner[9035]: Uninfected: Delivered 3 messages Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: postmaster notify: Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L18kD009085: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32434, dsn=2.0.0, stat=Sent Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L15fH009061: to=, delay=00:00:06, xdelay=00:00:01, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L15fH009061: j09L18kE009085: postmaster notify: Service unavailable Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L18kE009085: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32434, dsn=2.0.0, stat=Sent Jan 9 15:01:11 prsvr02 sendmail[9085]: j09L15SK009069: to=root, delay=00:00:06, xdelay=00:00:00, mailer=local, pri=123712, dsn=2.0.0, stat=Sent Jan 9 15:01:14 prsvr02 MailScanner[9089]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:14 prsvr02 MailScanner[9089]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:14 prsvr02 MailScanner[9089]: Using locktype = flock Jan 9 15:01:24 prsvr02 MailScanner[9090]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:24 prsvr02 MailScanner[9090]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:24 prsvr02 MailScanner[9090]: Using locktype = flock Jan 9 15:01:34 prsvr02 MailScanner[9091]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:34 prsvr02 MailScanner[9091]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:35 prsvr02 MailScanner[9091]: Using locktype = flock Jan 9 15:01:44 prsvr02 MailScanner[9092]: MailScanner E-Mail Virus Scanner version 4.37.7 starting... Jan 9 15:01:44 prsvr02 MailScanner[9092]: Enabling SpamAssassin auto-whitelist functionality... Jan 9 15:01:44 prsvr02 MailScanner[9092]: Using locktype = flock ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 22:35:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: postmaster notify: Service unavailable That's the important bit. For some reason your SMTP server is insisting on TLS encryption, when the sendmail binary appears to be unable to do. Someone else with more experience of TLS is needed here. Can you make sendmail not insist on TLS when the connection is coming from localhost? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eneal at DFI-INTL.COM Tue Jan 11 22:37:41 2005 From: eneal at DFI-INTL.COM (Errol Neal) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: This is interesting. Can you do an ldd on your sendmail binary. Also, can you post your sendmail.mc thx -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, January 11, 2005 5:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Notification messages failing Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, stat=Service unavailable Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: postmaster notify: Service unavailable That's the important bit. For some reason your SMTP server is insisting on TLS encryption, when the sendmail binary appears to be unable to do. Someone else with more experience of TLS is needed here. Can you make sendmail not insist on TLS when the connection is coming from localhost? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 11 22:38:55 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, >relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, >cipher=AES256-SHA, bits=256/256 > > That will be the important bit then, some form of TLS/ authentication error by the looks. I'm not a Sendmail user so I'll have to hand over to someone else but this looks like the bit. Nothing to do with MailScanner at all. >Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: >to=, delay=00:00:05, xdelay=00:00:02, mailer=esmtp, >pri=121110, relay=kdinet.com.mail5.psmtp.com. [64.18.5.10], dsn=5.0.0, >stat=Service unavailable >Jan 9 15:01:10 prsvr02 sendmail[9085]: j09L15pB009066: j09L18kD009085: >postmaster notify: Service unavailable > > Sorry I can't be more help Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 11 23:06:01 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Diane Rolland wrote: > >> Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, >> relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, >> cipher=AES256-SHA, bits=256/256 >> >> > That will be the important bit then, some form of TLS/ authentication > error by the looks. I'm not a Sendmail user so I'll have to hand over to > someone else but this looks like the bit. Nothing to do with MailScanner > at all. I wouldn't call myself a TLS expert at all but I see these lines all the time without any error. To me it just means that two TLS capable MTA:s negotiated for authentication but it failed as in no matching certificates, not as in an actual technical error. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 11 23:08:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bonivart wrote: > Drew Marshall wrote: > >> Diane Rolland wrote: >> >>> Jan 9 15:01:09 prsvr02 sendmail[9085]: STARTTLS=client, >>> relay=kdinet.com.mail5.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, >>> cipher=AES256-SHA, bits=256/256 >>> >>> >> That will be the important bit then, some form of TLS/ authentication >> error by the looks. I'm not a Sendmail user so I'll have to hand over to >> someone else but this looks like the bit. Nothing to do with MailScanner >> at all. > > > I wouldn't call myself a TLS expert at all but I see these lines all the > time without any error. To me it just means that two TLS capable MTA:s > negotiated for authentication but it failed as in no matching > certificates, not as in an actual technical error. But the line after that failed with a "Service unavailable" error. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 11 23:20:25 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >> I wouldn't call myself a TLS expert at all but I see these lines all the >> time without any error. To me it just means that two TLS capable MTA:s >> negotiated for authentication but it failed as in no matching >> certificates, not as in an actual technical error. > > > But the line after that failed with a "Service unavailable" error. Yes, but I get the verification errors all the time with MTA:s on the internet that are TLS capable, but no errors so I'm not sure it's a TLS problem. It's just that we have not exchanged certificates. But as usual, I could be wrong. :-) But anyway, if it's an internal server it's usually not preferable to use TLS since it will encrypt/decrypt everything even without authentication and that eats some performance. You can control TLS behavior with the access file. It's described here (look especially at bottom): http://sendmail.org/m4/starttls.html -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Tue Jan 11 23:29:06 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:09 2006 Subject: Updated spamassassin to version 3 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Philip Parsons > Sent: Tuesday, January 11, 2005 3:40 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Updated spamassassin to version 3 > > We have just finished updating spamassassin to Version 3 and I remember > seeing something on this list about which extra rules you should remove if > you use rules_du_jour here is a list of the extra's I have. > > -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf > -rw-r--r-- 1 root root 3927 Apr 24 2004 > 70_sare_bayes_poison_nxm.cf > -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf > -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf > -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf > -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf > -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf > -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf > -rw-r--r-- 1 root root 13211 May 11 2004 > 72_sare_bml_post25x.cf > -rw-r--r-- 1 root root 10147 May 1 2004 > 99_sare_fraud_post25x.cf > -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf > -rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus- > warnings.cf > -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf > -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf > > > Thank you. > Philip Parsons > Phil, You migh get rid of all files except a subset of the SpamAssassin Rules Emporium's Rules_Du_Jour files. Remove all of the *.cf files in /etc/mail/spamassassin and any rules_du_jour files in /etc/cron.daily. Then download the Rules_Du_Jour installation files from our website: http://www.fsl.com/support/ Untar this file and cd into the rules_du_jour directory that will be created, then read the INSTALL instructions. The install.sh script works properly on a Linux / sendmail / MailScanner /SpamAssassin 3.0x system. Any other combination is not guaranteed but the install script is extremely simple. Thr rules_du_jour_wrapper script which install in /etc/cron.daily will actually update the rules_du_jour script. The rules_du_jour script will update the additional rules daily if if updated rules are available. The bogus-virus-warnings.cf file that's installed is not updated since it's been modified to take out the all the MailScanner related rules that might catch valid local emails and notices. Hope this helps, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Tue Jan 11 23:40:28 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: > > This is interesting. Can you do an ldd on your sendmail > binary. Also, can you post your sendmail.mc > I'm afraid I don't know what an lld is.... But, here is the sendmail.mc divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for Red Hat Linux')dnl OSTYPE(`linux')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST',`smtp.your.provider') dnl # define(`confDEF_USER_ID',``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # Added the following 4 lines by Diane 12/29/2004 dnl # TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # make -C /usr/share/ssl/certs usage dnl # or use the included makecert.sh script dnl # dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Jan 11 23:44:27 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >>This is interesting. Can you do an ldd on your sendmail >>binary. Also, can you post your sendmail.mc >> > > I'm afraid I don't know what an lld is.... Here's how to do it, you need the full path to the binary, it's usually /usr/lib/sendmail on all systems. It will show all the libraries the binary uses. # ldd /usr/lib/sendmail linux-gate.so.1 => (0xffffe000) libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0x40022000) libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x40044000) libdb-4.2.so => /usr/lib/libdb-4.2.so (0x40066000) libnsl.so.1 => /lib/libnsl.so.1 (0x40142000) libresolv.so.2 => /lib/libresolv.so.2 (0x40155000) libc.so.6 => /lib/tls/libc.so.6 (0x40166000) libdl.so.2 => /lib/libdl.so.2 (0x40285000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Wed Jan 12 00:14:41 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:09 2006 Subject: Notification messages failing Message-ID: > Here's how to do it, you need the full path to the binary, > it's usually /usr/lib/sendmail on all systems. It will show > all the libraries the binary uses. > > # ldd /usr/lib/sendmail > linux-gate.so.1 => (0xffffe000) > libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 > (0x40022000) > libpostfix-util.so.1 => > /usr/lib/libpostfix-util.so.1 (0x40044000) > libdb-4.2.so => /usr/lib/libdb-4.2.so (0x40066000) > libnsl.so.1 => /lib/libnsl.so.1 (0x40142000) > libresolv.so.2 => /lib/libresolv.so.2 (0x40155000) > libc.so.6 => /lib/tls/libc.so.6 (0x40166000) > libdl.so.2 => /lib/libdl.so.2 (0x40285000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) > lld does not appear to be on my system. System is RHE 2.4.21-20.ELsmp ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Wed Jan 12 00:24:06 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Rożek) Date: Thu Jan 12 21:28:09 2006 Subject: Phishing detection... Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Done it. Many thanks for the pointer to the faq. Enigmail will be more > useful now :-) > I'm glad i could help you :) -- Regards, Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Jan 12 00:43:57 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diane Rolland wrote: >># ldd /usr/lib/sendmail > > lld does not appear to be on my system. Your typing lld, try ldd, see above. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mallen at FAMILYRADIO.ORG Wed Jan 12 01:19:34 2005 From: mallen at FAMILYRADIO.ORG (Mike Allen) Date: Thu Jan 12 21:28:10 2006 Subject: NOD32 paths needed... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I need to know the precise default path(s) MailScanner uses to call NOD32 antivirus. Nod32 manufacturer does not document where things install on my FreeBSD system and I have already tried that route. I really can look this up in the sources, of course, but if anyone knows the answer, I would surely appreciate it. Thanks. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at kdinet.com Wed Jan 12 01:24:45 2005 From: drolland at kdinet.com (Diane Rolland) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: > > This is interesting. Can you do an ldd on your sendmail > binary. Also, can you post your sendmail.mc > prsvr02:/root# ldd /usr/sbin/sendmail libssl.so.4 => /lib/libssl.so.4 (0x0063b000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x0091d000) libdb-4.1.so => /lib/libdb-4.1.so (0x0073b000) libresolv.so.2 => /lib/libresolv.so.2 (0x00af1000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00111000) libnsl.so.1 => /lib/libnsl.so.1 (0x001c8000) libwrap.so.0 => /usr/lib/libwrap.so.0 (0x0013e000) libhesiod.so.0 => /usr/lib/libhesiod.so.0 (0x00147000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x00dc9000) libldap.so.2 => /usr/lib/libldap.so.2 (0x0014b000) liblber.so.2 => /usr/lib/liblber.so.2 (0x006c2000) libc.so.6 => /lib/tls/libc.so.6 (0x001dd000) libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x00441000 ) libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x00315000) libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x006f3000) libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x00f5d000) libdl.so.2 => /lib/libdl.so.2 (0x00a46000) libz.so.1 => /usr/lib/libz.so.1 (0x00175000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00e73000) libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x00a30000) libpam.so.0 => /lib/libpam.so.0 (0x00183000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00d75000) liblaus.so.1 => /lib/liblaus.so.1 (0x00551000) sendmail.mc: divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for Red Hat Linux')dnl OSTYPE(`linux')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST',`smtp.your.provider') dnl # define(`confDEF_USER_ID',``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # Added the following 4 lines by Diane 12/29/2004 dnl # TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # make -C /usr/share/ssl/certs usage dnl # or use the included makecert.sh script dnl # dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Steve.Swaney at FSL.COM Wed Jan 12 01:39:49 2005 From: Steve.Swaney at FSL.COM (Steve Swaney) Date: Thu Jan 12 21:28:10 2006 Subject: NOD32 paths needed... Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Allen > Sent: Tuesday, January 11, 2005 8:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: NOD32 paths needed... > > I need to know the precise default path(s) MailScanner uses to call > NOD32 antivirus. > > Nod32 manufacturer does not document where things install on my FreeBSD > system > and I have already tried that route. > > I really can look this up in the sources, of course, but if anyone knows > the answer, I would surely > appreciate it. Thanks. > > Mike > Mike, look for a file called virus.scanners.conf in the ...etc/MailScanner directory. There should be two lines something like: nod32-1.99 /usr/lib/MailScanner/nod32-wrapper /usr/sbin nod32 /usr/lib/MailScanner/nod32-wrapper /usr/local/nod32 The third field is the top level install location. Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andrew at DONEHUE.NET Wed Jan 12 02:02:04 2005 From: andrew at DONEHUE.NET (Andrew) Date: Thu Jan 12 21:28:10 2006 Subject: skipping extension checking for a few users Message-ID: Hi Everyone, I am a bit confused.... how do I leave attachment checking on, but turn it off for a few users who do not like their email being filtered? Cheers, Andrew. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 07:57:45 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. It seems to have appeared sometime after I installed 4.35.11-1. Some of the mail that passes through them is being delivered with an empty or corrupted body. In all cases the messages seem to be multipart MIME. Most often the HTML part is corrupt or empty but the text part is OK. However sometimes that may be empty as well. The only common factors are: 1. The original messages was probably sent as RTF format, and 2. I see in the logs for each failed message the MailScanner warning: "Content Checks: Detected and will disarm HTML message in jBAtTRU022337" This can only apply to WebBugs that are detected since that is the only time I use the "disarm" action. But there should be _no_ web bugs present in these messages since most of the empty messages are from colleagues who sent a one/two line message. They have all used Outlook/Exchange to send theses messages. We know that the messages are the correct size and format when they reach the mail gateways. I suspect that a problem with RTF format messages is at the heart of this beaviour but have not collected enough consistent evidence yet. Any suggestions about fixing the problem would be welcome. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 11 January 2005 15:34 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question > >If you have told it to disarm web bugs, it has to search the >message for >them, at which point it will also disarm them. I think that's how it >works... :-) > >Quentin Campbell wrote: > >>Julian >> >>If the only thing I have told MailScanner to "disarm" are web >bugs, then >>why is it apparently finding web bugs in mail that contain no > tags >>in the HTML? >> >>The mail in question probably orginates as RTF from Outlook clients. >> >>Quentin >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>-------------------------------------------------------------- >---------- >>"Any opinion expressed above is mine. The University can get its own." >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 11 January 2005 15:15 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question >>> >>>It will disarm those features you told it to. The "disarm >HTML" in the >>>message means it will be trying to disarm the requested bits of the >>>HTML. If you didn't specify "disarm" then it won't do it, it >will only >>>disarm the bits you told it to. >>> >>>Hope that answers your question. Given a question "a or b" the answer >>>cannot easily be "yes" :-) >>> >>>Quentin Campbell wrote: >>> >>> >>> >>>>Most of the "dangerous content" checks that I carry out with >>>> >>>> >>>MailScanner >>> >>> >>>>are controlled via rules files. In all cases the actions of >>>> >>>> >>>the rules is >>> >>> >>>>to either "deliver", "delete", "striphtml" or "attachment". >>>> >>>>I do not use "disarm" with one exception. In MailScanner.conf I have >>>> >>>> Allow WebBugs = disarm >>>> >>>>If I see in the logs "Content Checks: Detected and will disarm HTML >>>>message in jBAtTRU022337" does this _only_ refer to the >"disarming" of >>>>web bugs or can it also refer to actions taken over other >>>> >>>> >>>content which >>> >>> >>>>did not involve the specific "disarm" action? >>>> >>>>Looking at the log records for other "dangerous content" actions the >>>>empirical answer to the above question is "yes". Could this >>>> >>>> >>>be confirmed >>> >>> >>>>please. >>>> >>>>Thanks >>>> >>>>Quentin >>>>--- >>>>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>>> University of Newcastle, >>>> Newcastle upon Tyne, >>>>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>-------------------------------------------------------------- >>>> >>>> >>>---------- >>> >>> >>>>"Any opinion expressed above is mine. The University can >get its own." >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>>-- >>>Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From aldas at POST.VILSAT.NET Wed Jan 12 09:34:09 2005 From: aldas at POST.VILSAT.NET (Aldas) Date: Thu Jan 12 21:28:10 2006 Subject: can't get rid of *.header files in MS's incoming dir Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there, I have been using MS for long time , almost from the project begining, i have to say it is really great program and i really enjoy it. My old system is running on Redhat 6.2 with sendmail 8.11.6 and MS 4.32.5 Now i am setting up new system on Gentoo with ldap authentification, Postfix 2.1.5 & MS 4.37.7 Everything seems to work perfect except one anoying problem, after each message was scanned and delivered there is *.header file left in incoming dir. After some time i have huge amount of those header files and seems they are not going to disapear. I've looked MS's conf file for 10x, searched google and FAQs with no success. If someone has any ideas i'll be very thankful Best regards, Baldzius ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 09:15:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: Steve Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Philip Parsons >>Sent: Tuesday, January 11, 2005 3:40 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Updated spamassassin to version 3 >> >>We have just finished updating spamassassin to Version 3 and I remember >>seeing something on this list about which extra rules you should remove if >>you use rules_du_jour here is a list of the extra's I have. >> >>-rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf >>-rw-r--r-- 1 root root 3927 Apr 24 2004 >>70_sare_bayes_poison_nxm.cf >>-rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf >>-rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf >>-rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf >>-rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf >>-rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf >>-rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf >>-rw-r--r-- 1 root root 13211 May 11 2004 >>72_sare_bml_post25x.cf >>-rw-r--r-- 1 root root 10147 May 1 2004 >>99_sare_fraud_post25x.cf >>-rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf >>-rw-r--r-- 1 root root 104973 Jan 1 11:22 bogus-virus- >>warnings.cf >>-rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf >>-rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf >> >> >>Thank you. >>Philip Parsons >> > > > > Phil, > > You migh get rid of all files except a subset of the SpamAssassin Rules > Emporium's Rules_Du_Jour files. Remove all of the *.cf files in > /etc/mail/spamassassin and any rules_du_jour files in /etc/cron.daily. > > Then download the Rules_Du_Jour installation files from our website: > > http://www.fsl.com/support/ > > Untar this file and cd into the rules_du_jour directory that will be > created, then read the INSTALL instructions. The install.sh script works > properly on a Linux / sendmail / MailScanner /SpamAssassin 3.0x system. Any > other combination is not guaranteed but the install script is extremely > simple. > > Thr rules_du_jour_wrapper script which install in /etc/cron.daily will > actually update the rules_du_jour script. The rules_du_jour script will > update the additional rules daily if if updated rules are available. The > bogus-virus-warnings.cf file that's installed is not updated since it's been > modified to take out the all the MailScanner related rules that might catch > valid local emails and notices. > > > Hope this helps, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. Steve another option is the my_rules_du_jour (from same site as rules_du_jour...wwww.exit0.us), which does something similar to what your script does. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 09:18:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip disable the ALL_TRUSTED ruleset that comes with SA 3.x. It can drop the scores too low and alot of people on the SA-user list have trouble with it. edit spam.assassin.prefs.conf score ALL_TRUSTED 0 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Philip Parsons wrote: > We have just finished updating spamassassin to Version 3 and I remember > seeing something on this list about which extra rules you should remove > if you use rules_du_jour here is a list of the extra's I have^Ĺ > > -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf > -rw-r--r-- 1 root root 3927 Apr 24 2004 > 70_sare_bayes_poison_nxm.cf > -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf > -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf > -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf > -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf > -rw-r--r-- 1 root root 385 Sep 19 19:35 70_sare_ratware.cf > -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf > -rw-r--r-- 1 root root 13211 May 11 2004 > 72_sare_bml_post25x.cf > -rw-r--r-- 1 root root 10147 May 1 2004 > 99_sare_fraud_post25x.cf > -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf > -rw-r--r-- 1 root root 104973 Jan 1 11:22 > bogus-virus-warnings.cf > -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf > -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf > > > Thank you. > Philip Parsons > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 09:28:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh and another one..(assumung you have auto_whitelist turned off) the auto_whitelist disable setting in MailScanner.conf doesn't work, ie doesn't talk to SA properly. You need to set this in spam.assassin.prefs.conf instead. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin Hepworth wrote: > Philip > > disable the ALL_TRUSTED ruleset that comes with SA 3.x. It can drop the > scores too low and alot of people on the SA-user list have trouble with it. > > edit spam.assassin.prefs.conf > > score ALL_TRUSTED 0 > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Philip Parsons wrote: > >> We have just finished updating spamassassin to Version 3 and I >> remember seeing something on this list about which extra rules you >> should remove if you use rules_du_jour here is a list of the extra's I >> have^Ĺ >> >> -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf >> -rw-r--r-- 1 root root 3927 Apr 24 2004 >> 70_sare_bayes_poison_nxm.cf >> -rw-r--r-- 1 root root 211390 Oct 3 18:18 70_sare_header.cf >> -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf >> -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf >> -rw-r--r-- 1 root root 17548 Aug 9 08:34 70_sare_random.cf >> -rw-r--r-- 1 root root 385 Sep 19 19:35 >> 70_sare_ratware.cf >> -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf >> -rw-r--r-- 1 root root 13211 May 11 2004 >> 72_sare_bml_post25x.cf >> -rw-r--r-- 1 root root 10147 May 1 2004 >> 99_sare_fraud_post25x.cf >> -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf >> -rw-r--r-- 1 root root 104973 Jan 1 11:22 >> bogus-virus-warnings.cf >> -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf >> -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf >> >> >> Thank you. >> Philip Parsons >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website > ! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:22:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And you did either login directly as root or else did su - and not just su or else your path will be wrong. Peter Bonivart wrote: > Diane Rolland wrote: > >>> # ldd /usr/lib/sendmail >> >> >> lld does not appear to be on my system. > > > Your typing lld, try ldd, see above. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:24:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: skipping extension checking for a few users Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please read up about rulesets. This is documented in the MAQ (address at the bottom of every list posting), the FAQ (look on www.mailscanner.info) and the Book which I thoroughly recommend you buy as it will explain all this stuff in detail. It's $39.95 and available straight off www.mailscanner.info. Andrew wrote: > Hi Everyone, > > I am a bit confused.... how do I leave attachment checking on, but turn > it off for a few users who do not like their email being filtered? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:26:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check you are using the correct "Lock Type" in MailScanner.conf. If running sendmail 8.13 or later, you need Lock Type = posix. Quentin Campbell wrote: >We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. >It seems to have appeared sometime after I installed 4.35.11-1. > >Some of the mail that passes through them is being delivered with an >empty or corrupted body. In all cases the messages seem to be multipart >MIME. Most often the HTML part is corrupt or empty but the text part is >OK. However sometimes that may be empty as well. The only common factors >are: > >1. The original messages was probably sent as RTF format, and >2. I see in the logs for each failed message the MailScanner warning: > >"Content Checks: Detected and will disarm HTML message in jBAtTRU022337" > >This can only apply to WebBugs that are detected since that is the only >time I use the "disarm" action. But there should be _no_ web bugs >present in these messages since most of the empty messages are from >colleagues who sent a one/two line message. They have all used >Outlook/Exchange to send theses messages. > >We know that the messages are the correct size and format when they >reach the mail gateways. I suspect that a problem with RTF format >messages is at the heart of this beaviour but have not collected enough >consistent evidence yet. > > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 11 January 2005 15:34 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question >> >>If you have told it to disarm web bugs, it has to search the >>message for >>them, at which point it will also disarm them. I think that's how it >>works... :-) >> >>Quentin Campbell wrote: >> >> >> >>>Julian >>> >>>If the only thing I have told MailScanner to "disarm" are web >>> >>> >>bugs, then >> >> >>>why is it apparently finding web bugs in mail that contain no >>> >>> >> tags >> >> >>>in the HTML? >>> >>>The mail in question probably orginates as RTF from Outlook clients. >>> >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>Sent: 11 January 2005 15:15 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question >>>> >>>>It will disarm those features you told it to. The "disarm >>>> >>>> >>HTML" in the >> >> >>>>message means it will be trying to disarm the requested bits of the >>>>HTML. If you didn't specify "disarm" then it won't do it, it >>>> >>>> >>will only >> >> >>>>disarm the bits you told it to. >>>> >>>>Hope that answers your question. Given a question "a or b" the answer >>>>cannot easily be "yes" :-) >>>> >>>>Quentin Campbell wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Most of the "dangerous content" checks that I carry out with >>>>> >>>>> >>>>> >>>>> >>>>MailScanner >>>> >>>> >>>> >>>> >>>>>are controlled via rules files. In all cases the actions of >>>>> >>>>> >>>>> >>>>> >>>>the rules is >>>> >>>> >>>> >>>> >>>>>to either "deliver", "delete", "striphtml" or "attachment". >>>>> >>>>>I do not use "disarm" with one exception. In MailScanner.conf I have >>>>> >>>>>Allow WebBugs = disarm >>>>> >>>>>If I see in the logs "Content Checks: Detected and will disarm HTML >>>>>message in jBAtTRU022337" does this _only_ refer to the >>>>> >>>>> >>"disarming" of >> >> >>>>>web bugs or can it also refer to actions taken over other >>>>> >>>>> >>>>> >>>>> >>>>content which >>>> >>>> >>>> >>>> >>>>>did not involve the specific "disarm" action? >>>>> >>>>>Looking at the log records for other "dangerous content" actions the >>>>>empirical answer to the above question is "yes". Could this >>>>> >>>>> >>>>> >>>>> >>>>be confirmed >>>> >>>> >>>> >>>> >>>>>please. >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:32:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Updated spamassassin to version 3 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have added this line to the spam.assassin.prefs.conf in the next release. Martin Hepworth wrote: > Philip > > disable the ALL_TRUSTED ruleset that comes with SA 3.x. It can drop > the scores too low and alot of people on the SA-user list have trouble > with it. > > edit spam.assassin.prefs.conf > > score ALL_TRUSTED 0 > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Philip Parsons wrote: > >> We have just finished updating spamassassin to Version 3 and I >> remember seeing something on this list about which extra rules you >> should remove if you use rules_du_jour here is a list of the extra's >> I have^Ĺ >> >> -rw-r--r-- 1 root root 31854 May 31 2004 70_sare_adult.cf >> -rw-r--r-- 1 root root 3927 Apr 24 2004 >> 70_sare_bayes_poison_nxm.cf >> -rw-r--r-- 1 root root 211390 Oct 3 18:18 >> 70_sare_header.cf >> -rw-r--r-- 1 root root 103436 Sep 12 18:22 70_sare_html.cf >> -rw-r--r-- 1 root root 11559 Sep 14 12:43 70_sare_oem.cf >> -rw-r--r-- 1 root root 17548 Aug 9 08:34 >> 70_sare_random.cf >> -rw-r--r-- 1 root root 385 Sep 19 19:35 >> 70_sare_ratware.cf >> -rw-r--r-- 1 root root 7006 Nov 17 10:48 70_sare_spoof.cf >> -rw-r--r-- 1 root root 13211 May 11 2004 >> 72_sare_bml_post25x.cf >> -rw-r--r-- 1 root root 10147 May 1 2004 >> 99_sare_fraud_post25x.cf >> -rw-r--r-- 1 root root 14284 Apr 28 2004 antidrug.cf >> -rw-r--r-- 1 root root 104973 Jan 1 11:22 >> bogus-virus-warnings.cf >> -rw-r--r-- 1 root root 18052 Oct 30 10:30 evilnumbers.cf >> -rw-r--r-- 1 root root 57580 Apr 2 2004 tripwire.cf >> >> >> Thank you. >> Philip Parsons >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 10:35:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: can't get rid of *.header files in MS's incoming dir Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check that all your paths specifed in MailScanner.conf are real absolute paths and none of them involve any symlinks. Also check the permissions on /var/spool/MailScanner/incoming. Do you get any errors in the maillog? Are these files being created with the right owner and permissions? Aldas wrote: > Hi there, > > I have been using MS for long time , almost from the project begining, i > have to say it is really great program and i really enjoy it. My old > system is running on Redhat 6.2 with sendmail 8.11.6 and MS 4.32.5 > > Now i am setting up new system on Gentoo with ldap authentification, > Postfix 2.1.5 & MS 4.37.7 > Everything seems to work perfect except one anoying problem, after each > message was scanned and delivered there is *.header file left in > incoming dir. After some time i have huge amount of those header files > and seems they are not going to disapear. I've looked MS's conf file for > 10x, searched google and FAQs with no success. If someone has any ideas > i'll be very thankful -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 11:26:16 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: Julian Thanks for the response. That is unlikely to be the problem as I recently checked all the mail gateways to ensure that MailScanner invocations were not re-processing the same message. This had been happening on one of the 8 gateways but it turned out that this system had an old RH AS 3 kernel and this was responsible for the locking problem. All the systems are now up2date as far as RH AS 3 patches are concerned. All the systems use the Sendmail that comes with these system; the last time they were updated this was Sendmail 8.12.11. I use the default locking in MailScanner. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 12 January 2005 10:27 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - a related problem > >Check you are using the correct "Lock Type" in MailScanner.conf. If >running sendmail 8.13 or later, you need Lock Type = posix. > >Quentin Campbell wrote: > >>We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. >>It seems to have appeared sometime after I installed 4.35.11-1. >> >>Some of the mail that passes through them is being delivered with an >>empty or corrupted body. In all cases the messages seem to be >multipart >>MIME. Most often the HTML part is corrupt or empty but the >text part is >>OK. However sometimes that may be empty as well. The only >common factors >>are: >> >>1. The original messages was probably sent as RTF format, and >>2. I see in the logs for each failed message the MailScanner warning: >> >>"Content Checks: Detected and will disarm HTML message in >jBAtTRU022337" >> >>This can only apply to WebBugs that are detected since that >is the only >>time I use the "disarm" action. But there should be _no_ web bugs >>present in these messages since most of the empty messages are from >>colleagues who sent a one/two line message. They have all used >>Outlook/Exchange to send theses messages. >> >>We know that the messages are the correct size and format when they >>reach the mail gateways. I suspect that a problem with RTF format >>messages is at the heart of this beaviour but have not >collected enough >>consistent evidence yet. >> >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 11 January 2005 15:34 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question >>> >>>If you have told it to disarm web bugs, it has to search the >>>message for >>>them, at which point it will also disarm them. I think that's how it >>>works... :-) >>> >>>Quentin Campbell wrote: >>> >>> >>> >>>>Julian >>>> >>>>If the only thing I have told MailScanner to "disarm" are web >>>> >>>> >>>bugs, then >>> >>> >>>>why is it apparently finding web bugs in mail that contain no >>>> >>>> >>> tags >>> >>> >>>>in the HTML? >>>> >>>>The mail in question probably orginates as RTF from Outlook clients. >>>> >>>> >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: MailScanner mailing list >>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>Sent: 11 January 2005 15:15 >>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>Subject: Re: "Banned Content" question >>>>> >>>>>It will disarm those features you told it to. The "disarm >>>>> >>>>> >>>HTML" in the >>> >>> >>>>>message means it will be trying to disarm the requested bits of the >>>>>HTML. If you didn't specify "disarm" then it won't do it, it >>>>> >>>>> >>>will only >>> >>> >>>>>disarm the bits you told it to. >>>>> >>>>>Hope that answers your question. Given a question "a or b" >the answer >>>>>cannot easily be "yes" :-) >>>>> >>>>>Quentin Campbell wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Most of the "dangerous content" checks that I carry out with >>>>>> >>>>>> >>>>>> >>>>>> >>>>>MailScanner >>>>> >>>>> >>>>> >>>>> >>>>>>are controlled via rules files. In all cases the actions of >>>>>> >>>>>> >>>>>> >>>>>> >>>>>the rules is >>>>> >>>>> >>>>> >>>>> >>>>>>to either "deliver", "delete", "striphtml" or "attachment". >>>>>> >>>>>>I do not use "disarm" with one exception. In >MailScanner.conf I have >>>>>> >>>>>>Allow WebBugs = disarm >>>>>> >>>>>>If I see in the logs "Content Checks: Detected and will >disarm HTML >>>>>>message in jBAtTRU022337" does this _only_ refer to the >>>>>> >>>>>> >>>"disarming" of >>> >>> >>>>>>web bugs or can it also refer to actions taken over other >>>>>> >>>>>> >>>>>> >>>>>> >>>>>content which >>>>> >>>>> >>>>> >>>>> >>>>>>did not involve the specific "disarm" action? >>>>>> >>>>>>Looking at the log records for other "dangerous content" >actions the >>>>>>empirical answer to the above question is "yes". Could this >>>>>> >>>>>> >>>>>> >>>>>> >>>>>be confirmed >>>>> >>>>> >>>>> >>>>> >>>>>>please. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 11:31:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you capture a message (in its complete version) that suffers the problem consistently? Quentin Campbell wrote: >Julian > >Thanks for the response. > >That is unlikely to be the problem as I recently checked all the mail >gateways to ensure that MailScanner invocations were not re-processing >the same message. This had been happening on one of the 8 gateways but >it turned out that this system had an old RH AS 3 kernel and this was >responsible for the locking problem. > >All the systems are now up2date as far as RH AS 3 patches are concerned. >All the systems use the Sendmail that comes with these system; the last >time they were updated this was Sendmail 8.12.11. I use the default >locking in MailScanner. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 12 January 2005 10:27 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - a related problem >> >>Check you are using the correct "Lock Type" in MailScanner.conf. If >>running sendmail 8.13 or later, you need Lock Type = posix. >> >>Quentin Campbell wrote: >> >> >> >>>We are seeing on our MailScanner-4.35.11-1 gateways a curious problem. >>>It seems to have appeared sometime after I installed 4.35.11-1. >>> >>>Some of the mail that passes through them is being delivered with an >>>empty or corrupted body. In all cases the messages seem to be >>> >>> >>multipart >> >> >>>MIME. Most often the HTML part is corrupt or empty but the >>> >>> >>text part is >> >> >>>OK. However sometimes that may be empty as well. The only >>> >>> >>common factors >> >> >>>are: >>> >>>1. The original messages was probably sent as RTF format, and >>>2. I see in the logs for each failed message the MailScanner warning: >>> >>>"Content Checks: Detected and will disarm HTML message in >>> >>> >>jBAtTRU022337" >> >> >>>This can only apply to WebBugs that are detected since that >>> >>> >>is the only >> >> >>>time I use the "disarm" action. But there should be _no_ web bugs >>>present in these messages since most of the empty messages are from >>>colleagues who sent a one/two line message. They have all used >>>Outlook/Exchange to send theses messages. >>> >>>We know that the messages are the correct size and format when they >>>reach the mail gateways. I suspect that a problem with RTF format >>>messages is at the heart of this beaviour but have not >>> >>> >>collected enough >> >> >>>consistent evidence yet. >>> >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>Sent: 11 January 2005 15:34 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question >>>> >>>>If you have told it to disarm web bugs, it has to search the >>>>message for >>>>them, at which point it will also disarm them. I think that's how it >>>>works... :-) >>>> >>>>Quentin Campbell wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Julian >>>>> >>>>>If the only thing I have told MailScanner to "disarm" are web >>>>> >>>>> >>>>> >>>>> >>>>bugs, then >>>> >>>> >>>> >>>> >>>>>why is it apparently finding web bugs in mail that contain no >>>>> >>>>> >>>>> >>>>> >>>> tags >>>> >>>> >>>> >>>> >>>>>in the HTML? >>>>> >>>>>The mail in question probably orginates as RTF from Outlook clients. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>-----Original Message----- >>>>>>From: MailScanner mailing list >>>>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>>>>Sent: 11 January 2005 15:15 >>>>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>>>Subject: Re: "Banned Content" question >>>>>> >>>>>>It will disarm those features you told it to. The "disarm >>>>>> >>>>>> >>>>>> >>>>>> >>>>HTML" in the >>>> >>>> >>>> >>>> >>>>>>message means it will be trying to disarm the requested bits of the >>>>>>HTML. If you didn't specify "disarm" then it won't do it, it >>>>>> >>>>>> >>>>>> >>>>>> >>>>will only >>>> >>>> >>>> >>>> >>>>>>disarm the bits you told it to. >>>>>> >>>>>>Hope that answers your question. Given a question "a or b" >>>>>> >>>>>> >>the answer >> >> >>>>>>cannot easily be "yes" :-) >>>>>> >>>>>>Quentin Campbell wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>Most of the "dangerous content" checks that I carry out with >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>MailScanner >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>are controlled via rules files. In all cases the actions of >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>the rules is >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>to either "deliver", "delete", "striphtml" or "attachment". >>>>>>> >>>>>>>I do not use "disarm" with one exception. In >>>>>>> >>>>>>> >>MailScanner.conf I have >> >> >>>>>>>Allow WebBugs = disarm >>>>>>> >>>>>>>If I see in the logs "Content Checks: Detected and will >>>>>>> >>>>>>> >>disarm HTML >> >> >>>>>>>message in jBAtTRU022337" does this _only_ refer to the >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>"disarming" of >>>> >>>> >>>> >>>> >>>>>>>web bugs or can it also refer to actions taken over other >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>content which >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>did not involve the specific "disarm" action? >>>>>>> >>>>>>>Looking at the log records for other "dangerous content" >>>>>>> >>>>>>> >>actions the >> >> >>>>>>>empirical answer to the above question is "yes". Could this >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>be confirmed >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>please. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Wed Jan 12 11:52:40 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - a related problem Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Quentin Campbell > >All the systems are now up2date as far as RH AS 3 patches are concerned. >All the systems use the Sendmail that comes with these system; the last >time they were updated this was Sendmail 8.12.11. I use the default >locking in MailScanner. I also had this problem on sendmail 8.12.10. After changing the locking to posix, the problem was gone. So, although the docs state that the locking problem occurs only from 8.13 on, it seems that also some 8.12 versions are affected. Please set the locking mechanism to "posix" and see if it solves your problem. >Quentin Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Wed Jan 12 13:03:02 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Hello, I've got an installation that seems to have bayes poisening. Obvious spam is being tagged with low bayes scores, etc. There are like 25,000 messages learned. How can I start the whole learning process over without allowing spam in immediately? Is there a way? In other words, first, how do I delete the bayes spam/ham databases, and do I need to then wait for 200 spam/ham to be collected before I can use sa-learn with 1000 spam/ham messages I've gathered recently? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 13:07:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Max autolearning won't occur until bayes is active. Bayes isn't active till you've got 200 of spam and 200 of ham (as you state). Assuming you haven't got a backup to restore, you can get a good starter from www.fsl.com/support. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Max Kipness wrote: > Hello, > > I've got an installation that seems to have bayes poisening. Obvious > spam is being tagged with low bayes scores, etc. There are like 25,000 > messages learned. > > How can I start the whole learning process over without allowing spam in > immediately? Is there a way? In other words, first, how do I delete the > bayes spam/ham databases, and do I need to then wait for 200 spam/ham to > be collected before I can use sa-learn with 1000 spam/ham messages I've > gathered recently? > > Thanks, > Max > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Wed Jan 12 13:20:48 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Thanks, I guess I got confused on the autolearning. I already have plenty of spam to add. How would one clear a bayes database? Thanks, Max ?Max ? ?autolearning won't occur until bayes is active. Bayes isn't ?active till you've got 200 of spam and 200 of ham (as you state). ? ?Assuming you haven't got a backup to restore, you can get a ?good starter from www.fsl.com/support. ? ?-- ?Martin Hepworth ?Snr Systems Administrator ?Solid State Logic ?Tel: +44 (0)1865 842300 ? ? ?Max Kipness wrote: ?> Hello, ?> ?> I've got an installation that seems to have bayes poisening. Obvious ?> spam is being tagged with low bayes scores, etc. There are ?like 25,000 ?> messages learned. ?> ?> How can I start the whole learning process over without ?allowing spam ?> in immediately? Is there a way? In other words, first, how ?do I delete ?> the bayes spam/ham databases, and do I need to then wait for 200 ?> spam/ham to be collected before I can use sa-learn with 1000 ?spam/ham ?> messages I've gathered recently? ?> ?> Thanks, ?> Max ?> ------------------------ MailScanner list ?------------------------ To ?> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: ?> 'leave mailscanner' in the body of the email. ?> Before posting, read the MAQ ?(http://www.mailscanner.biz/maq/) and the ?> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). ?> ?> *Support MailScanner development - buy the book off the website!* ? ?********************************************************************** ? ?This email and any files transmitted with it are confidential ?and intended solely for the use of the individual or entity to ?whom they are addressed. If you have received this email in ?error please notify the system manager. ? ?This footnote confirms that this email message has been swept ?for the presence of computer viruses and is believed to be clean. ? ?********************************************************************** ? ?------------------------ MailScanner list ?------------------------ To unsubscribe, email ?jiscmail@jiscmail.ac.uk with the words: ?'leave mailscanner' in the body of the email. ?Before posting, read the MAQ (http://www.mailscanner.biz/maq/) ?and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). ? ?Support MailScanner development - buy the book off the website! ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jan 12 13:26:00 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: Max delete the files... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Max Kipness wrote: > Thanks, I guess I got confused on the autolearning. I already have plenty of > spam to add. > > How would one clear a bayes database? > > Thanks, > Max > > > ?Max > ? > ?autolearning won't occur until bayes is active. Bayes isn't > ?active till you've got 200 of spam and 200 of ham (as you state). > ? > ?Assuming you haven't got a backup to restore, you can get a > ?good starter from www.fsl.com/support. > ? > ?-- > ?Martin Hepworth > ?Snr Systems Administrator > ?Solid State Logic > ?Tel: +44 (0)1865 842300 > ? > ? > ?Max Kipness wrote: > ?> Hello, > ?> > ?> I've got an installation that seems to have bayes poisening. Obvious > ?> spam is being tagged with low bayes scores, etc. There are > ?like 25,000 > ?> messages learned. > ?> > ?> How can I start the whole learning process over without > ?allowing spam > ?> in immediately? Is there a way? In other words, first, how > ?do I delete > ?> the bayes spam/ham databases, and do I need to then wait for 200 > ?> spam/ham to be collected before I can use sa-learn with 1000 > ?spam/ham > ?> messages I've gathered recently? > ?> > ?> Thanks, > ?> Max > ?> ------------------------ MailScanner list > ?------------------------ To > ?> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > ?> 'leave mailscanner' in the body of the email. > ?> Before posting, read the MAQ > ?(http://www.mailscanner.biz/maq/) and the > ?> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > ?> > ?> *Support MailScanner development - buy the book off the website!* > ? > ?********************************************************************** > ? > ?This email and any files transmitted with it are confidential > ?and intended solely for the use of the individual or entity to > ?whom they are addressed. If you have received this email in > ?error please notify the system manager. > ? > ?This footnote confirms that this email message has been swept > ?for the presence of computer viruses and is believed to be clean. > ? > ?********************************************************************** > ? > ?------------------------ MailScanner list > ?------------------------ To unsubscribe, email > ?jiscmail@jiscmail.ac.uk with the words: > ?'leave mailscanner' in the body of the email. > ?Before posting, read the MAQ (http://www.mailscanner.biz/maq/) > ?and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > ? > ?Support MailScanner development - buy the book off the website! > ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Wed Jan 12 14:04:55 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Hirsh, Joshua) Date: Thu Jan 12 21:28:10 2006 Subject: Reset Bayes Database Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > delete the files... You can also do this: /usr/bin/sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --clear -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ivessm at softecusa.com Wed Jan 12 14:38:47 2005 From: ivessm at softecusa.com (Stewart M. Ives) Date: Thu Jan 12 21:28:10 2006 Subject: Notification messages failing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The path for sendmail might be: /usr/sbin/sendmail stew > And you did either login directly as root or else did > su - > and not just > su > or else your path will be wrong. > > Peter Bonivart wrote: > > > Diane Rolland wrote: > > > >>> # ldd /usr/lib/sendmail > >> > >> > >> lld does not appear to be on my system. > > > > > > Your typing lld, try ldd, see above. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 15:09:57 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >Sent: 12 January 2005 11:53 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - a related problem > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Quentin Campbell >> >>All the systems are now up2date as far as RH AS 3 patches are >concerned. >>All the systems use the Sendmail that comes with these >system; the last >>time they were updated this was Sendmail 8.12.11. I use the default >>locking in MailScanner. > >I also had this problem on sendmail 8.12.10. After changing >the locking to posix, the problem was gone. So, although the >docs state that the locking problem occurs only from 8.13 on, >it seems that also some 8.12 versions are affected. Please set >the locking mechanism to "posix" and see if it solves your problem. I will do this as a last resort. There are four reasons why I want to investigate other things first. In particular I want to capture a message before then after it has gone through MailSanner and got corrupted: 1. Locking works OK on RH AS 3 systems with an up-to-date kernel. 2. The symptoms we are seeing do not appear to be repeatable so far which makes conclusive testing difficult. 3. I have looked for other evidence of locking problems but cannot find any. For example I can show that all messages tagged as spam by MailScanner have been tagged once only. If there is a locking problem you will see the same message (ie. same Sendmail QID) being tagged as spam more than once by two or more MS processes. 4. The problem appears related to the Web Bug check. I will switch that off first. See below for more details of this. Having looked further at the problem it appears to be related to MIME multipart/alternative messages having all or part of the HTML part corrupted. The text part is not being affected. In all of the cases the logs show that MailScanner has "disarmed" the HTML content. Since I only "disarm" Web Bugs it appears that there may be a bug in the Web Bugs code that causes an intermittent problem. This suspicion is reinforced by the observation that the problem appears to have started when I enabled the Web Bug check late last year. I will first of all try "Allow WebBugs = yes" and see what happens. Quentin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 15:30:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What version of MailScanner are you using? I slightly improved the locking code (took out an "improvement" I made a long time ago which I only made after lots of people requested it) in 4.37. It now locks the df as well as the qf, which slows down delivery slightly in some situations, but appears to be more reliable than just locking the qf. Quentin Campbell wrote: >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>Sent: 12 January 2005 11:53 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - a related problem >> >> >> >>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>Behalf Of Quentin Campbell >>> >>>All the systems are now up2date as far as RH AS 3 patches are >>> >>> >>concerned. >> >> >>>All the systems use the Sendmail that comes with these >>> >>> >>system; the last >> >> >>>time they were updated this was Sendmail 8.12.11. I use the default >>>locking in MailScanner. >>> >>> >>I also had this problem on sendmail 8.12.10. After changing >>the locking to posix, the problem was gone. So, although the >>docs state that the locking problem occurs only from 8.13 on, >>it seems that also some 8.12 versions are affected. Please set >>the locking mechanism to "posix" and see if it solves your problem. >> >> > >I will do this as a last resort. There are four reasons why I want to >investigate other things first. In particular I want to capture a >message before then after it has gone through MailSanner and got >corrupted: > >1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >2. The symptoms we are seeing do not appear to be repeatable so far >which makes conclusive testing difficult. >3. I have looked for other evidence of locking problems but cannot find >any. For example I can show that all messages tagged as spam by >MailScanner have been tagged once only. If there is a locking problem >you will see the same message (ie. same Sendmail QID) being tagged as >spam more than once by two or more MS processes. >4. The problem appears related to the Web Bug check. I will switch that >off first. See below for more details of this. > >Having looked further at the problem it appears to be related to MIME >multipart/alternative messages having all or part of the HTML part >corrupted. The text part is not being affected. > >In all of the cases the logs show that MailScanner has "disarmed" the >HTML content. Since I only "disarm" Web Bugs it appears that there may >be a bug in the Web Bugs code that causes an intermittent problem. This >suspicion is reinforced by the observation that the problem appears to >have started when I enabled the Web Bug check late last year. I will >first of all try "Allow WebBugs = yes" and see what happens. > >Quentin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Wed Jan 12 15:36:05 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: Julian The version of MailScanner on which I have seen the problem is 4.35.10. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 12 January 2005 15:30 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: "Banned Content" question - possibly a Web Bug >code problem > >What version of MailScanner are you using? I slightly improved the >locking code (took out an "improvement" I made a long time ago which I >only made after lots of people requested it) in 4.37. It now locks the >df as well as the qf, which slows down delivery slightly in some >situations, but appears to be more reliable than just locking the qf. > >Quentin Campbell wrote: > >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>Sent: 12 January 2005 11:53 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: "Banned Content" question - a related problem >>> >>> >>> >>>>From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>Behalf Of Quentin Campbell >>>> >>>>All the systems are now up2date as far as RH AS 3 patches are >>>> >>>> >>>concerned. >>> >>> >>>>All the systems use the Sendmail that comes with these >>>> >>>> >>>system; the last >>> >>> >>>>time they were updated this was Sendmail 8.12.11. I use the default >>>>locking in MailScanner. >>>> >>>> >>>I also had this problem on sendmail 8.12.10. After changing >>>the locking to posix, the problem was gone. So, although the >>>docs state that the locking problem occurs only from 8.13 on, >>>it seems that also some 8.12 versions are affected. Please set >>>the locking mechanism to "posix" and see if it solves your problem. >>> >>> >> >>I will do this as a last resort. There are four reasons why I want to >>investigate other things first. In particular I want to capture a >>message before then after it has gone through MailSanner and got >>corrupted: >> >>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>2. The symptoms we are seeing do not appear to be repeatable so far >>which makes conclusive testing difficult. >>3. I have looked for other evidence of locking problems but >cannot find >>any. For example I can show that all messages tagged as spam by >>MailScanner have been tagged once only. If there is a locking problem >>you will see the same message (ie. same Sendmail QID) being tagged as >>spam more than once by two or more MS processes. >>4. The problem appears related to the Web Bug check. I will >switch that >>off first. See below for more details of this. >> >>Having looked further at the problem it appears to be related to MIME >>multipart/alternative messages having all or part of the HTML part >>corrupted. The text part is not being affected. >> >>In all of the cases the logs show that MailScanner has "disarmed" the >>HTML content. Since I only "disarm" Web Bugs it appears that there may >>be a bug in the Web Bugs code that causes an intermittent >problem. This >>suspicion is reinforced by the observation that the problem appears to >>have started when I enabled the Web Bug check late last year. I will >>first of all try "Allow WebBugs = yes" and see what happens. >> >>Quentin >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 16:01:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: "Banned Content" question - possibly a Web Bug code problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In which case try editing SMDiskStore.pm and replace the sub Lock and sub Unlock with this code: # Open and lock the message sub Lock { my $this = shift; #print STDERR "About to lock " . $this->{hpath} . " and " . # $this->{dpath} . "\n"; MailScanner::Lock::openlock($this->{inhhandle}, '+<' . $this->{hpath}, 'w', 'quiet') or return undef; #print STDERR "Got hlock\n"; # If locking the dfile fails, then must close and unlock the qffile too # 14/12/2004 Try putting this back in for now. unless (MailScanner::Lock::openlock($this->{indhandle}, '+<' . $this->{dpath}, 'w', 'quiet')) { #JKF 14/12/2004 open($this->{indhandle}, '+<' . $this->{dpath})) { MailScanner::Lock::unlockclose($this->{inhhandle}); return undef; } #print STDERR "Got dlock\n"; return undef unless $this->{inhhandle} && $this->{indhandle}; return 1; } # Close and unlock the message sub Unlock { my $this = shift; # Now we lock the df file as well, we must unlock it too. MailScanner::Lock::unlockclose($this->{indhandle}); #close($this->{indhandle}); MailScanner::Lock::unlockclose($this->{inhhandle}); } Quentin Campbell wrote: >Julian > >The version of MailScanner on which I have seen the problem is 4.35.10. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >"Any opinion expressed above is mine. The University can get its own." > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 12 January 2005 15:30 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: "Banned Content" question - possibly a Web Bug >>code problem >> >>What version of MailScanner are you using? I slightly improved the >>locking code (took out an "improvement" I made a long time ago which I >>only made after lots of people requested it) in 4.37. It now locks the >>df as well as the qf, which slows down delivery slightly in some >>situations, but appears to be more reliable than just locking the qf. >> >>Quentin Campbell wrote: >> >> >> >>>>-----Original Message----- >>>>From: MailScanner mailing list >>>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike >>>>Sent: 12 January 2005 11:53 >>>>To: MAILSCANNER@JISCMAIL.AC.UK >>>>Subject: Re: "Banned Content" question - a related problem >>>> >>>> >>>> >>>> >>>> >>>>>From: MailScanner mailing list >>>>> >>>>> >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> >>>>>Behalf Of Quentin Campbell >>>>> >>>>>All the systems are now up2date as far as RH AS 3 patches are >>>>> >>>>> >>>>> >>>>> >>>>concerned. >>>> >>>> >>>> >>>> >>>>>All the systems use the Sendmail that comes with these >>>>> >>>>> >>>>> >>>>> >>>>system; the last >>>> >>>> >>>> >>>> >>>>>time they were updated this was Sendmail 8.12.11. I use the default >>>>>locking in MailScanner. >>>>> >>>>> >>>>> >>>>> >>>>I also had this problem on sendmail 8.12.10. After changing >>>>the locking to posix, the problem was gone. So, although the >>>>docs state that the locking problem occurs only from 8.13 on, >>>>it seems that also some 8.12 versions are affected. Please set >>>>the locking mechanism to "posix" and see if it solves your problem. >>>> >>>> >>>> >>>> >>>I will do this as a last resort. There are four reasons why I want to >>>investigate other things first. In particular I want to capture a >>>message before then after it has gone through MailSanner and got >>>corrupted: >>> >>>1. Locking works OK on RH AS 3 systems with an up-to-date kernel. >>>2. The symptoms we are seeing do not appear to be repeatable so far >>>which makes conclusive testing difficult. >>>3. I have looked for other evidence of locking problems but >>> >>> >>cannot find >> >> >>>any. For example I can show that all messages tagged as spam by >>>MailScanner have been tagged once only. If there is a locking problem >>>you will see the same message (ie. same Sendmail QID) being tagged as >>>spam more than once by two or more MS processes. >>>4. The problem appears related to the Web Bug check. I will >>> >>> >>switch that >> >> >>>off first. See below for more details of this. >>> >>>Having looked further at the problem it appears to be related to MIME >>>multipart/alternative messages having all or part of the HTML part >>>corrupted. The text part is not being affected. >>> >>>In all of the cases the logs show that MailScanner has "disarmed" the >>>HTML content. Since I only "disarm" Web Bugs it appears that there may >>>be a bug in the Web Bugs code that causes an intermittent >>> >>> >>problem. This >> >> >>>suspicion is reinforced by the observation that the problem appears to >>>have started when I enabled the Web Bug check late last year. I will >>>first of all try "Allow WebBugs = yes" and see what happens. >>> >>>Quentin >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chardlist at CHARD.NET Wed Jan 12 16:05:32 2005 From: chardlist at CHARD.NET (Brendan Chard) Date: Thu Jan 12 21:28:10 2006 Subject: Blank body in some HTML messages Message-ID: I recently upgraded to MS 4.35.11 on FreeBSD and started having problems with one user who sends HTML messages using Earthlink's Mailbox e-mail program. For some of the people he sends messages to the message body is blank. This did not occur before performing the upgrade. All of his HTML messages report the following in the maillog as they are scanned on the way out. Jan 11 07:47:15 server6 MailScanner[24311]: Content Checks: Detected and will disarm HTML message in j0BCl5wg068278 Jan 11 07:47:15 server6 MailScanner[24311]: Uninfected: Delivered 1 messages I saw a post back in November that reported that disabling the phishing checks fixed the problem but there seemed to be no solution posted as to how to get around it with keeping the phishing checks enabled. When the user switches to plain text everything works fine, but the user would prefer to use HTML formatted messages. My Mailscanner.conf file has the following options set for dangerous content scanning: Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Allow IFrame Tags = disarm Log IFrame Tags = no Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = yes Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Any light that can be shed on the empty e-mail bodies would be appreciated. -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rs at FORTCONSULT.NET Wed Jan 12 16:00:11 2005 From: rs at FORTCONSULT.NET (Roel Schouten) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: Hello, My installation of MailScanner does not notify senders of viruses even though I told it to do so. Otherwise my installation works fine (it both filters spam & virus). I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 with PostFix 2.0.16 as MTA. Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 I use the following settings in /etc/MailScanner/MailScanner.conf (I only included the ones, I believe to be relevant): Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Sendmail = /usr/sbin/sendmail Virus Scanners = clamavmodule Quarantine Infections = no Quarantine Silent Viruses = no Notify Senders = yes Notify Senders Of Viruses = yes To test the virus scanning functionality, I use the EICAR test virus. The log does not show any errors: Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, 719 bytes Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: Starting Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module found 1 infections Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B came from 127.0.0.1 Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses MailScanner is able to send notifications to the system administrator by setting "Send Notices = yes", so that works. It also possible to use /usr/sbin/sendmail (Postfix' version of it) to send mails to external addresses from the command line. Any clue? Thanks! Roel Schouten. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 16:16:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is your "Silent Viruses" set to "All-Viruses" by any chance? If so it won't reply to viruses. 99.9% of all viruses now fake the sender's address, so if you reply to them I can guarantee that you will *not* be replying to the owner of the infected PC but some poor innocent 3rd party who is nothing to do with it. Please DON'T do this, it gives MailScanner a very bad name and I end up having to waste my time replying to all these innocent people explaining why someone's faulty setup caused them to get a notification that is nothing to do with them. Roel Schouten wrote: >Hello, > >My installation of MailScanner does not notify senders of viruses even >though I told it to do so. >Otherwise my installation works fine (it both filters spam & virus). > >I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 >with PostFix 2.0.16 as MTA. >Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 > >I use the following settings in /etc/MailScanner/MailScanner.conf (I only >included the ones, I believe to be relevant): > >Run As User = postfix >Run As Group = postfix >Incoming Queue Dir = /var/spool/postfix/hold >Outgoing Queue Dir = /var/spool/postfix/incoming >MTA = postfix >Sendmail = /usr/sbin/sendmail >Virus Scanners = clamavmodule >Quarantine Infections = no >Quarantine Silent Viruses = no >Notify Senders = yes >Notify Senders Of Viruses = yes > >To test the virus scanning functionality, I use the EICAR test virus. >The log does not show any errors: >Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, 719 >bytes >Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: Starting >Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: >Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt >Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module found >1 infections >Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B >came from 127.0.0.1 >Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses > > >MailScanner is able to send notifications to the system administrator by >setting "Send Notices = yes", so that works. >It also possible to use /usr/sbin/sendmail (Postfix' version of it) to send >mails to external addresses from the command line. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Wed Jan 12 16:19:31 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doing that you are supporting viruses, because almost all virus have faked addresses. It´s better not to do that ----- Original Message ----- From: "Roel Schouten" To: Sent: Wednesday, January 12, 2005 5:00 PM Subject: MailScanner does not notify virus senders > Hello, > > My installation of MailScanner does not notify senders of viruses even > though I told it to do so. > Otherwise my installation works fine (it both filters spam & virus). > > I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 > with PostFix 2.0.16 as MTA. > Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 > > I use the following settings in /etc/MailScanner/MailScanner.conf (I only > included the ones, I believe to be relevant): > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > Sendmail = /usr/sbin/sendmail > Virus Scanners = clamavmodule > Quarantine Infections = no > Quarantine Silent Viruses = no > Notify Senders = yes > Notify Senders Of Viruses = yes > > To test the virus scanning functionality, I use the EICAR test virus. > The log does not show any errors: > Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, > 719 > bytes > Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: > Starting > Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: > Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module > found > 1 infections > Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B > came from 127.0.0.1 > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses > > > MailScanner is able to send notifications to the system administrator by > setting "Send Notices = yes", so that works. > It also possible to use /usr/sbin/sendmail (Postfix' version of it) to > send > mails to external addresses from the command line. > > Any clue? Thanks! > > Roel Schouten. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Wed Jan 12 16:07:58 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:28:10 2006 Subject: temporary file spawning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dear all Forgive me straight away if any of this has been answered before or is stupid on my part. Going through a bit of a baptism-of-fire at the moment with regard to mail servers. We have two mail servers running on Solaris 9 Sparc. Sendmail 8.12.10 utilizing MailScanner 4.36.4 to call SpamAssassin 3.0.1. Earlier today, one of our large mailing lists got hit a couple of times and the servers got a bit busy. However, something went wrong and /tmp filled up with spamassassin.25755.Bdgxlb.tmp esque files. Hundred of thousands were created in a short time, running /tmp out of i-nodes and thus effectively stopping MailScanner. Killing MailScanner, cleaning /tmp and restarting would then reproduce the problem again soon after. I truss'd the output of a few of the MailScanner processes that were going bad and all they were doing was trying to open new files in /tmp. Before my time, SA 2.6 was running and never provided any problems. Has anybody got any ideas? Are we thinking MailScanner or SA bugs possibly? We certainly are intending to get to SA 3.0.2, but there was some problem on out first attempt yesterday so we're stuck on 3.0.1 for a bit. Regards and Thanks Ade ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Jan 12 16:18:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Blank body in some HTML messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Almost certainly a file locking problem. If you are using sendmail, then please either upgrade to 4.37.7 or read the thread about "Banned Content question" and my latest posting to it. Brendan Chard wrote: >I recently upgraded to MS 4.35.11 on FreeBSD and started having problems >with one user who sends HTML messages using Earthlink's Mailbox e-mail >program. For some of the people he sends messages to the message body is >blank. This did not occur before performing the upgrade. > >All of his HTML messages report the following in the maillog as they are >scanned on the way out. > >Jan 11 07:47:15 server6 MailScanner[24311]: Content Checks: Detected and >will disarm HTML message in j0BCl5wg068278 >Jan 11 07:47:15 server6 MailScanner[24311]: Uninfected: Delivered 1 messages > >I saw a post back in November that reported that disabling the phishing >checks fixed the problem but there seemed to be no solution posted as to how >to get around it with keeping the phishing checks enabled. > >When the user switches to plain text everything works fine, but the user >would prefer to use HTML formatted messages. > >My Mailscanner.conf file has the following options set for dangerous content >scanning: > >Dangerous Content Scanning = yes >Allow Partial Messages = no >Allow External Message Bodies = no >Find Phishing Fraud = yes >Allow IFrame Tags = disarm >Log IFrame Tags = no >Allow Form Tags = disarm >Allow Script Tags = disarm >Allow WebBugs = yes >Allow Object Codebase Tags = disarm >Convert Dangerous HTML To Text = no >Convert HTML To Text = no > >Any light that can be shed on the empty e-mail bodies would be appreciated. > >-Brendan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 12 17:58:35 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hkbyte wrote: > I am working with a solution to block user to send out email by using > bcc. My idea is grapping the "Envelope recipient" during the SMTP > conversation and then check with all To: and CC: headers, if the > envelope recipient do not appear in the headers, the email is rejected. > Is there any help MailScanner can do ? Or where can I put my own Perl > Script if working with MailScanner. Any plans to include this in MailScanner? It would be very helpful to block/delete/reject delivery to addresses that are not in the To:/cc: fields. On the other hand, can anybody think of a legitimate reason for a BCC? -Vlad Mazek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jan 12 18:14:52 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: I make a point of BCC'ing management when responding to user requests for assistance. I've had too many instances of users keeping management in the dark for whatever reason. That way management can ignore (at their own risk) or be aware of any situation regarding support for their servers. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Vlad Mazek Sent: Wednesday, January 12, 2005 12:59 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Block outgoing bcc hkbyte wrote: > I am working with a solution to block user to send out email by using > bcc. My idea is grapping the "Envelope recipient" during the SMTP > conversation and then check with all To: and CC: headers, if the > envelope recipient do not appear in the headers, the email is rejected. > Is there any help MailScanner can do ? Or where can I put my own Perl > Script if working with MailScanner. Any plans to include this in MailScanner? It would be very helpful to block/delete/reject delivery to addresses that are not in the To:/cc: fields. On the other hand, can anybody think of a legitimate reason for a BCC? -Vlad Mazek ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Wed Jan 12 17:24:55 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I always use BCC for sending mail when sending to more then one person.  No one needs to know how many people I sent the same message to, and if I send it to multiple people outside of the company, I don't wany someone getting others email address to SPAM them or involve them in unappropriate discussions.  I send it to myself in the To: field and BCC: everyone else I send the message to.  It also keeps people from hitting reply all when they only need to reply to me and sending their reply to the entire group.  I really wish everyone would do this personally!!  Blocking BCC for most things would in my opinion a BAD idea!! Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Jan 12 18:33:12 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: Vlad Mazek wrote: > On the other hand, can anybody think of a legitimate reason for a BCC? Sure. If I'm sending to a large number of people that may or may know each other, I don't clutter up there display w/a bunch of addresses they don't know. I've received messages w/50 or more addresses, none of which I knew. Takes up several lines on the screen pushing the message way down to the bottom. Or if sending out a request for quote or something like that to multiple vendors we may or may not want each vendor to know who the competition is. I'm sure others have legitimate reasons as well. It's a handy feature; not necessarily nefarious... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From andy at TIRESWING.NET Wed Jan 12 18:44:17 2005 From: andy at TIRESWING.NET (Andy Norris) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: We've had our forms compromised with BCC problems. Have had to do much filtering on the emails before they're sent out. In fact, we save the text into a directory and have a cron job send them at intervals. We keep a copy for perusal that way. That said, if there were something in MailScanner that would protect server-wide, instead of having to think through each mail form, that would be incredible. Am bcc'ing this to everyone I know. Andy At 12:33 pm 2005-01-12, Kevin Miller wrote: >Vlad Mazek wrote: > > > On the other hand, can anybody think of a legitimate reason for a BCC? > >Sure. If I'm sending to a large number of people that may or may know each >other, I don't clutter up there display w/a bunch of addresses they don't >know. I've received messages w/50 or more addresses, none of which I knew. >Takes up several lines on the screen pushing the message way down to the >bottom. Or if sending out a request for quote or something like that to >multiple vendors we may or may not want each vendor to know who the >competition is. I'm sure others have legitimate reasons as well. It's a >handy feature; not necessarily nefarious... > > >...Kevin >-- >Kevin Miller Registered Linux User No: 307357 >CBJ MIS Dept. Network Systems Admin., Mail Admin. >155 South Seward Street ph: (907) 586-0242 >Juneau, Alaska 99801 fax: (907 586-4500 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 18:45:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Vlad Mazek wrote: > hkbyte wrote: > >> I am working with a solution to block user to send out email by using >> bcc. My idea is grapping the "Envelope recipient" during the SMTP >> conversation and then check with all To: and CC: headers, if the >> envelope recipient do not appear in the headers, the email is rejected. >> Is there any help MailScanner can do ? Or where can I put my own Perl >> Script if working with MailScanner. > > > Any plans to include this in MailScanner? None whatsoever. > It would be very helpful to block/delete/reject delivery to addresses > that are not in the To:/cc: > fields. Sorry, I strongly disagree. > On the other hand, can anybody think of a legitimate reason for a BCC? I will leave others to list out a few of the many reasons for using bcc. Would you really like your email address to be given out to everyone else in every mailing list you are a member of? A spammer subscribes to a list and automatically gets given a 100% accurate list of active email accounts read by people with interest in the list subject. They'll think it's Christmas every day! There are countless reasons for needing bcc, most of which are blindingly obvious. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHTSOLUTIONS.COM Wed Jan 12 18:47:39 2005 From: michele at BLACKNIGHTSOLUTIONS.COM (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: > Vlad Mazek wrote: > >> On the other hand, can anybody think of a legitimate reason for a >> BCC? I use BCC all the time if I'm sending to a small group of people - for larger groups I use custom software. Blocking BCC would be bad Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101 http://www.blacknight.ie/specialoffers.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jan 12 19:11:07 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:10 2006 Subject: user howling "MailScanner ate my mail" Message-ID: Guys, I have a manager howling that he didn't get an important attachment, and didn't get any notice that it got rejected either. The syslog of the message is attached. ClamAV tagged it as a zip-of-death "virus" and then the filename rules complained about bat files. My MailScanner.conf settings contain: Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Deliver Cleaned Messages = no Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes How would the recipient get notified of this event? On a larger note, how come there is no section in the conf setting like "Notifications back to the senders of blocked messages", only for recipients? There is also no indication from my syslogs that the sender ever got a clue about the rejection either, probably due to the "Deliver Silent Viruses" setting. On a side note, the Eicar virus should be added to Non-Forging virus list. I tried to use it for testing, and the "silent viruses" setting gobbled the response. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "widget") 33 lines. ] [ Unable to print this part. ] From admin at thenamegame.com Wed Jan 12 19:24:19 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: We changed the SSH port on our boxes from port 22 to another port due to execessive SSH2 hack attempts on our boxes. Im assume that when MS gets the updates on the hour it via the SSH port? After looking at the f-secure update logs I noticed we haven’t received a virus update since Dec 22, 2004. I looked all over the place for the script that gets updates but port 22 is not defined anywhere so my question is where is the script that determines which port the updates are retrieved on? Id like to change it to the new port but its not defined anywhere. Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Wed Jan 12 19:35:01 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:28:10 2006 Subject: Archiving Mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Craig > The Database doesn't hold the actual email, that is left on the disk in > either rfc822 or queue file format depending on the settings in > MailScanner.conf > > If you're already using the non-admin user's function to check against > quarantined stuff then its more of less the same thing for 'normal' > email. You just need to make sure you are archiving the email for X days > for those users an dthey can then forward the email to themselves if > they are daft enough to have a deleted the billing/work email. > > Thinking about all this, wouldn't it be better to add better controls > into the work flow so that work/billing info is held per job somewhere > like a document repository. That way if someone isn't available for work > you can still see their work to be done etc??? > Martin, this was a very good idea that had not occurred to me. All this time I was thinking I needed to archive their mail, but they only need a few months worth saved. I have plenty of room for that, so I am going to use this idea. Plus, I don't have to worry about looking everything up for them, they can do it themselves! :) Though, I needed to make a change to the detail.php file of MailWatch. It was pointing to the wrong location and giving me fits at first: In detail.php change following line (line 190 in my file): $quarantinedir = get_conf_var("QuarantineDir"); $quarantine = $quarantinedir.'/'.$row->date.'/'.$row->id; $spam = $quarantinedir."/".$row->date.'/spam/'.$row->id; $notspam = $quarantinedir."/".$row->date.'/not-spam/'.$row->id; Change the $notspam variable to point on the right directory name: $notspam = $quarantinedir."/".$row->date.'/nonspam/'.$row->id; Once I fixed this, I was in business. I just need to change the number of days to hold onto data in my clean-up scripts to accommodate 2-3 months instead of only one. Regarding the better controls comment, I have fought and fought to get them to print out these emails and attach them to our job tickets, etc. but I keep getting the answer that our files do not have the room for all the extra paper this would generate, or similar. So this is my solution in the mean time. -- Craig Daters (craig@westpress.com) Systems Administrator West Press Print Communications 1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax www.westpress.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 19:45:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner fetches the updates via whatever mechanism the AV vendor provides. But it's an outgoing connection to get the updates, and you will have moved the incoming SSH port, so that won't have any effect. Michael Freeman wrote: > We changed the SSH port on our boxes from port 22 to another port due > to execessive SSH2 hack attempts on our boxes. Im assume that when MS > gets the updates on the hour it via the SSH port? After looking at the > f-secure update logs I noticed we haven^Ňt received a virus update > since Dec 22, 2004. I looked all over the place for the script that > gets updates but port 22 is not defined anywhere so my question is > where is the script that determines which port the updates are > retrieved on? Id like to change it to the new port but its not defined > anywhere. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vlad at MAZEK.COM Wed Jan 12 19:47:25 2005 From: vlad at MAZEK.COM (Vlad Mazek) Date: Thu Jan 12 21:28:10 2006 Subject: Block outgoing bcc Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >I use BCC all the time if I'm sending to a small group of people - for >larger groups I use custom software. > >Blocking BCC would be bad > > I hope you folks read dilbert because you'll really appreciate this; I spend nearly every day sitting here fielding calls from CxO's who have a compelling business reason for one idea or another and are oblivious to explanations, logic and standards. After a few hours of trying to explain how email works, and after they have shut down every logical argument for why things are implemented the way they are, I actually consider their requirement as that is the only way to get them off the phone. Anyhow, thanks for the input. I'm not saying its a good idea, I'm just saying that the people are asking for a feature and knowing that I'll have to write it anyhow it would help if someone already did it. Today is one of those days where I dream of shutting down ExchangeDefender and MailScanner and letting them choke in viagra ads. I free up customers from junk mail and suddenly they have more time to get creative about ways to ruin my day. :( -Vlad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jan 12 19:52:39 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: Hi, This sounds like the issue I just raised with Eicar not being listed in the "Non-Forging Viruses" list. Try modifying your setting to: Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR Then make sure "Notify Senders Of Viruses" is set to yes. I've been playing with this, and these settings got things working for me (MS 4.37.7). Julian, I've managed to get myself really confused on this "notify senders of viruses" thing. My conf file has the following settings: Silent Viruses = HTML-IFrame All-Viruses Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR Notify Senders Of Viruses = yes Does this mean that senders of viruses *only* get notified if the virus is on the non-forging list? Jeff Earickson Colby College On Wed, 12 Jan 2005, Roel Schouten wrote: > Date: Wed, 12 Jan 2005 16:00:11 +0000 > From: Roel Schouten > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner does not notify virus senders > > Hello, > > My installation of MailScanner does not notify senders of viruses even > though I told it to do so. > Otherwise my installation works fine (it both filters spam & virus). > > I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel 2.4.21-27 > with PostFix 2.0.16 as MTA. > Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 > > I use the following settings in /etc/MailScanner/MailScanner.conf (I only > included the ones, I believe to be relevant): > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > Sendmail = /usr/sbin/sendmail > Virus Scanners = clamavmodule > Quarantine Infections = no > Quarantine Silent Viruses = no > Notify Senders = yes > Notify Senders Of Viruses = yes > > To test the virus scanning functionality, I use the EICAR test virus. > The log does not show any errors: > Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 messages, 719 > bytes > Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: Starting > Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: > Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV Module found > 1 infections > Jan 12 16:46:36 mail MailScanner[15031]: Infected message 2A34F581F5.4AD7B > came from 127.0.0.1 > Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses > > > MailScanner is able to send notifications to the system administrator by > setting "Send Notices = yes", so that works. > It also possible to use /usr/sbin/sendmail (Postfix' version of it) to send > mails to external addresses from the command line. > > Any clue? Thanks! > > Roel Schouten. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Wed Jan 12 18:51:28 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unless he is redirecting ports and its to the same port that the outgoing update is on.  That might be causing the problem. ---------- Original Message ----------- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 12 Jan 2005 19:45:31 +0000 Subject: Re: Virus updates no longer happening > MailScanner fetches the updates via whatever mechanism the AV vendor > provides. But it's an outgoing connection to get the updates, and you > will have moved the incoming SSH port, so that won't have any effect. > > Michael Freeman wrote: > > > We changed the SSH port on our boxes from port 22 to another port due > > to execessive SSH2 hack attempts on our boxes. Im assume that when MS > > gets the updates on the hour it via the SSH port? After looking at the > [WINDOWS-1252?]> f-secure update logs I noticed we haven^Ňt received a virus update > > since Dec 22, 2004. I looked all over the place for the script that > > gets updates but port 22 is not defined anywhere so my question is > > where is the script that determines which port the updates are > > retrieved on? Id like to change it to the new port but its not defined > > anywhere. > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. ------- End of Original Message ------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From admin at thenamegame.com Wed Jan 12 19:59:25 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: Well it was around Dec 21 that we changed the SSH port on this box so it seems to jive with the fact that because we did so that updates have now stopped. Im running f-secure and their code is encrypted so I cant determine exactly what they are doing. ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris Sweeney Sent: Wednesday, January 12, 2005 1:51 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Virus updates no longer happening Unless he is redirecting ports and its to the same port that the outgoing update is on. That might be causing the problem. ---------- Original Message ----------- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Wed, 12 Jan 2005 19:45:31 +0000 Subject: Re: Virus updates no longer happening > MailScanner fetches the updates via whatever mechanism the AV vendor > provides. But it's an outgoing connection to get the updates, and you > will have moved the incoming SSH port, so that won't have any effect. > > Michael Freeman wrote: > > > We changed the SSH port on our boxes from port 22 to another port due > > to execessive SSH2 hack attempts on our boxes. Im assume that when MS > > gets the updates on the hour it via the SSH port? After looking at the > [WINDOWS-1252?]> f-secure update logs I noticed we haven’t received a virus update > > since Dec 22, 2004. I looked all over the place for the script that > > gets updates but port 22 is not defined anywhere so my question is > > where is the script that determines which port the updates are > > retrieved on? Id like to change it to the new port but its not defined > > anywhere. > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. ------- End of Original Message ------- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 12 19:59:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:28:10 2006 Subject: MailScanner does not notify virus senders Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It means that sender of viruses *only* get notified if either of the following is true: a) Silent Viruses contains All-Viruses and the virus is on the Non-Forging Viruses list or b) Silent Viruses does not contain All-Viruses and does not list the virus that was present in the email message. Sorry for it being confusing, but I had to develop ways of forcing people's installations to adopt the behaviour I wanted them to have, without them having to change any settings they already had (and if possible without them actually noticing I was changing the operation of their system so they wouldn't change it back to doing it badly :-) Jeff A. Earickson wrote: > Hi, > > This sounds like the issue I just raised with Eicar not being listed > in the "Non-Forging Viruses" list. Try modifying your setting > to: > > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR > > Then make sure "Notify Senders Of Viruses" is set to yes. I've been > playing with this, and these settings got things working for me > (MS 4.37.7). > > Julian, > > I've managed to get myself really confused on this "notify senders > of viruses" thing. My conf file has the following settings: > > Silent Viruses = HTML-IFrame All-Viruses > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Eicar EICAR > Notify Senders Of Viruses = yes > > Does this mean that senders of viruses *only* get notified if the > virus is on the non-forging list? > > Jeff Earickson > Colby College > > On Wed, 12 Jan 2005, Roel Schouten wrote: > >> Date: Wed, 12 Jan 2005 16:00:11 +0000 >> From: Roel Schouten >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: MailScanner does not notify virus senders >> >> Hello, >> >> My installation of MailScanner does not notify senders of viruses even >> though I told it to do so. >> Otherwise my installation works fine (it both filters spam & virus). >> >> I use MailScanner 4.37.7 on a RedHat Enterprise 3 running kernel >> 2.4.21-27 >> with PostFix 2.0.16 as MTA. >> Moreover, I use ClamAV 0.80 and SpamAssassin 3.0.2 >> >> I use the following settings in /etc/MailScanner/MailScanner.conf (I >> only >> included the ones, I believe to be relevant): >> >> Run As User = postfix >> Run As Group = postfix >> Incoming Queue Dir = /var/spool/postfix/hold >> Outgoing Queue Dir = /var/spool/postfix/incoming >> MTA = postfix >> Sendmail = /usr/sbin/sendmail >> Virus Scanners = clamavmodule >> Quarantine Infections = no >> Quarantine Silent Viruses = no >> Notify Senders = yes >> Notify Senders Of Viruses = yes >> >> To test the virus scanning functionality, I use the EICAR test virus. >> The log does not show any errors: >> Jan 12 16:46:35 mail MailScanner[15031]: New Batch: Scanning 1 >> messages, 719 >> bytes >> Jan 12 16:46:36 mail MailScanner[15031]: Virus and Content Scanning: >> Starting >> Jan 12 16:46:36 mail MailScanner[15031]: ClamAVModule::INFECTED:: >> Eicar-Test-Signature:: ./2A34F581F5.4AD7B/msg-15031-1.txt >> Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: ClamAV >> Module found >> 1 infections >> Jan 12 16:46:36 mail MailScanner[15031]: Infected message >> 2A34F581F5.4AD7B >> came from 127.0.0.1 >> Jan 12 16:46:36 mail MailScanner[15031]: Virus Scanning: Found 1 viruses >> >> >> MailScanner is able to send notifications to the system administrator by >> setting "Send Notices = yes", so that works. >> It also possible to use /usr/sbin/sendmail (Postfix' version of it) >> to send >> mails to external addresses from the command line. >> >> Any clue? Thanks! >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jan 12 20:19:47 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:28:10 2006 Subject: Virus updates no longer happening Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Freeman wrote: > Well it was around Dec 21 that we changed the SSH port on this box so it > seems to jive with the fact that because we did so that updates have now > stopped. Im running f-secure and their code is encrypted so I cant > determine exactly what they are doing. IF all else fails temporarily change ssl port back to 22 and try a manual update. Then you will know for sure. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Wed Jan 12 21:45:18 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:28:10 2006 Subject: Stored Spam vs Virus Infected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm having a problem with stored spam, when users try to retrieve by having them resent they are rescanned by MailScanner again which then detects a virus and doesn't send. Works fine when the email doesn't contain a virus. The log entries show that on Jan 4, this email was determined to be spam and stored. The