From glenn.steen at gmail.com Fri Jul 1 00:16:35 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:11 2006 Subject: Debian-Postfix install guide Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 6/30/05, Ugo Bellavance wrote: > Julian Field wrote: > > How is the wiki on these subjects? > > There isn't much distro-specific material in the wiki. Once this debian > guide is crystal, I'll put it on the wiki and create a distro-specific > section. I may eventually have time to create a FreeBSD manual as well, > but I don't have any machine that is under my control that runs FreeBSD. > For the rest, Mandrake, Gentoo, SUSE, Slackware, SUN & others, the > debian relies on the contribution of people... > (snip)> -- > Ugo Should the wiki become more distro-specific? I don't know, but I've tried to be very general in what I've written so far.... Keep any nitgritty details in a "notes" section or so... After all, everything about anything from MTA to MailScanner to AVs etc etc are pretty much the same on any *nix system. Some things need special mention, or a specific section, but do we really want 32 different "How to install MS on ? -- -- Glenn (still on vacation, still slightly drunk) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Fri Jul 1 02:31:26 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:30:11 2006 Subject: denying email from your own domain but external IP's? Message-ID: I'd like to toss all email if the 'from' address is of my own domain (xyz.com), and it does NOT originate from my internal 192.168.1.0/24 network. Can I do this with MailScanner? Or can I even do it with Sendmail itself instead? Basically in our environment, people can use our internal mail client while at work, or they can use our webmail, but thats IT. (ie, no Outlook express clients at home :). So essentially anything with the 'from' as xyz.com and NOT using our internal IP addressing would have to be forged. thanks Matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri Jul 1 07:57:06 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:30:11 2006 Subject: AV for Windows Clients with Central Admin? Message-ID: Hi Jason, have a look at CA eTrust AntiVirus 7.1. Has centralized management, two scan engines, supports all Windows platforms, Linux, MacOSX, Exchange, PDAs and is very cheap (meaning you pay per client regardless of what the client does). Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Christo at IT4AFRICA.CO.ZA Fri Jul 1 08:15:00 2005 From: Christo at IT4AFRICA.CO.ZA (Christo Bezuidenhout) Date: Thu Jan 12 21:30:11 2006 Subject: AV for Windows Clients with Central Admin? {Virus Scanned} Message-ID: You can also look at F-secure. Using 3 scan engines and also have support for several O/S's With nice central management interface. Christo > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan-Peter Koopmann > Sent: 01 July 2005 08:57 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: AV for Windows Clients with Central Admin? > {Virus Scanned} > > Hi Jason, > > have a look at CA eTrust AntiVirus 7.1. Has centralized > management, two scan engines, supports all Windows platforms, > Linux, MacOSX, Exchange, PDAs and is very cheap (meaning you > pay per client regardless of what the client does). > > Kind regards, > JP > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ivessm at softecusa.com Fri Jul 1 14:00:43 2005 From: ivessm at softecusa.com (Stewart M. Ives) Date: Thu Jan 12 21:30:11 2006 Subject: AV for Windows Clients with Central Admin? {Virus Scanned} Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] AVG from Grisoft has a console that can store it's stuff on a Linux box but I think the interface has to be from a Windows client. That shouldn't be a problem. They also have AV for Win & Linux. Not free but worth a look. stew ---------- Original Message ----------- From: Christo Bezuidenhout To: MAILSCANNER@JISCMAIL.AC.UK Sent: Fri, 1 Jul 2005 09:15:00 +0200 Subject: Re: AV for Windows Clients with Central Admin? {Virus Scanned} > You can also look at F-secure. Using 3 scan engines and also have support > for several O/S's > > With nice central management interface. > > Christo > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan-Peter Koopmann > > Sent: 01 July 2005 08:57 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: AV for Windows Clients with Central Admin? > > {Virus Scanned} > > > > Hi Jason, > > > > have a look at CA eTrust AntiVirus 7.1. Has centralized > > management, two scan engines, supports all Windows platforms, > > Linux, MacOSX, Exchange, PDAs and is very cheap (meaning you > > pay per client regardless of what the client does). > > > > Kind regards, > > JP > > > > ------------------------ MailScanner list > > ------------------------ To unsubscribe, email > > jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Fri Jul 1 16:35:37 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:11 2006 Subject: AV for Windows Clients with Central Admin? {Virus Scanned} Message-ID: Thanks to everyone who replied. I contacted Sophos and found out that they have written a workstation installer for version 5.0 that will run on XP Pro and 2K workstations. You can then manage version 5.0 (according to the email I got -- I haven't tested this yet) from the old install of Enterprise Manager. As an aside, I'm downloading that workstation installer right now -- 72MB. WTF? However, they recommend that this solution not be used for networks larger than 10 workstations which ultimately puts me back where I was. So, I'll be evaluating all the suggestions that everyone made and picking one of those for future networks. Thanks again, --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From TGFurnish at HERFFJONES.COM Fri Jul 1 17:08:01 2005 From: TGFurnish at HERFFJONES.COM (Furnish, Trever G) Date: Thu Jan 12 21:30:11 2006 Subject: denying email from your own domain but external IP's? Message-ID: That's exactly what SPF is for: http://spf.pobox.com/ You can hook it into sendmail as a milter (but I had lots of memory leak problems that way, probably due to bugs in the perl threading library it uses - YMMV): http://spf.pobox.com/downloads.html ...or you can let SpamAssassin do the spf checks for you (and you should only do these in one place, the MTA or SpamAssassin, not both, to avoid needlessly doing the same DNS lookups twice). You'll have to publish TXT entries for your domains (and subdomains - consider using a wildcard entry). This wizard can help figure that out: http://spf.pobox.com/wizard.html If you have addresses hosted in your domain(s) which you then forward to different domains, that will run the risk of breaking with vanilla SPF. To deal with that you need to use "SRS" in addition to SPF - haven't done that personally, can't help there. HTH. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kehler > Sent: Thursday, June 30, 2005 8:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: denying email from your own domain but external IP's? > > I'd like to toss all email if the 'from' address is of my own > domain (xyz.com), and it does NOT originate from my internal > 192.168.1.0/24 network. Can I do this with MailScanner? Or > can I even do it with Sendmail itself instead? > > Basically in our environment, people can use our internal > mail client while at work, or they can use our webmail, but > thats IT. (ie, no Outlook express clients at home :). So > essentially anything with the 'from' as xyz.com and NOT using > our internal IP addressing would have to be forged. > > thanks > Matt > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jul 1 17:19:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:11 2006 Subject: Convert 'store'd emails mbox format Message-ID: All I've got lots of emails on my server that are in the quarantine/nonspam directories. These seem to in some odd format - they ain't rfc 862 format as they start with... Received: from smtp.nildram.co.uk ([195.112.4.54]) by towers.solid-state-logic.com with esmtp (Exim (FreeBSD)) id 1DoKty-00015S-4n for someusers@solid-state-logic.com; Fri, 01 Jul 2005 13:45:50 +010 BUT (there's always a but aint there ;-) I need to get these into rfc862 format so I can cat them together in one big mbox file and pop them into Thunderbird (or whatever) so I can look at them as if I has recieved them myself. Any ideas of perl/shell/.. wizardry that would do this??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris.connell at ISSOLUTIONS.CO.UK Fri Jul 1 17:26:03 2005 From: chris.connell at ISSOLUTIONS.CO.UK (Chris Connell) Date: Thu Jan 12 21:30:11 2006 Subject: Mailscanner upgrade question Message-ID: Hello I have upgraded our email gateway to MailScanner 4.429 and Spamassassin 3.0.4 and used the config file upgrade utility. Everything was working fine but recently we have messages that are not spam and the subject is modified with the [SPAM] line saying things like [SPAM] Found word(s) find out more in the Text body [SPAM] Found word(s) list error remove list in the Text body Note we still get the normal {SPAM?} tagged email which mailscanner puts in with spamassassin score > 6 as before. I have looked what is possibly putting the first [SPAM] subject modifier in, is it MailScanner or Spamassassin? I cannot find any documentation regarding changes in default behaviour in both for modifying the subject. > Chris Connell This message is intended for the addressee only. It may contain information of a confidential or legally privileged nature. If you have received this message in error please notify the sender and destroy the message immediately. All attachments have been scanned for viruses. However we cannot accept liability for any loss or damage you may incur as a result of virus infection. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at PDSCC.COM Fri Jul 1 17:39:25 2005 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Jan 12 21:30:11 2006 Subject: procedures for getting stuff out of the quarantine on older MS version Message-ID: On 30 Jun 2005 at 21:31, Kai Schaetzl wrote: > > So what are the disadvantages (if any) of using mailwatch? > In contrast to what? In contrast to not using it. There are pros and cons to using ANY TOOL, no matter how good, I need to know the flip side, does it slow things down, cause any security issues, have a complicated setup, require a lot of end user training, etc, etc, etc. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at PDSCC.COM Fri Jul 1 17:39:25 2005 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Jan 12 21:30:11 2006 Subject: procedures for getting stuff out of the quarantine on older MS version Message-ID: On 30 Jun 2005 at 13:07, Craig Daters wrote: > It does indeed have this feature. You can release just the file, the > message, or both, to the intended recipient, or you can release it/them > to other recipients and/or both . There is no disadvantage to using Cool, that's exactly what's needed. > MailWatch, other than the fact that it uses MySQL, and can result in a > rather large db depending on your mail traffic. But there are tools Hmmm, well, this machine is a mail relay for a network of approx 50 engineers running Samsung Contact. They get and send a LOT of attachments, autocad drawings and the like. The mail relay is an athlon 800mhz with 256mb and a single 40gb ata100 disk. We use the archive feature to keep copies of all email coming into or going out of the network. This gets written to dvd once a week or so and the entire machine is backed up daily across the network. This brings up another question, will Mailwatch allow the admin the ability to look at the messages in the archive? If so how does it deal with the fact that the archive is wiped once a week and started fresh, will that cause any problems? > (scripts) to help manage this. If you machine is pretty beefy, then > this might not be to much of a concern. What do you think of the specs above? -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jul 1 17:42:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:11 2006 Subject: Mailscanner upgrade question Message-ID: Chris I'd say neither and something else is putting these in. Can you post an example if JUST the headers in a case if this rather odd Subject.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Connell wrote: > Hello > > I have upgraded our email gateway to MailScanner 4.429 and Spamassassin > 3.0.4 and used the config file upgrade utility. > > Everything was working fine but recently we have messages that are not > spam and the subject is modified with the [SPAM] line saying things like > > [SPAM] Found word(s) find out more in the Text body > [SPAM] Found word(s) list error remove list in the Text body > > Note we still get the normal {SPAM?} tagged email which mailscanner puts > in with spamassassin score > 6 as before. > > I have looked what is possibly putting the first [SPAM] subject modifier > in, is it MailScanner or Spamassassin? > > I cannot find any documentation regarding changes in default behaviour > in both for modifying the subject. > > > > Chris Connell > > This message is intended for the addressee only. It may contain information of a confidential or legally privileged nature. If you have received this message in error please notify the sender and destroy the message immediately. > > All attachments have been scanned for viruses. However we cannot accept liability for any loss or damage you may incur as a result of virus infection. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jason.broome at FREECOM.NET Fri Jul 1 17:38:03 2005 From: jason.broome at FREECOM.NET (Jason Broome) Date: Thu Jan 12 21:30:11 2006 Subject: Mailscanner upgrade question [Scanned by Freecom.net] Message-ID: I^Òm currently on annual leave and return to work on 08/07/05 If you require Technical Support please call the Technical Support Team on 08708 800100 (option 2). Regards Jason Broome 3rd Line Operations Freecom.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris.connell at ISSOLUTIONS.CO.UK Fri Jul 1 17:48:42 2005 From: chris.connell at ISSOLUTIONS.CO.UK (Chris Connell) Date: Thu Jan 12 21:30:11 2006 Subject: Mailscanner upgrade question Message-ID: Hello Martin, Here is an example, we have an exchange server which gets the filtered email from our unix gateway running mailscanner. However I have not asked our exchange administrator if it could be that. I will check. Regards Chris Microsoft Mail Internet Headers Version 2.0 Received: from ns1.issolutions.co.uk ([193.129.122.21]) by issexchsvr.win.issolutions.co.uk with Microsoft SMTPSVC(6.0.3790.211); Fri, 1 Jul 2005 16:14:32 +0100 Received: from exch.interhouse.net (exch.interhouse.net [80.85.66.51]) by ns1.issolutions.co.uk (8.12.10/8.12.10) with ESMTP id j61FDgnd027190 for ; Fri, 1 Jul 2005 16:13:44 +0100 (BST) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C57E4F.77091846" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326 Subject: [SPAM] - RE: Tape change request - Found word(s) list error remove list in the Text body Date: Fri, 1 Jul 2005 16:13:41 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [SPAM] - RE: Tape change request - Found word(s) list error remove list in the Text body thread-index: AcTOYXANIwKvr0RZSFGHWwZlhfUGIiv6UlqwAAEsMTA= From: "Jon Wood" To: "Chris Connell" , "UK Hex Noc Mailing List" X-ISS-MailScanner-Information: Please contact the ISP for more information X-ISS-MailScanner: Found to be clean X-MailScanner-From: jon.wood@interhouse.net X-Logged: Logged by ns1.issolutions.co.uk as j61FDgnd027190 at Fri Jul 1 16:13:44 2005 Return-Path: X-OriginalArrivalTime: 01 Jul 2005 15:14:32.0439 (UTC) FILETIME=[956CF870:01C57E4F] ------_=_NextPart_001_01C57E4F.77091846 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C57E4F.77091846 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C57E4F.77091846-- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: 01 July 2005 17:42 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner upgrade question Chris I'd say neither and something else is putting these in. Can you post an example if JUST the headers in a case if this rather odd Subject.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Connell wrote: > Hello > > I have upgraded our email gateway to MailScanner 4.429 and Spamassassin > 3.0.4 and used the config file upgrade utility. > > Everything was working fine but recently we have messages that are not > spam and the subject is modified with the [SPAM] line saying things like > > [SPAM] Found word(s) find out more in the Text body > [SPAM] Found word(s) list error remove list in the Text body > > Note we still get the normal {SPAM?} tagged email which mailscanner puts > in with spamassassin score > 6 as before. > > I have looked what is possibly putting the first [SPAM] subject modifier > in, is it MailScanner or Spamassassin? > > I cannot find any documentation regarding changes in default behaviour > in both for modifying the subject. > > > > Chris Connell > > This message is intended for the addressee only. It may contain information of a confidential or legally privileged nature. If you have received this message in error please notify the sender and destroy the message immediately. > > All attachments have been scanned for viruses. However we cannot accept liability for any loss or damage you may incur as a result of virus infection. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Fri Jul 1 17:54:54 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:30:11 2006 Subject: AV for Windows Clients with Central Admin? {Virus Scanned} Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: >Thanks to everyone who replied. > >I contacted Sophos and found out that they have written a >workstation installer for version 5.0 that will run on XP >Pro and 2K workstations. You can then manage version 5.0 >(according to the email I got -- I haven't tested this >yet) from the old install of Enterprise Manager. > >As an aside, I'm downloading that workstation installer >right now -- 72MB. WTF? > >However, they recommend that this solution not be used for >networks larger than 10 workstations which ultimately puts >me back where I was. > > I wonder if they are saying that because they assume your Central Install Directory (CID) is on the same machine that runs the Enterprise Manager and they don't want to encourage you to violate Microsoft's maximum or 10 connections to a workstation. In my case, the Enterprise Manager just keeps the CID up to date, but the CID itself is on a samba share hosted by a linux file server. There should be no violation in that case, as the workstations don't contact the EM workstation, they only contact the fileserver. I think there is also supposed to be an option in the new version for the workstations to update from a website (like the older remote update can do), in which case the webserver would probably be a linux machine and the EM would just keep it up to date. Again, there would be no violation of the 10 connections rule. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 (510) 549-1906 ext 236 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Jul 1 17:55:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:11 2006 Subject: Convert 'store'd emails mbox format Message-ID: oops did I say rfc 862, of course I meant rfc822 - it been a long week.... Anyway look like the store function ain't putting the "From: " line in the email. Is this a bug???? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Martin Hepworth wrote: > All > I've got lots of emails on my server that are in the > quarantine/nonspam directories. These seem to in some odd format - > they ain't rfc 862 format as they start with... > > Received: from smtp.nildram.co.uk ([195.112.4.54]) > by towers.solid-state-logic.com with esmtp (Exim (FreeBSD)) > id 1DoKty-00015S-4n > for someusers@solid-state-logic.com; Fri, 01 Jul 2005 13:45:50 +010 > > > BUT (there's always a but aint there ;-) I need to get these into rfc862 > format so I can cat them together in one big mbox file and pop them into > Thunderbird (or whatever) so I can look at them as if I has recieved > them myself. > > Any ideas of perl/shell/.. wizardry that would do this??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Fri Jul 1 18:02:29 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:30:11 2006 Subject: AV for Windows Clients with Central Admin? {Virus Scanned} Message-ID: Mark Nienberg <> wrote: > I wonder if they are saying that because they assume your Central > Install Directory (CID) is on the same machine that runs the > Enterprise Manager and they don't want to encourage you to violate > Microsoft's maximum or 10 connections to a workstation. In my case, That's what I assumed as well. However, on the page that they sent me a link to, it implies that you would be in violation of Microsoft licensing by just running it on a workstation. I'm going to run it this way until my subscription runs out, and by then they'll either fix this issue, make a true management tool for Linux or I'll find another vendor. I'd hate to do that, since I like Sophos so much. I have the same setup as you: CIDs are on the Samba server and the EM runs on my personal workstation. Here's the link they sent me: http://www.sophos.com/support/knowledgebase/article/2577.html --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris.connell at ISSOLUTIONS.CO.UK Fri Jul 1 18:14:00 2005 From: chris.connell at ISSOLUTIONS.CO.UK (Chris Connell) Date: Thu Jan 12 21:30:11 2006 Subject: Mailscanner upgrade question Message-ID: Apologies, Our exchange administrator admitted to installing some disclaimer software which had some inbuilt useless spam checking features. This is what modified the subject. Chris -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris Connell Sent: 01 July 2005 17:49 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner upgrade question Hello Martin, Here is an example, we have an exchange server which gets the filtered email from our unix gateway running mailscanner. However I have not asked our exchange administrator if it could be that. I will check. Regards Chris Microsoft Mail Internet Headers Version 2.0 Received: from ns1.issolutions.co.uk ([193.129.122.21]) by issexchsvr.win.issolutions.co.uk with Microsoft SMTPSVC(6.0.3790.211); Fri, 1 Jul 2005 16:14:32 +0100 Received: from exch.interhouse.net (exch.interhouse.net [80.85.66.51]) by ns1.issolutions.co.uk (8.12.10/8.12.10) with ESMTP id j61FDgnd027190 for ; Fri, 1 Jul 2005 16:13:44 +0100 (BST) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C57E4F.77091846" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326 Subject: [SPAM] - RE: Tape change request - Found word(s) list error remove list in the Text body Date: Fri, 1 Jul 2005 16:13:41 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [SPAM] - RE: Tape change request - Found word(s) list error remove list in the Text body thread-index: AcTOYXANIwKvr0RZSFGHWwZlhfUGIiv6UlqwAAEsMTA= From: "Jon Wood" To: "Chris Connell" , "UK Hex Noc Mailing List" X-ISS-MailScanner-Information: Please contact the ISP for more information X-ISS-MailScanner: Found to be clean X-MailScanner-From: jon.wood@interhouse.net X-Logged: Logged by ns1.issolutions.co.uk as j61FDgnd027190 at Fri Jul 1 16:13:44 2005 Return-Path: X-OriginalArrivalTime: 01 Jul 2005 15:14:32.0439 (UTC) FILETIME=[956CF870:01C57E4F] ------_=_NextPart_001_01C57E4F.77091846 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C57E4F.77091846 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ------_=_NextPart_001_01C57E4F.77091846-- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: 01 July 2005 17:42 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner upgrade question Chris I'd say neither and something else is putting these in. Can you post an example if JUST the headers in a case if this rather odd Subject.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Chris Connell wrote: > Hello > > I have upgraded our email gateway to MailScanner 4.429 and Spamassassin > 3.0.4 and used the config file upgrade utility. > > Everything was working fine but recently we have messages that are not > spam and the subject is modified with the [SPAM] line saying things like > > [SPAM] Found word(s) find out more in the Text body > [SPAM] Found word(s) list error remove list in the Text body > > Note we still get the normal {SPAM?} tagged email which mailscanner puts > in with spamassassin score > 6 as before. > > I have looked what is possibly putting the first [SPAM] subject modifier > in, is it MailScanner or Spamassassin? > > I cannot find any documentation regarding changes in default behaviour > in both for modifying the subject. > > > > Chris Connell > > This message is intended for the addressee only. It may contain information of a confidential or legally privileged nature. If you have received this message in error please notify the sender and destroy the message immediately. > > All attachments have been scanned for viruses. However we cannot accept liability for any loss or damage you may incur as a result of virus infection. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Fri Jul 1 18:27:54 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:30:11 2006 Subject: AV for Windows Clients with Central Admin? {Virus Scanned} Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Balicki wrote: >Mark Nienberg <> wrote: > > >>I wonder if they are saying that because they assume your Central >>Install Directory (CID) is on the same machine that runs the >>Enterprise Manager and they don't want to encourage you to violate >>Microsoft's maximum or 10 connections to a workstation. In my case, >> >> > >That's what I assumed as well. However, on the page >that they sent me a link to, it implies that you would >be in violation of Microsoft licensing by just running >it on a workstation. I'm going to run it this way >until my subscription runs out, and by then they'll >either fix this issue, make a true management tool >for Linux or I'll find another vendor. I'd hate >to do that, since I like Sophos so much. > >I have the same setup as you: CIDs are on the Samba server >and the EM runs on my personal workstation. > >Here's the link they sent me: > >http://www.sophos.com/support/knowledgebase/article/2577.html > > > I see. There is a distinction between the EM Library and the Enterprise Console. You can use EM Library to update the CID without violating the 10 connection rule as long as the CID is not on a workstation. It's the Console application that you shouldn't run from a workstation. I haven't ever used that part anyway, as the setup seemed too complicated. Thanks for that link. I need to start thinking about this too. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 (510) 549-1906 ext 236 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 1 18:20:58 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:11 2006 Subject: Debian-Postfix install guide Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 6/30/05, Ugo Bellavance wrote: > >>Julian Field wrote: >> >>>How is the wiki on these subjects? >> >>There isn't much distro-specific material in the wiki. Once this debian >>guide is crystal, I'll put it on the wiki and create a distro-specific >>section. I may eventually have time to create a FreeBSD manual as well, >>but I don't have any machine that is under my control that runs FreeBSD. >> For the rest, Mandrake, Gentoo, SUSE, Slackware, SUN & others, the >>debian relies on the contribution of people... >> > > (snip)> -- > >>Ugo > > Should the wiki become more distro-specific? I don't know, but I've > tried to be very general in what I've written so far.... Keep any > nitgritty details in a "notes" section or so... After all, everything > about anything from MTA to MailScanner to AVs etc etc are pretty much > the same on any *nix system. Some things need special mention, or a > specific section, but do we really want 32 different "How to install > MS on ? > I agree. Debian isn't a lot different from RH. apt/aptitude instead of yum/up2date. The packages are there. The rest are just 'things you have to be used to when using distro X'. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 1 18:25:03 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:11 2006 Subject: denying email from your own domain but external IP's? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: > I'd like to toss all email if the 'from' address is of my own domain > (xyz.com), and it does NOT originate from my internal 192.168.1.0/24 > network. Can I do this with MailScanner? Or can I even do it with > Sendmail itself instead? > > Basically in our environment, people can use our internal mail client > while at work, or they can use our webmail, but thats IT. (ie, no > Outlook express clients at home :). So essentially anything with the > 'from' as xyz.com and NOT using our internal IP addressing would have to > be forged. > > thanks > Matt > And this is how I manage it http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spf:install:sendmail:spfmilter Plus spf DNS records. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 1 18:23:04 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:11 2006 Subject: denying email from your own domain but external IP's? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kehler wrote: > I'd like to toss all email if the 'from' address is of my own domain > (xyz.com), and it does NOT originate from my internal 192.168.1.0/24 > network. Can I do this with MailScanner? Or can I even do it with > Sendmail itself instead? > > Basically in our environment, people can use our internal mail client > while at work, or they can use our webmail, but thats IT. (ie, no > Outlook express clients at home :). So essentially anything with the > 'from' as xyz.com and NOT using our internal IP addressing would have to > be forged. Forwarded by Ugo for Steve: Check out this "clams to be us sendmail test which blocks email on bad HELO/EHLO information: http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html We just installed this test at a site that was getting hammered with spam and viruses from email addresses pretending to be from their domain. It stopped these attacks cold. Steve Steve Swaney steve@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jul 1 19:17:13 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:11 2006 Subject: ClamV updates Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >I will wait to see what the next output of logwatch is, hopefully it >will be fixed after cleaning up a bit. > > > > Why not just run logwatch now? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Fri Jul 1 21:08:08 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:11 2006 Subject: Typo in CustomSpamScanner? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Looking at: # $fh->print(@$message); # # $score = <$fh>; # chomp $core; # $score = $score+0.0; # should that chomp maybe chomp $score instead of $core? - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCxaKoPMoaMn4kKR4RAgo1AJ9+jz9P+ZIahUdtgP5PSoV/s7uILwCeLuuo VVSbg1RzciX+JeQum/3yO6c= =EHXh -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 1 21:20:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: Typo in CustomSpamScanner? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for that. Fixed. Now if only I didn't have to work on a dialup modem all weekend as BT have broken my ADSL :-( David H. wrote: >* PGP Signed by an unverified key: 07/01/05 at 21:08:08 > >Looking at: > ># $fh->print(@$message); ># ># $score = <$fh>; ># chomp $core; ># $score = $score+0.0; ># > >should that chomp maybe chomp $score instead of $core? > >-d > >* David H. (Fink Key.) >* 0x7E24291E - Unverified (L) > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQsWloBH2WUcUFbZUEQLsywCgrssUTtw6OLhyoUEHC+UvpHsvyJoAnA4a K5xr2Gw1jMLVmzXtrwXZQjt0 =6d2y -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 1 21:31:36 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:12 2006 Subject: procedures for getting stuff out of the quarantine on older MS version Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Harondel J. Sibble wrote on Fri, 1 Jul 2005 09:39:25 -0700: > In contrast to not using it. Oh. None. > There are pros and cons to using ANY TOOL, No, no cons, unless you consider a PHP web interface a security threat. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 1 21:31:37 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:12 2006 Subject: denying email from your own domain but external IP's? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote on Fri, 1 Jul 2005 13:23:04 -0400: > http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html > > We just installed this test at a site that was getting hammered with > spam and viruses from email addresses pretending to be from their > domain. It stopped these attacks cold. This is a great patch I use since long, but it won't help against forged email addresses. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 1 21:31:36 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:12 2006 Subject: procedures for getting stuff out of the quarantine on older MS version Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Harondel J. Sibble wrote on Fri, 1 Jul 2005 09:39:25 -0700: > This brings up another question, will Mailwatch allow the admin the ability > to look at the messages in the archive? Yes. If so how does it deal with the fact > that the archive is wiped once a week and started fresh, will that cause any > problems? No. You just won't be able to read the messages, you will still have all the data for them. Try it. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Fri Jul 1 22:03:45 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:30:12 2006 Subject: Few spam related questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello everyone! just wanted to ask a few spam related questions in regards to MS and plugins. 1.) Anybody having problems with pyzor? lately, mine has been timing out. I can 'discover' fine, but timeout when I ping. 2.) Been working with Bayes a lot lately and have a question about the following entry in spam.assassin.prefs.conf # Bump up SpamAssassin scores on the high and low end # score BAYES_00 -15.0 # score BAYES_05 -5.0 # score BAYES_95 5.0 # score BAYES_99 15.0 Those are currently commented out, but i'd like to use them if possible. Anyone have recommendations on how to set this? Personal preference? I'd like to get bayes working as best as I can. Wasn't quite sure on the best way to utilizie this part. I am also going to implement rulesdujour as well. I've added some of the rules from rulesemporium and it has made a difference. Now, i just need to keep at this so I can ensure my spamblocking continues. After that, I need to look at MCP. :) Thanks and everyone have a good weekend. Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Fri Jul 1 22:13:09 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:12 2006 Subject: Few spam related questions Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Williams wrote: > Hello everyone! just wanted to ask a few spam related questions in > regards to MS and plugins. > > 1.) Anybody having problems with pyzor? lately, mine has been timing > out. I can 'discover' fine, but timeout when I ping. > > 2.) Been working with Bayes a lot lately and have a question about the > following entry in spam.assassin.prefs.conf > > > # Bump up SpamAssassin scores on the high and low end > # score BAYES_00 -15.0 > # score BAYES_05 -5.0 > # score BAYES_95 5.0 > # score BAYES_99 15.0 > > > Those are currently commented out, but i'd like to use them if possible. > Anyone have recommendations on how to set this? Personal preference? I'd > like to get bayes working as best as I can. Wasn't quite sure on the > best way to utilizie this part. > I think this does depend on your corpus of spam and thus the dictionary that you are getting. We are tracking these numbers over the months, the data is collected and then piped into R (www.r-project.org). That Program then runs a few Macros projecting a Trendline as well as showing upper and lower boundaries and the likelyhood that you get a false positive. Such statistical analysis is surely also possible in your setup - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCxbHlPMoaMn4kKR4RAlNuAJ40GSrh5B9OKcICs1I/+3Tt6E3+xwCeOdye YsV+8ahemwATjQ33521iohI= =G15b -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Fri Jul 1 22:22:29 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:30:12 2006 Subject: Few spam related questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Hello everyone! just wanted to ask a few spam related questions in > regards to MS and plugins. > > 1.) Anybody having problems with pyzor? lately, mine has been timing > out. I can 'discover' fine, but timeout when I ping. Pyzor seems to be working fine for me. I am not seeing any spamassassin timeouts and I see Pyzor scores in the logs. > > 2.) Been working with Bayes a lot lately and have a question about the > following entry in spam.assassin.prefs.conf > > > # Bump up SpamAssassin scores on the high and low end > # score BAYES_00 -15.0 > # score BAYES_05 -5.0 > # score BAYES_95 5.0 > # score BAYES_99 15.0 > > > Those are currently commented out, but i'd like to use them if possible. > Anyone have recommendations on how to set this? Personal preference? > I'd like to get bayes working as best as I can. Wasn't quite sure on > the best way to utilizie this part. Personally, I bump up the scores for positive bayes tests but I flatten the scores for the negative tests. I've seen too many examples of messages that trigger low bayes tests and then receive a negative score that cancels out the other spam scores. In my experience, I have never seen a legitimate message score so high on other tests that it would require a -15 from bayes in order to avoid being tagged as spam. This may be quite different for other sites, so you really have to study some messages and stats for a while to see what works for you. Here are my current values: score BAYES_00 -1.00 score BAYES_05 -0.75 score BAYES_20 -0.50 score BAYES_40 -0.25 score BAYES_60 2.00 score BAYES_80 2.50 score BAYES_95 4.00 score BAYES_99 6.00 -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 (510) 549-1906 ext 236 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Fri Jul 1 22:31:45 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:12 2006 Subject: OT: Changing Reply To: when replying to Mail List Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is it considered bad form to change the Reply To: field when you reply to a message on a mailing list. I'm kinda of slow and just realized why several of my posts never made it to the list. I just reply to a post and failed to notice that in some cases the email was not being delivered to the list, but instead went to the poster. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jul 1 22:43:18 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:12 2006 Subject: Changing Reply To: when replying to Mail List Message-ID: If I notice, I do a reply-all, and usually delete the original sender so it goes back to the list. Some lists I'm on default to the sender, not the list. I consider those misconfigured. YMMV. If I get a not on the list, I think the proper protocol is to reply there. Otherwise what's the use of having a list? As the old commercial says, "it's nice to share"... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -----Original Message----- From: Ed Bruce [mailto:ebruce@HPMICH.COM] Sent: Friday, July 01, 2005 1:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: Changing Reply To: when replying to Mail List Is it considered bad form to change the Reply To: field when you reply to a message on a mailing list. I'm kinda of slow and just realized why several of my posts never made it to the list. I just reply to a post and failed to notice that in some cases the email was not being delivered to the list, but instead went to the poster. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at blacknight.ie Fri Jul 1 22:40:56 2005 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:30:12 2006 Subject: Changing Reply To: when replying to Mail List Message-ID: > Is it considered bad form to change the Reply To: field when > you reply to a message on a mailing list. I'm kinda of slow > and just realized why several of my posts never made it to > the list. I just reply to a post and failed to notice that in > some cases the email was not being delivered to the list, but > instead went to the poster. It's probably your MUA that's doing it - thunderbird can be a bit silly at times, though using the "reply all" option seems to make even the dumbest MUA play nice M ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 1 22:55:21 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:12 2006 Subject: Changing Reply To: when replying to Mail List Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon:: Blacknight.ie wrote: >>Is it considered bad form to change the Reply To: field when >>you reply to a message on a mailing list. I'm kinda of slow >>and just realized why several of my posts never made it to >>the list. I just reply to a post and failed to notice that in >>some cases the email was not being delivered to the list, but >>instead went to the poster. > > > It's probably your MUA that's doing it - thunderbird can be a bit silly at > times, though using the "reply all" option seems to make even the dumbest > MUA play nice > > M > Using Thunderbird with gmail doesn't have this problem :). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jul 1 23:28:43 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:12 2006 Subject: Changing Reply To: when replying to Mail List Message-ID: Michele Neylon:: Blacknight.ie wrote: >> Is it considered bad form to change the Reply To: field when >> you reply to a message on a mailing list. I'm kinda of slow >> and just realized why several of my posts never made it to >> the list. I just reply to a post and failed to notice that in >> some cases the email was not being delivered to the list, but >> instead went to the poster. > > It's probably your MUA that's doing it - thunderbird can be a bit > silly at times, though using the "reply all" option seems to make > even the dumbest MUA play nice Well, I usually see it with Outlook, but looking at the headers, it appears that the lists that do it don't put a reply-to in pointing back to the list, so it defaults to the from field. So I figure it's the sending list server. MailScanner's list does it right, BTY ... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 1 23:20:48 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:12 2006 Subject: procedures for getting stuff out of the quarantine on older MS version Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >>It does indeed have this feature. You can release just the file, the >>message, or both, to the intended recipient, or you can release > > it/them > >>to other recipients and/or both . There is no disadvantage to using >>MailWatch, other than the fact that it uses MySQL, and can result in a >>rather large db depending on your mail traffic. But there are tools >>(scripts) to help manage this. If you machine is pretty beefy, then >>this might not be to much of a concern. > > > Scripts to help manage - I will start needing to use these for my > mailwatch. What are the scripts? I search the archive for them and I > either did not do good enough searches or its not there. > Have a look at the wiki and MAQ http://wiki.mailscanner.info/doku.php?id=maq:index&s=clean#misc._questions ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 2 09:51:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the July edition of MailScanner, version 4.43. The major feature this month is the addition of the "Generic Spam Scanner". This gives you the ability to run any other spam detection software in addition to, or instead of, SpamAssassin. You don't need to know any Perl to get it working as an example calling an external program is provided. Your own spam scanner takes a few details of the message, as well as the message itself, and prints out its report along with the message's spam score. MailScanner does everything else for you. If people write plugins for other anti-spam tools, I would very much like to publish them on the MailScanner web site. You can download it all as usual from www.mailscanner.info. The full Change Log : * New Features and Improvements * - Added "Custom Spam Scanner" so that you can very easily plug in your own spam scanner, for example dspam. See MailScanner.conf and .../MailScanner/CustomFunctions/GenericSpamScanner.pm for more details. - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well as the command-line Sophos scanner. - "\n" can be used to insert line breaks in just about any configuration setting or languages.conf string. - Optimised scanning of messages when spam/mcp archive is not kept clean. - Updated Clam+SpamAssassin package for SpamAssassin 3.0.4. * Fixes * - Fixed bug in upgrade_MailScanner_conf so that it puts in the new value of "MailScanner Version Number" rather than copying it over from the old one, and it now gets all the comments right around this option when the "--keep-comments" command-line switch is used. - Syslogging of files with allowed Sophos errors should now be correct. - Fixed missing syslog entry for MCP actions taken on a non-delivered message. - Fixed bug where infection could be reported for wrong message ID as well as correct message ID. - Modified panda-wrapper to process entire batch in one call instead of per message. - If message parsing failed, the pipe might not exist and this wasn't caught. - Improved fault auto-detection and auto-correcting of Postfix formatting problems. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sat Jul 2 12:05:15 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: Hi! > I have just released the July edition of MailScanner, version 4.43. Seems to run just fine, also with SpamAssassin 3.1-pre3. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 2 13:07:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >> I have just released the July edition of MailScanner, version 4.43. > > > Seems to run just fine, also with SpamAssassin 3.1-pre3. > Thanks for confirming that, I was betting that you would give it a try this afternoon. Good news about SpamAssassin 3.1 compatibility. My ADSL is out of service and won't be back for up to 6 days. That's the customer (dis)service I get from BT. No use switching to another ADSL provider as they all use BT local loop, which is where the problem is. Analogue phone line still works though, so I'm currently getting 40k on a modem. Enough for email and ssh though. And as BT don't know about the number I use for dialup, I get an hour online for 5p at weekends :-) BT have to publish their list of known internet dialup numbers, so I can check what of my dialup numbers are on the list and what aren't. So they think I'm talking to a person instead of you folks, so I get their cheap advertised offers. I just have to hangup and redial once an hour. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 2 13:28:33 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Has anyone tried using the Custom Spam Scanner plugin facility I wrote > for you the other day? > > I would be interested to hear if people think it is sufficient, or > whether it really needs additional functionality. Hi Julian, This one change was required.. though i am not too sure if i am doing the right thing.. [root@mxinfinite MailScanner]# diff -u Message.pm.orig Message.pm --- Message.pm.orig 2005-07-02 17:49:04.091516600 +0530 +++ Message.pm 2005-07-02 17:49:27.060024856 +0530 @@ -444,7 +444,7 @@ # Do the Custom Spam Checker my($gsscore, $gsreport); if (MailScanner::Config::Value('gsscanner', $this)) { - ($gsscore, $gsreport) = MailScanner::GenericSpam::Checks($this); + ($gsscore, $gsreport) = MailScanner::CustomConfig::GenericSpamScanner($this); $this->{gshits} = $gsscore; } btw, this is MS version 4.43.7 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 2 14:07:17 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you sure? The idea is that the MailScanner::GenericSpam module builds the timeout wrapper around the GenericSpamScanner code. What actual symptoms are you seeing? Dhawal Doshy wrote: > Julian Field wrote: > >> Has anyone tried using the Custom Spam Scanner plugin facility I >> wrote for you the other day? >> >> I would be interested to hear if people think it is sufficient, or >> whether it really needs additional functionality. > > > Hi Julian, > > This one change was required.. though i am not too sure if i am doing > the right thing.. > > [root@mxinfinite MailScanner]# diff -u Message.pm.orig Message.pm > --- Message.pm.orig 2005-07-02 17:49:04.091516600 +0530 > +++ Message.pm 2005-07-02 17:49:27.060024856 +0530 > @@ -444,7 +444,7 @@ > # Do the Custom Spam Checker > my($gsscore, $gsreport); > if (MailScanner::Config::Value('gsscanner', $this)) { > - ($gsscore, $gsreport) = MailScanner::GenericSpam::Checks($this); > + ($gsscore, $gsreport) = > MailScanner::CustomConfig::GenericSpamScanner($this); > $this->{gshits} = $gsscore; > } > > btw, this is MS version 4.43.7 > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 2 15:17:57 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Are you sure? > > The idea is that the MailScanner::GenericSpam module builds the timeout > wrapper around the GenericSpamScanner code. > > What actual symptoms are you seeing? > No.. i am not sure. I installed the bogofilter rpm to test out things and changed the following in /etc/MailScanner/MailScanner.conf Use Custom Spam Scanner = yes Debug = yes Also Replaced "/usr/local/bin/yourprogramhere" with "/usr/bin/bogofilter" and uncommented the rest of the code in CustomFunctions/GenericSpamScanner.pm I get the following error on invoking check_MailScanner Undefined subroutine &MailScanner::GenericSpam::Checks called at /usr/lib/MailScanner/MailScanner/Message.pm line 447. Any clues on where am i screwing up? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sat Jul 2 15:31:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Observations from the upgrade after running upgrade_MailScanner_conf: > Summary > ------- > Read 258 settings from old MailScanner.conf > Used 258 settings from old MailScanner.conf > Used 1 default settings from new MailScanner.conf.rpmnew It turns out that actually was the change of the version no. That's something of a "false alert". I suggest either adding something like "if only one default setting was used it's likely to be the version no" or handling it different, anyway. > If you ran this with a command like this > upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanne r.new > then you should do > diff MailScanner.conf.rpmnew MailScanner.new > and check for any differences in values you have not changed yourself. Shouldn't this be: diff MailScanner.conf MailScanner.new ? Apart from this it seems that the update script munged a lot of lines which didn't have a value, example: n8:/etc/MailScanner # diff MailScanner.conf MailScanner.new 105c105 < Run As User = --- > Run As User = 110c110 < Run As Group = --- > Run As Group = 197,198c197,198 < Incoming Work User = < Incoming Work Group = --- > Incoming Work User = > Incoming Work Group = 556c556 and so on. This makes it harder to detect the actual differences. I think there may be a difference in the linebreaks, although there shouldn't be one. I edit MailScanner.conf on Windows, but my editor is configured to use Unix lineends. And I transfer it via scp and no lineend translation occurs. So, there shouldn't be a difference unless the update adds/removes whitespace. Anyway, man diff tells me I can use -w to ignore whitespace and, indeed, it shrinks the output down to the real changes. Maybe suggest "diff -w" in the help as a default? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sat Jul 2 15:31:30 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] concerning upgrade_languages_conf. It seems the (Suse) rpm just overwrites *any* existing files in the reports/xx/ directories. So, there's no chance of using upgrade_languages_conf. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 2 16:14:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Julian Field wrote: > >> Are you sure? >> >> The idea is that the MailScanner::GenericSpam module builds the >> timeout wrapper around the GenericSpamScanner code. >> >> What actual symptoms are you seeing? >> > > No.. i am not sure. > > I installed the bogofilter rpm to test out things and changed the > following in /etc/MailScanner/MailScanner.conf > Use Custom Spam Scanner = yes > Debug = yes > > Also Replaced "/usr/local/bin/yourprogramhere" with > "/usr/bin/bogofilter" and uncommented the rest of the code in > CustomFunctions/GenericSpamScanner.pm > > I get the following error on invoking check_MailScanner > Undefined subroutine &MailScanner::GenericSpam::Checks called at > /usr/lib/MailScanner/MailScanner/Message.pm line 447. > > Any clues on where am i screwing up? My fault. You need to add use MailScanner::GenericSpam; near the top of /usr/sbin/MailScanner. Or else just download 4.43.8. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 2 17:00:28 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > Or else just download 4.43.8. > 4.43.8 working fine so far, though on a test machine.. BTW, here's another way to use bogofilter within SA. http://freshmeat.net/projects/sa-bogofilter/?branch_id=59042&release_id=200303 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sat Jul 2 17:16:28 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dhawal Doshy wrote: > Julian Field wrote: > >> >> Or else just download 4.43.8. >> > > 4.43.8 working fine so far, though on a test machine.. > > BTW, here's another way to use bogofilter within SA. > http://freshmeat.net/projects/sa-bogofilter/?branch_id=59042&release_id=200303 > > That is what I am evaluating right now. However I am not so sure how the auto-training process works here. how does the auto.training work for the customSpamScanner? Does it run after the spamassassin checks? could it then learn something as spam automatically? - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD4DBQFCxr3cPMoaMn4kKR4RArw0AJdwdUsqYs/bIXMnOLbGXgMK1BwjAJwJK/yh T5L5jV07DNWcUSPOGhz42g== =nSDc -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Sat Jul 2 17:09:11 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:12 2006 Subject: Bitdefender Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does anyone have the link handy for the command line version of bit defender that is supported in Mailscanner.. As when you got to there site they have the free version the linux version and the linux mail server version as well ??? This is what I got from Bitdefender support..but the paths do not look right for what is in mailscanner.conf.. Please download and use the BitDefender scanning utility from our > BitDefender > for mailserver product. > You can download it from: > ftp.bitdefender.com/pub/linux/mailserver/smtp/final/en > After you've install it, you can find bdc in the /opt/BitDefender/lib > directory. > In order to update, you can run the command /opt/BitDefender/bin/bd > update ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at blacknight.ie Sat Jul 2 17:38:03 2005 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:30:12 2006 Subject: Bitdefender Message-ID: Philip The one on their site is the one you want (unless something changed recently) Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Quality Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9183072 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sat Jul 2 19:40:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Sat, 2 Jul 2005 16:14:13 +0100: > My fault. You need to add > use MailScanner::GenericSpam; > near the top of /usr/sbin/MailScanner. Works now, I mean MailScanner works like normal now. Without that MS was still working but not Mailwatchlogging anymore. Just checking with your GenericSpamScanner.pm. How do I know that it works? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 2 19:46:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: Custom Spam Scanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >Julian Field wrote on Sat, 2 Jul 2005 16:14:13 +0100: > > > >>My fault. You need to add >> use MailScanner::GenericSpam; >>near the top of /usr/sbin/MailScanner. >> >> > >Works now, I mean MailScanner works like normal now. Without that MS was >still working but not Mailwatchlogging anymore. Just checking with your >GenericSpamScanner.pm. How do I know that it works? > > > I put a bit of debug code in it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Jul 2 23:55:55 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: > Apart from this it seems that the update script munged a lot of lines which didn't have > a value, example: > > > n8:/etc/MailScanner # diff MailScanner.conf MailScanner.new > 105c105 > < Run As User = > --- > >>Run As User = I have the same problem and I can assure you my files have never been near a Windows computer. ;-) -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Sun Jul 3 11:46:40 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:12 2006 Subject: learning spam Message-ID: Hi Im running SMGateway and wondering about the usefulness of the learning feature. If I open up the message list I can select one message and if it is marked as spam already I can select “SA Learn” and mark the spam message “as spam” (but it already is?) and as “HAM”. What’s the idea of the learning feature? Will I actually benefit from marking messages already marked as spam, as spam? More relevant – how can I mark “clean” messages as spam? Did I make sense? *LOL* Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "image001.gif" Image/GIF 732bytes. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Sun Jul 3 14:50:40 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:12 2006 Subject: Bitdefender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Parsons wrote: > Does anyone have the link handy for the command line version of bit defender > that is supported in Mailscanner.. As when you got to there site they have > the free version the linux version and the linux mail server version as well > ??? > > This is what I got from Bitdefender support..but the paths do not look right > for what is in mailscanner.conf.. > > Please download and use the BitDefender scanning utility from our > >>BitDefender >>for mailserver product. >>You can download it from: >>ftp.bitdefender.com/pub/linux/mailserver/smtp/final/en >>After you've install it, you can find bdc in the /opt/BitDefender/lib >>directory. >>In order to update, you can run the command /opt/BitDefender/bin/bd >>update > > http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sun Jul 3 15:31:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:12 2006 Subject: learning spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan Agermose wrote on Sun, 3 Jul 2005 05:46:40 -0500: > More relevant - how can I mark "clean" > messages as spam? You mean ham? You have to quarantine *all* messages, then you can learn *all* messages as ham or spam. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Sun Jul 3 15:55:02 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:12 2006 Subject: SV: learning spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] But if I where to quarantine all mail no mail would be delivered until i release the mail? That's not really an option then? Mvh Jan ________________________________ Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Kai Schaetzl Sendt: 3. juli 2005 16:31 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: Re: learning spam Jan Agermose wrote on Sun, 3 Jul 2005 05:46:40 -0500: > More relevant - how can I mark "clean" > messages as spam? You mean ham? You have to quarantine *all* messages, then you can learn *all* messages as ham or spam. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sun Jul 3 17:31:27 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:12 2006 Subject: SV: learning spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan Agermose wrote: > But if I where to quarantine all mail no mail would be delivered until i release the mail? That's not really an option then? > > No, you can store _and_ deliver. Please avoid top-posting... Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jul 4 00:42:42 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:12 2006 Subject: SV: learning spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You have to have a copy of the clean mail to mark it in your bayes DB as ham/spam. To make sure you have the emails to do this with you could to quarantine all mail. Or maybe use archiving to grab mail from one or two users, or use the Non Spam Actions: deliver store (or forward to local) or something. Jan Agermose wrote: > But if I where to quarantine all mail no mail would be delivered until i release the mail? That's not really an option then? > > > Mvh > Jan > > ________________________________ > > Jan Agermose > CEO Conviator Tel. +45 35 266 460 > Human Resource profile > > > > > > > > -----Oprindelig meddelelse----- > Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Kai Schaetzl > Sendt: 3. juli 2005 16:31 > Til: MAILSCANNER@JISCMAIL.AC.UK > Emne: Re: learning spam > > Jan Agermose wrote on Sun, 3 Jul 2005 05:46:40 -0500: > > >>More relevant - how can I mark "clean" >>messages as spam? > > > You mean ham? You have to quarantine *all* messages, then you can learn > *all* messages as ham or spam. > > Kai > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Jul 3 20:38:56 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:12 2006 Subject: Bitdefender Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7/3/05, Ugo Bellavance wrote: > Philip Parsons wrote: > > Does anyone have the link handy for the command line version of bit defender > > that is supported in Mailscanner.. As when you got to there site they have > > the free version the linux version and the linux mail server version as well > > ??? > > > > This is what I got from Bitdefender support..but the paths do not look right > > for what is in mailscanner.conf.. > > > > Please download and use the BitDefender scanning utility from our > > > >>BitDefender > >>for mailserver product. > >>You can download it from: > >>ftp.bitdefender.com/pub/linux/mailserver/smtp/final/en > >>After you've install it, you can find bdc in the /opt/BitDefender/lib > >>directory. > >>In order to update, you can run the command /opt/BitDefender/bin/bd > >>update > > > > > > http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html > The instructions in the wiki should be clear enough... I use another link, but get to the same page as Ugo above. Look at http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install and tell me if you run into any problems .... or find it just a bit obtuse or so:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Jul 3 20:31:42 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:12 2006 Subject: Debian-Postfix install guide Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7/1/05, Ugo Bellavance wrote: > Glenn Steen wrote: > > On 6/30/05, Ugo Bellavance wrote: > > > >>Julian Field wrote: > >> > >>>How is the wiki on these subjects? > >> > >>There isn't much distro-specific material in the wiki. Once this debian > >>guide is crystal, I'll put it on the wiki and create a distro-specific > >>section. I may eventually have time to create a FreeBSD manual as well, > >>but I don't have any machine that is under my control that runs FreeBSD. > >> For the rest, Mandrake, Gentoo, SUSE, Slackware, SUN & others, the > >>debian relies on the contribution of people... > >> > > > > (snip)> -- > > > >>Ugo > > > > Should the wiki become more distro-specific? I don't know, but I've > > tried to be very general in what I've written so far.... Keep any > > nitgritty details in a "notes" section or so... After all, everything > > about anything from MTA to MailScanner to AVs etc etc are pretty much > > the same on any *nix system. Some things need special mention, or a > > specific section, but do we really want 32 different "How to install > > MS on ? > > > > I agree. Debian isn't a lot different from RH. apt/aptitude instead of > yum/up2date. The packages are there. The rest are just 'things you > have to be used to when using distro X'. > .... Then again, we have the soft gushy feeling one gets when ones own favorite OS is mentioned somewhere .... I'm a fool for Mandriva/Mandrake myself....:-). But I think "keep it simple" would be the best guiding rule for this type of thing. -- -- Glenn (still drunk, vacationing and definitely sore all over after going to some action park water slides with the kids. Yikes) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From liste at CROYER.NET Mon Jul 4 08:17:42 2005 From: liste at CROYER.NET (Royer Christophe) Date: Thu Jan 12 21:30:12 2006 Subject: removing Headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everybody Is there a way to remove all X-zzz-MailScanner header, a customer with a particular mail system needs that because his system use some particular headers at end of header and MS header are confusing his system. Many Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 4 08:42:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: removing Headers Message-ID: I can't remember quite what orders I do it in, but try the "Remove These Headers" configuration setting. On 4 Jul 2005, at 08:17, Royer Christophe wrote: > Hi everybody > > Is there a way to remove all X-zzz-MailScanner header, a customer > with a particular mail system needs that because his system use > some particular headers at end of header and MS header are > confusing his system. > > Many Thanks > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jul 4 08:54:28 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:12 2006 Subject: removing Headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Confusing his system? If you have the details of his issue maybe post them and the folks on the list may be able to assist? Remove the content part of the header value in MailScanner.conf For Eg Information Header = Royer Christophe wrote: > Hi everybody > > Is there a way to remove all X-zzz-MailScanner header, a customer with a > particular mail system needs that because his system use some particular > headers at end of header and MS header are confusing his system. > > Many Thanks > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 4 08:55:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: Julian depends if Bulldog or Easynet and LLU-ed you local exchange then you won't be relying on BT to sort out the issues. Another thing to think about if that for 'business class' aDSL you can get a enhanced care package where the fix time drops from 7 to 1 days. Dunno if they offer that on consumer lines... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Julian Field wrote: > Raymond Dijkxhoorn wrote: > >> Hi! >> >>> I have just released the July edition of MailScanner, version 4.43. >> >> >> >> Seems to run just fine, also with SpamAssassin 3.1-pre3. >> > Thanks for confirming that, I was betting that you would give it a try > this afternoon. Good news about SpamAssassin 3.1 compatibility. > > My ADSL is out of service and won't be back for up to 6 days. That's the > customer (dis)service I get from BT. No use switching to another ADSL > provider as they all use BT local loop, which is where the problem is. > Analogue phone line still works though, so I'm currently getting 40k on > a modem. Enough for email and ssh though. > > And as BT don't know about the number I use for dialup, I get an hour > online for 5p at weekends :-) > BT have to publish their list of known internet dialup numbers, so I can > check what of my dialup numbers are on the list and what aren't. So they > think I'm talking to a person instead of you folks, so I get their cheap > advertised offers. I just have to hangup and redial once an hour. > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 4 09:00:44 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:12 2006 Subject: removing Headers Message-ID: Royer Christophe wrote: > Hi everybody > > Is there a way to remove all X-zzz-MailScanner header, a customer with a > particular mail system needs that because his system use some particular > headers at end of header and MS header are confusing his system. > > Many Thanks > Royer Make sure that there are no invalid characters inthe zzz bit of the header. Things like . , and others can confuse things like Novell's mailer as they are not valid header characters. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From liste at CROYER.NET Mon Jul 4 09:19:52 2005 From: liste at CROYER.NET (Royer Christophe) Date: Thu Jan 12 21:30:12 2006 Subject: removing Headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The configuration setting from Julian fixed my problem in incoming and outgoing mails Many thanks Julian Regards Christophe Julian Field a écrit : > I can't remember quite what orders I do it in, but try the "Remove > These Headers" configuration setting. > > On 4 Jul 2005, at 08:17, Royer Christophe wrote: > >> Hi everybody >> >> Is there a way to remove all X-zzz-MailScanner header, a customer >> with a particular mail system needs that because his system use some >> particular headers at end of header and MS header are confusing his >> system. >> >> Many Thanks >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Mon Jul 4 09:30:56 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:30:12 2006 Subject: MailScanner ANNOUNCE: Stable 4.43.7 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth >Sent: 04 July 2005 08:56 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MailScanner ANNOUNCE: Stable 4.43.7 released > >Another thing to think about if that for 'business class' aDSL you can >get a enhanced care package where the fix time drops from 7 to 1 days. >Dunno if they offer that on consumer lines... We have our Head Office 2Mbit broadband on BT's care package - it's £100/month (yikesd!!) for a 2Mbit line and in the last year we have had only one outage caused by their cock-up in upgrading the service from 512K to 2Mbit - the outage was 5 days as the buck passing went on. During this time we were technically not on a 512K nor a 2Mbit contract and so 'all bets were off' for the ehnanced care package and we got diddly squat in the way of compensation or a speedier fix - BT also managed to cut the BB phone line for a whole day and once they restored this they then cut off all the phones to the building for a further day. Sods law says if we drop the enhanced package something bad will happen to our service and we'll need it, but so far it's not really proved its worth for us. Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Mon Jul 4 10:06:03 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:12 2006 Subject: SpamAssassin timeouts Message-ID: Hi, > Since approximately a week, I've been having timeouts with SpamAssassin on any databases I check. > I never experienced such problems before, but I know others have... The blocklists are generally DNS based, and queried via a DNS query. Check to see your DNS setup is fully functioning, and also that your firewall permits dns packets larger than 512 bytes. Cheers Chris ___________________________________________________________________ The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ___________________________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evanderleun at HAL9000.NL Mon Jul 4 10:12:41 2005 From: evanderleun at HAL9000.NL (Erik van der Leun) Date: Thu Jan 12 21:30:12 2006 Subject: SpamAssassin timeouts Message-ID: This is all I do in iptables, on ports UDP/53 and TCP/53... (in a DROP all policy) But I don't believe I changed anything regarding this lately... :) iptables -A INPUT -i $iface -p udp --sport 53 -d $ip --dport $unpriv -j ACCEPT iptables -A OUTPUT -o $iface -p udp -s $ip --sport $unpriv --dport 53 -j ACCEPT iptables -A INPUT -i $iface -p tcp ! --syn --sport 53 -d $ip --dport $unpriv -j ACCEPT iptables -A OUTPUT -o $iface -p tcp -s $ip --sport $unpriv --dport 53 -j ACCEPT On Mon, 4 Jul 2005, Chris Russell wrote: > Hi, > >> Since approximately a week, I've been having timeouts with > SpamAssassin on any databases I check. >> I never experienced such problems before, but I know others have... > > The blocklists are generally DNS based, and queried via a DNS query. > Check to see your DNS setup is fully functioning, and also that your > firewall permits dns packets larger than 512 bytes. > > Cheers > > Chris > > > > > > ___________________________________________________________________ > > The contents of this e-mail may be privileged and are confidential. > It may not be disclosed to or used by anyone other than the > addressee(s), nor copied in any way. Any views or opinions > presented are solely those of the author and do not necessarily > represent those of Knowledge Limited. > > If received in error, please advise the sender, then delete it from > your system. > ___________________________________________________________________ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evanderleun at HAL9000.NL Mon Jul 4 09:50:21 2005 From: evanderleun at HAL9000.NL (Erik van der Leun) Date: Thu Jan 12 21:30:12 2006 Subject: SpamAssassin timeouts Message-ID: Hi, I'm sure this question has been raised earlier, my apologies for reposting... Since approximately a week, I've been having timeouts with SpamAssassin on any databases I check. I never experienced such problems before, but I know others have... I had only ORDB-RBL configured in MailScanner, and just for testing I replaced with the spamhaus.org spamhaus-XBL, since it was useful to try them out anyway. I've changed the timeout setting from 40 to 60 seconds, but it hardly helps... What exactly does happen during such a check? What kind of traffic is generated to such a blocklist server? I know for a start that my machine has had a bit more load lately, and that seems to relate to the problem... but it's seldom higher than 2.00 and I do not feel that could be the full cause of it all... Can anybody enlighten me in how to think through the process of checking these online services? What exactly are logical bottlenecks in the process? ( My apologies for the long mail for such a short question :^> ) Kind regards, Erik van der Leun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evanderleun at HAL9000.NL Mon Jul 4 10:39:12 2005 From: evanderleun at HAL9000.NL (Erik van der Leun) Date: Thu Jan 12 21:30:12 2006 Subject: SpamAssassin timeouts Message-ID: Anyway, thanks... I solved it by turning of the SA functionality to check these lists in /etc/MailScanner/spamassassin.prefs.conf... MailScanner already does the same... This is a tip I got from He who shall not be named :> I have a disgusting tool in use to check my spamscanning... which spammed me with 30 spammails instantly... they were all filtered again without a single hiccup or timeout problem... :) Thanks :) On Mon, 4 Jul 2005, Chris Russell wrote: > Hi, > >> Since approximately a week, I've been having timeouts with > SpamAssassin on any databases I check. >> I never experienced such problems before, but I know others have... > > The blocklists are generally DNS based, and queried via a DNS query. > Check to see your DNS setup is fully functioning, and also that your > firewall permits dns packets larger than 512 bytes. > > Cheers > > Chris > > > > > > ___________________________________________________________________ > > The contents of this e-mail may be privileged and are confidential. > It may not be disclosed to or used by anyone other than the > addressee(s), nor copied in any way. Any views or opinions > presented are solely those of the author and do not necessarily > represent those of Knowledge Limited. > > If received in error, please advise the sender, then delete it from > your system. > ___________________________________________________________________ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Jul 4 11:12:02 2005 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:30:12 2006 Subject: upgrade question: etc or opt? Message-ID: Hi everyone, here are my semi-annual dumb questions. Sorry, I am not a linux expert... I have been running MS first on RedHat then on SuSE for a few years now, using tarball installations. MailScanner wasinstalling in /opt and I was using scripts to start/stop MS from /opt/MailScanner/bin (and /etc/init.d/sendmail for the MTA). Last week, I upgraded one SuSE box with the new SuSE-specific tarball which install the lot in /etc/MailScanner. It's all neat, but the suggested startup script starts both MailScanner and Sendmail. I would feel better starting the two applications separately to give me more flexibility. For example, to apply a change rapidly to MailScanner, I woulds like to restart it, but not restart Sendmail. 1. Is there an advantage having MailScanner in /etc as opposed to /opt? 2. Should I bother splitting up the /etc/inti.d/MailScanner startup file to get separate MailScanner and Sendmail startup files? or someone has done it and would be happy to share them with me? I am sorry if this was discussed before. I have checked the MAQ and FAQ this morning and cannot find anyting. Well done again Julian, and to all on this very active support group. Sylvain =========================================================== Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 4 11:47:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: upgrade question: etc or opt? Message-ID: On 4 Jul 2005, at 11:12, Sylvain Phaneuf wrote: > Hi everyone, > > here are my semi-annual dumb questions. Sorry, I am not a linux > expert... > > I have been running MS first on RedHat then on SuSE for a few years > now, using tarball installations. MailScanner wasinstalling in /opt > and I was using scripts to start/stop MS from /opt/MailScanner/bin > (and /etc/init.d/sendmail for the MTA). Last week, I upgraded one > SuSE box with the new SuSE-specific tarball which install the lot > in /etc/MailScanner. It's all neat, but the suggested startup > script starts both MailScanner and Sendmail. I would feel better > starting the two applications separately to give me more > flexibility. For example, to apply a change rapidly to MailScanner, > I woulds like to restart it, but not restart Sendmail. service MailScanner reload does what you want. > 1. Is there an advantage having MailScanner in /etc as opposed to / > opt? It doesn't install it all in /etc, only the customisable files and configuration files. MailScanner itself is installed in /usr/sbin and /usr/lib/MailScanner. These fit in with the standard filesystem layouts used by applications, and mean that you don't have to mess with root's path or anything like that. You also won't have to write your own init.d script! > 2. Should I bother splitting up the /etc/inti.d/MailScanner startup > file to get separate MailScanner and Sendmail startup files? or > someone has done it and would be happy to share them with me? There is already a split in there. Run the init.d script without a parameter and it will list the options available, just like any other init.d script. > I am sorry if this was discussed before. I have checked the MAQ and > FAQ this morning and cannot find anyting. > > Well done again Julian, and to all on this very active support group. No problem. By not using the appropriate distribution for your system, you are making life very hard for yourself. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Jul 4 12:42:06 2005 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:30:12 2006 Subject: upgrade question: etc or opt? Message-ID: Great Julian. Thanks. >>> MailScanner@ECS.SOTON.AC.UK 04/07/2005 11:47:55 >>> On 4 Jul 2005, at 11:12, Sylvain Phaneuf wrote: ... >> For example, to apply a change rapidly to MailScanner, >> I woulds like to restart it, but not restart Sendmail. > >service MailScanner reload >does what you want. What if I want to keep MailScanner off for a few minutes but keep Sendmail running? I would like to avoid breaking the flow of delivery from our ISP, otherwise they will wait 15-20 minutes before retrying. Sylvain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 4 13:32:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: upgrade question: etc or opt? Message-ID: On 4 Jul 2005, at 12:42, Sylvain Phaneuf wrote: > Great Julian. Thanks. > > >>>> MailScanner@ECS.SOTON.AC.UK 04/07/2005 11:47:55 >>> >>>> > On 4 Jul 2005, at 11:12, Sylvain Phaneuf wrote: > > ... > >>> For example, to apply a change rapidly to MailScanner, >>> I woulds like to restart it, but not restart Sendmail. >>> >> >> service MailScanner reload >> does what you want. >> > > What if I want to keep MailScanner off for a few minutes but keep > Sendmail running? I would like to avoid breaking the flow of > delivery from our ISP, otherwise they will wait 15-20 minutes > before retrying. Ignore previous complicated explanation. Just do cat /var/run/MailScanner.pid and kill the number in that file. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 4 13:31:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: upgrade question: etc or opt? Message-ID: On 4 Jul 2005, at 12:42, Sylvain Phaneuf wrote: > Great Julian. Thanks. > > >>>> MailScanner@ECS.SOTON.AC.UK 04/07/2005 11:47:55 >>> >>>> > On 4 Jul 2005, at 11:12, Sylvain Phaneuf wrote: > > ... > >>> For example, to apply a change rapidly to MailScanner, >>> I woulds like to restart it, but not restart Sendmail. >>> >> >> service MailScanner reload >> does what you want. >> > > What if I want to keep MailScanner off for a few minutes but keep > Sendmail running? I would like to avoid breaking the flow of > delivery from our ISP, otherwise they will wait 15-20 minutes > before retrying. All the MailScanner processes belong to the same process group. If you find the MailScanner process whose parent in process 1 (init), and kill that one (with "kill" and not "kill -9" please) it will kill all the child processes for you as well. Just do a "ps ax | grep MailScanner" and you'll see it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Albrecht.Lotter at LEXISNEXIS.DE Mon Jul 4 13:38:59 2005 From: Albrecht.Lotter at LEXISNEXIS.DE (Lotter, Albrecht (LNG-MUE)) Date: Thu Jan 12 21:30:12 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: Julian, List, we're using MailScanner on our SMTP gateway (<500 users) quite successfully for a wihle now. But since SophosSAVI 3.93 we cannot get it running anymore. Even with MailScanner 4.43.8 we always get the error messages: Jul 4 14:02:02 hamx1 MailScanner[18118]: Viruses marked as silent: SophosSAVI: msg-18118-21.txt caused an error: Sweep could not proceed, the file was corrupted (538), SophosSAVI: msg-18118-22.txt caused an error: Sweep could not proceed, the file was corrupted (538) So, we keep SophosSAVI 3.92 running. Is there any way of fixing these problems? Thanks Albrecht P.S. Hardware HP DL380 dual Xeon 2.8, 2GB memory, RAID 5 on U320 disks Software RedHat AS3 Enterprise, SpamAssassin version 3.0.3 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 4 14:03:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:12 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: Try reinstalling Sophos using the latest version. I am successfully running 3.95 with MailScanner on a new Linux box. On 4 Jul 2005, at 13:38, Lotter, Albrecht (LNG-MUE) wrote: > Julian, List, > > we're using MailScanner on our SMTP gateway (<500 users) quite > successfully > for a wihle now. But since > SophosSAVI 3.93 we cannot get it running anymore. Even with > MailScanner > 4.43.8 we always get the error messages: > > Jul 4 14:02:02 hamx1 MailScanner[18118]: Viruses marked as silent: > SophosSAVI: msg-18118-21.txt caused an error: Sweep could not > proceed, the > file was corrupted (538), SophosSAVI: msg-18118-22.txt caused an > error: > Sweep could not proceed, the file was corrupted (538) > > So, we keep SophosSAVI 3.92 running. Is there any way of fixing these > problems? > > Thanks > Albrecht > > P.S. Hardware HP DL380 dual Xeon 2.8, 2GB memory, RAID 5 on U320 disks > Software RedHat AS3 Enterprise, SpamAssassin version 3.0.3 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Jul 4 13:59:23 2005 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:30:12 2006 Subject: upgrade question: etc or opt? Message-ID: Thanks Julian! Sylvain >>> MailScanner@ECS.SOTON.AC.UK 04/07/2005 13:32:38 >>> On 4 Jul 2005, at 12:42, Sylvain Phaneuf wrote: > Great Julian. Thanks. > > >>>> MailScanner@ECS.SOTON.AC.UK 04/07/2005 11:47:55 >>> >>>> > On 4 Jul 2005, at 11:12, Sylvain Phaneuf wrote: > > ... > >>> For example, to apply a change rapidly to MailScanner, >>> I woulds like to restart it, but not restart Sendmail. >>> >> >> service MailScanner reload >> does what you want. >> > > What if I want to keep MailScanner off for a few minutes but keep > Sendmail running? I would like to avoid breaking the flow of > delivery from our ISP, otherwise they will wait 15-20 minutes > before retrying. Ignore previous complicated explanation. Just do cat /var/run/MailScanner.pid and kill the number in that file. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 4 13:57:07 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:12 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lotter, Albrecht (LNG-MUE) wrote: > Julian, List, > > we're using MailScanner on our SMTP gateway (<500 users) quite successfully > for a wihle now. But since > SophosSAVI 3.93 we cannot get it running anymore. Even with MailScanner > 4.43.8 we always get the error messages: > > Jul 4 14:02:02 hamx1 MailScanner[18118]: Viruses marked as silent: > SophosSAVI: msg-18118-21.txt caused an error: Sweep could not proceed, the > file was corrupted (538), SophosSAVI: msg-18118-22.txt caused an error: > Sweep could not proceed, the file was corrupted (538) > > So, we keep SophosSAVI 3.92 running. Is there any way of fixing these > problems? Have you tried the fix about Sophos error messages? It has been discussed recently. Regards, > > Thanks > Albrecht > > P.S. Hardware HP DL380 dual Xeon 2.8, 2GB memory, RAID 5 on U320 disks > Software RedHat AS3 Enterprise, SpamAssassin version 3.0.3 > BTW, you should upgrade SA to 3.0.4, DOS vul in 3.0.3. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 4 14:12:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:12 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: Julian Field wrote: > Try reinstalling Sophos using the latest version. I am successfully > running 3.95 with MailScanner on a new Linux box. > > On 4 Jul 2005, at 13:38, Lotter, Albrecht (LNG-MUE) wrote: > >> Julian, List, >> >> we're using MailScanner on our SMTP gateway (<500 users) quite >> successfully >> for a wihle now. But since >> SophosSAVI 3.93 we cannot get it running anymore. Even with MailScanner >> 4.43.8 we always get the error messages: >> >> Jul 4 14:02:02 hamx1 MailScanner[18118]: Viruses marked as silent: >> SophosSAVI: msg-18118-21.txt caused an error: Sweep could not >> proceed, the >> file was corrupted (538), SophosSAVI: msg-18118-22.txt caused an error: >> Sweep could not proceed, the file was corrupted (538) >> >> So, we keep SophosSAVI 3.92 running. Is there any way of fixing these >> problems? >> >> Thanks >> Albrecht >> > Hmm wasn't there a problem with 3.93.0 on Linux that gave this error??? should have been fixed for 3.93.1 and later though. -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sylvain.phaneuf at IMSU.OXFORD.AC.UK Mon Jul 4 14:14:39 2005 From: sylvain.phaneuf at IMSU.OXFORD.AC.UK (Sylvain Phaneuf) Date: Thu Jan 12 21:30:12 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: FWIW: we are running 3.93 with MS 4.37.7 on one box and 3.94 with MS 4.42.9 on another box. no issues with either. Sylvain >>> MailScanner@ECS.SOTON.AC.UK 04/07/2005 14:03:50 >>> Try reinstalling Sophos using the latest version. I am successfully running 3.95 with MailScanner on a new Linux box. On 4 Jul 2005, at 13:38, Lotter, Albrecht (LNG-MUE) wrote: > Julian, List, > > we're using MailScanner on our SMTP gateway (<500 users) quite > successfully > for a wihle now. But since > SophosSAVI 3.93 we cannot get it running anymore. Even with > MailScanner > 4.43.8 we always get the error messages: > > Jul 4 14:02:02 hamx1 MailScanner[18118]: Viruses marked as silent: > SophosSAVI: msg-18118-21.txt caused an error: Sweep could not > proceed, the > file was corrupted (538), SophosSAVI: msg-18118-22.txt caused an > error: > Sweep could not proceed, the file was corrupted (538) > > So, we keep SophosSAVI 3.92 running. Is there any way of fixing these > problems? > > Thanks > Albrecht > > P.S. Hardware HP DL380 dual Xeon 2.8, 2GB memory, RAID 5 on U320 disks > Software RedHat AS3 Enterprise, SpamAssassin version 3.0.3 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Albrecht.Lotter at LEXISNEXIS.DE Mon Jul 4 14:20:06 2005 From: Albrecht.Lotter at LEXISNEXIS.DE (Lotter, Albrecht (LNG-MUE)) Date: Thu Jan 12 21:30:12 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: the same error was with 3.93 and 3.94 on our system. After Julians posting I tried to install 3.95 and ... success! thanks everyone! Albrecht -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Monday, July 04, 2005 3:12 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: recent MailScanner + SAVI > 3.92 Julian Field wrote: > Try reinstalling Sophos using the latest version. I am successfully > running 3.95 with MailScanner on a new Linux box. > > On 4 Jul 2005, at 13:38, Lotter, Albrecht (LNG-MUE) wrote: > >> Julian, List, >> >> we're using MailScanner on our SMTP gateway (<500 users) quite >> successfully for a wihle now. But since SophosSAVI 3.93 we cannot get >> it running anymore. Even with MailScanner >> 4.43.8 we always get the error messages: >> >> Jul 4 14:02:02 hamx1 MailScanner[18118]: Viruses marked as silent: >> SophosSAVI: msg-18118-21.txt caused an error: Sweep could not >> proceed, the file was corrupted (538), SophosSAVI: msg-18118-22.txt >> caused an error: >> Sweep could not proceed, the file was corrupted (538) >> >> So, we keep SophosSAVI 3.92 running. Is there any way of fixing these >> problems? >> >> Thanks >> Albrecht >> > Hmm wasn't there a problem with 3.93.0 on Linux that gave this error??? should have been fixed for 3.93.1 and later though. -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gflamerich at MODULOSEMPRESARIOS.NET Mon Jul 4 16:41:13 2005 From: gflamerich at MODULOSEMPRESARIOS.NET (Gustavo Flamerich) Date: Thu Jan 12 21:30:12 2006 Subject: Mailscanner seems not scanning forwarding mails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have problems with mailscannes because some emails that arrives to our box and are forwarded to another address seems to be infected and mailscanner doesn't stop them. Our mailscanner is config to scan every message for virus, so don't undersatand why a message received is not scanned even is not for a pop account, just an alias to forward to a address outside our box. Here is a record from our exim_mainlog were we notice the problem, some other ISP blocked us because they found the virus. 2005-07-04 06:10:52 1DpNtu-00014d-3I ** address1@#####.net R=lookuphost T=remote_smtp: SMTP error from remote mailer after end of data: host relay.#####.net [##.##.###.###]: 554 5.7.1 virus HTML.Phishing.Bank-1 detected by ClamAV - http://www.clamav.net root@delta [/var/log]# grep "1DpNtu-00014d-3I" exim_mainlog address1 is outside our box, address2 is a forwarding address, doesn't have a pop account. We are using mailscanner with clamav, the same antivirus that blocked the message at the ISP. Also looked at the virus database and found the HTML.Phishing.Bank-1 as virus, so we understand that clamav actually found on that email a visrus, not a phishing. We are running exim-4.44-0, mailscanner version 4.42.9, ClamAV 0.86.1 with clamavmodule on a Cpanel RH 9 server. Thanks -- Gustavo Flamerich MODULOS EMPRESARIOS Soluciones Profesionales de Alojamiento Web www.modulosempresarios.net email: gflamerich@modulosempresarios.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jul 4 19:03:57 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:12 2006 Subject: New Install Problem Message-ID: I recently installed a new MS box running CentOS 4.1 and installed the RPM MS dist. I also, for the first time, used the SA/Clam install, but something isn't working right. Jul 4 12:57:09 avenger MailScanner[11151]: MailScanner E-Mail Virus Scanner version 4.42.9 starting... Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI 3.95 (engine 2.30) recognizing 106709 viruses Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI using 79 IDE files Jul 4 12:57:12 avenger MailScanner[11151]: ClamAV Perl module not found, did you install it? I have tried reinstalling Mail::ClamAV via CPAN multiple times and get the following: Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 193 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 537. # Compilation failed in require at (eval 1) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install Appending installation info to /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Writing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/ClamAV/.pac klist /usr/bin/make install -j3 -- OK If I define clamavmodule in my MailScanner.conf, MS doesn't see my clavavmodule. So I have to use SophosSavi and clamav. Any ideas on where to look for the resolution? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkehler at WRHA.MB.CA Mon Jul 4 19:06:59 2005 From: mkehler at WRHA.MB.CA (Matt Kehler) Date: Thu Jan 12 21:30:12 2006 Subject: New Install Problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Had the exact problem on ES4, someone from this list posted to do the following, worked for me add /usr/local/lib to /etc/ld.so.conf and then run ldconfig Matt >>> mike@CAMAROSS.NET 7/4/2005 1:03 PM >>> I recently installed a new MS box running CentOS 4.1 and installed the RPM MS dist. I also, for the first time, used the SA/Clam install, but something isn't working right. Jul 4 12:57:09 avenger MailScanner[11151]: MailScanner E-Mail Virus Scanner version 4.42.9 starting... Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI 3.95 (engine 2.30) recognizing 106709 viruses Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI using 79 IDE files Jul 4 12:57:12 avenger MailScanner[11151]: ClamAV Perl module not found, did you install it? I have tried reinstalling Mail::ClamAV via CPAN multiple times and get the following: Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 193 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 537. # Compilation failed in require at (eval 1) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install Appending installation info to /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Writing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/ClamAV/.pac klist /usr/bin/make install -j3 -- OK If I define clamavmodule in my MailScanner.conf, MS doesn't see my clavavmodule. So I have to use SophosSavi and clamav. Any ideas on where to look for the resolution? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jul 4 19:13:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Problem Message-ID: That seems to have fixed it. After doing so, my SAVI started to fail. I also added /usr/local/Sophos/lib to my ld.so.conf and that fixed the prob. Thanks for the fast reply! Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kehler Sent: Monday, July 04, 2005 1:07 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New Install Problem Had the exact problem on ES4, someone from this list posted to do the following, worked for me add /usr/local/lib to /etc/ld.so.conf and then run ldconfig Matt >>> mike@CAMAROSS.NET 7/4/2005 1:03 PM >>> I recently installed a new MS box running CentOS 4.1 and installed the RPM MS dist. I also, for the first time, used the SA/Clam install, but something isn't working right. Jul 4 12:57:09 avenger MailScanner[11151]: MailScanner E-Mail Virus Scanner version 4.42.9 starting... Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI 3.95 (engine 2.30) recognizing 106709 viruses Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI using 79 IDE files Jul 4 12:57:12 avenger MailScanner[11151]: ClamAV Perl module not found, did you install it? I have tried reinstalling Mail::ClamAV via CPAN multiple times and get the following: Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 193 # BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 537. # Compilation failed in require at (eval 1) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 /usr/bin/make test -- NOT OK Running make install Appending installation info to /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Writing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/ClamAV/.pac klist /usr/bin/make install -j3 -- OK If I define clamavmodule in my MailScanner.conf, MS doesn't see my clavavmodule. So I have to use SophosSavi and clamav. Any ideas on where to look for the resolution? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jul 4 19:32:21 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] To all those Postfix users out there, I have been playing with policyd-weight http://robtone.mine.nu/postfix/ which has substantially reduced my Spam rates to MailScanner. Acting at SMTP stage it also saves overhead and bandwidth as well as allowing me to use such aggressive lists as SpamCop (Along with others) on the gateway (Which I would never recommend as a reject criteria on it's own. Too many FPs). Well worth a look as a supplement to MS. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at PDSCC.COM Mon Jul 4 20:01:19 2005 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Jan 12 21:30:13 2006 Subject: move from one os to another and live cloning Message-ID: Okay, we have a MS box running MDK 9.2 which we want to upgrade, however we are looking at going with one of the RHEL clones like CentOS instead of MDK because it offers a longer update cycle. To move the current config to the new box running CentOS, is this the basic procedure? 1) Setup and update CentOS box 2) install same version of MS, SA etc on new box 3) Copy /etc/MailScanner from old box to new box 4) Make sure MS works on new box 5) Upgrade MS, SA etc on new box to latest and greates 6) Tweak configuration on new box as necessary Anyone see any problems with this? Also was thinking of imaging the CentOS configuration to another similar machine as as backup, Anyone know of any software that will then keep both boxes in completely in sync, so that any changes made on the main system get automatically replicated to the secondary, in case the primary tanks? We don't need automated failover, just need to keep both boxes identical. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Mon Jul 4 20:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote on Mon, 4 Jul 2005 19:32:21 +0100: > Well worth a look as a supplement to MS. Not really. MS cannot check or rejct at MTA level. ONly the MTA can. There's a sendmail.cf hack for sendmail available for about ten years doing what http://robtone.mine.nu/postfix/ does, it just doesn't score, but that's not important in this case. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jul 4 20:46:09 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: Drew Marshall wrote on Mon, 4 Jul 2005 19:32:21 +0100: Well worth a look as a supplement to MS. Not really. MS cannot check or rejct at MTA level. ONly the MTA can. No sorry, you misunderstood me. What I meant was not suggest that MailScanner does anything with the SMTP transaction but to suggest an option for Postfix users to lighten MailScanner's load in a more subtle way than the usual 'one RBL and you are out' technique of Postfix's RBL look up system. I like it because it reduces the chance of FP. Even if one of your best customers or suppliers etc does get themselves listed in a RBL they won't get rejected as the points score will still let them through (Provided they have set their MTA up correctly). The other half of this is that I wouldn't use it by it's self, hence it is a supplement to MailScanner not a replacement or alternative etc. There's a sendmail.cf hack for sendmail available for about ten years doing what http://robtone.mine.nu/postfix/ does, it just doesn't score, but that's not important in this case. I think the scoring piece is important as it makes it more reliable but that's IMHO :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 5 09:11:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: Convert 'store'd emails mbox format Message-ID: Martin Hepworth wrote: > All > I've got lots of emails on my server that are in the > quarantine/nonspam directories. These seem to in some odd format - > they ain't rfc 862 format as they start with... > > Received: from smtp.nildram.co.uk ([195.112.4.54]) > by towers.solid-state-logic.com with esmtp (Exim (FreeBSD)) > id 1DoKty-00015S-4n > for someusers@solid-state-logic.com; Fri, 01 Jul 2005 13:45:50 +010 > > > BUT (there's always a but aint there ;-) I need to get these into rfc862 > format so I can cat them together in one big mbox file and pop them into > Thunderbird (or whatever) so I can look at them as if I has recieved > them myself. > > Any ideas of perl/shell/.. wizardry that would do this??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > All sorted it myself - had the quarantine as queue files to setup another instance of MS, and had the archive go an mbox file, then reinserted the queue files into the inbound queue dir of the new dir...and Robert's you mother's brother.. Nice... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 5 09:11:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: Convert 'store'd emails mbox format Message-ID: Martin Hepworth wrote: > All > I've got lots of emails on my server that are in the > quarantine/nonspam directories. These seem to in some odd format - > they ain't rfc 862 format as they start with... > > Received: from smtp.nildram.co.uk ([195.112.4.54]) > by towers.solid-state-logic.com with esmtp (Exim (FreeBSD)) > id 1DoKty-00015S-4n > for someusers@solid-state-logic.com; Fri, 01 Jul 2005 13:45:50 +010 > > > BUT (there's always a but aint there ;-) I need to get these into rfc862 > format so I can cat them together in one big mbox file and pop them into > Thunderbird (or whatever) so I can look at them as if I has recieved > them myself. > > Any ideas of perl/shell/.. wizardry that would do this??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > All sorted it myself - had the quarantine as queue files to setup another instance of MS, and had the archive go an mbox file, then reinserted the queue files into the inbound queue dir of the new dir...and Robert's you mother's brother.. Nice... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 5 10:12:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Problem Message-ID: Can someone add this to the wiki please? It's a classic "gotcha". On 4 Jul 2005, at 19:13, Mike Kercher wrote: > That seems to have fixed it. After doing so, my SAVI started to > fail. I > also added /usr/local/Sophos/lib to my ld.so.conf and that fixed > the prob. > Thanks for the fast reply! > > Mike > > > ________________________________ > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On Behalf > Of Matt Kehler > Sent: Monday, July 04, 2005 1:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: New Install Problem > > > Had the exact problem on ES4, someone from this list posted to do the > following, worked for me > > add /usr/local/lib to /etc/ld.so.conf and then run ldconfig > > Matt > > >>>> mike@CAMAROSS.NET 7/4/2005 1:03 PM >>> >>>> > > I recently installed a new MS box running CentOS 4.1 and installed > the RPM > MS dist. I also, for the first time, used the SA/Clam install, but > something isn't working right. > > Jul 4 12:57:09 avenger MailScanner[11151]: MailScanner E-Mail > Virus Scanner > version 4.42.9 starting... > Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI 3.95 (engine > 2.30) > recognizing 106709 viruses > Jul 4 12:57:12 avenger MailScanner[11151]: SophosSAVI using 79 IDE > files > Jul 4 12:57:12 avenger MailScanner[11151]: ClamAV Perl module not > found, > did you install it? > > I have tried reinstalling Mail::ClamAV via CPAN multiple times and > get the > following: > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/root/.cpan/build/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ > ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > # > # > # at /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm > line 193 > # BEGIN failed--compilation aborted at > /root/.cpan/build/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 537. > # Compilation failed in require at (eval 1) line 2. > t/Mail-ClamAV....NOK 1"all" is not defined in % > Mail::ClamAV::EXPORT_TAGS at > t/Mail-ClamAV.t line 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > t/Mail-ClamAV....dubious > > Test returned status 10 (wstat 2560, 0xa00) > DIED. FAILED tests 1-10 > Failed 10/10 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ---------------------------------------------------------------------- > ------ > --- > t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% > okay. > make: *** [test_dynamic] Error 2 > /usr/bin/make test -- NOT OK > Running make install > Appending installation info to > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod > Files found in blib/arch: installing files in blib/lib into > architecture > dependent library tree > Writing > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/ > ClamAV/.pac > klist > /usr/bin/make install -j3 -- OK > > If I define clamavmodule in my MailScanner.conf, MS doesn't see my > clavavmodule. So I have to use SophosSavi and clamav. Any ideas > on where > to look for the resolution? > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Tue Jul 5 10:49:43 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:30:13 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: Hi all... Having read the earlier postings and seeing as I was still running Sophos 3.91, I took the plunge today. I upgraded to MS 4.43.8, all fine. This is RPM-based on RHEL4. I used MajorSophos to pull down 3.95, then restarted (I'm using SAVI-Perl, 0.30, so the sophossavi setting in AV scanners)... Jul 5 10:31:58 postbox MailScanner[18218]: SophosSAVI 3.95 (engine 2.30) recognizing 106728 viruses But then fairly quickly got: Jul 5 10:32:27 postbox MailScanner[18218]: SophosSAVI::ERROR:: Sweep could not proceed, the file was corrupted (538):: ./20DAB13F88C.CB325/msg-18218-6.html i.e. the file corruption messages, and an awful lot of them :( Running /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos works fine, so 'sweep' would appear to be working. Just to confirm while I've turned off sophossavi in my configuration, is anyone running this exact or similar configuration: MS 4.43.8 Sophos 3.95 SAVI-Perl 0.30 RHEL4 (or similar, Fedora, etc.) linux.intel.libc6.glibc.2.2.tar.Z (I normally used to pull this down, should I pull down the plain 'libc6.tar.Z' version? Thanks... sorry for a FAQ, but I can't find the earlier thread... the last thread I read was about auto-update, but I've now updated to MS 4.43. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 5 11:11:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: On 5 Jul 2005, at 10:49, Peter Bates wrote: > Hi all... > > Having read the earlier postings and seeing as I was still > running Sophos 3.91, I took the plunge today. > > I upgraded to MS 4.43.8, all fine. This is RPM-based on RHEL4. > > I used MajorSophos to pull down 3.95, then restarted (I'm using > SAVI-Perl, 0.30, so the sophossavi setting in AV scanners)... > > Jul 5 10:31:58 postbox MailScanner[18218]: SophosSAVI 3.95 (engine > 2.30) recognizing 106728 viruses > > But then fairly quickly got: > > Jul 5 10:32:27 postbox MailScanner[18218]: SophosSAVI::ERROR:: Sweep > could not proceed, the file was corrupted (538):: > ./20DAB13F88C.CB325/msg-18218-6.html > > i.e. the file corruption messages, and an awful lot of them :( > > Running > /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos > works fine, so 'sweep' would appear to be working. > > Just to confirm while I've turned off sophossavi in my configuration, > is anyone running this exact or similar configuration: > > MS 4.43.8 > Sophos 3.95 > SAVI-Perl 0.30 > RHEL4 (or similar, Fedora, etc.) > linux.intel.libc6.glibc.2.2.tar.Z (I normally used to pull this down, > should I pull down the plain 'libc6.tar.Z' version? I used the top one, the libc6 one. Seems to work on RHEL4 for me, I think. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at GARDRAIL.COM Tue Jul 5 11:32:21 2005 From: mailscanner at GARDRAIL.COM (Bill) Date: Thu Jan 12 21:30:13 2006 Subject: mid-stream spam scanning Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greetings, I investigated maildrop as a potential solution to the problem I presented earlier on this list. Maildrop appears to only be used for local mail delivery options (a procmail replacement). [user] -----------{internet}---------[relay]-----------[server] Information or e-mail will flow from the left to the right so that only the user speaks to the relay based on DNS MX records. In turn, the relay server will then perform spam filtering and virus scanning against the messages it receives. When e-mails are found laden with suspicious messages, those messages are quarantined in a format that server administrators can later copy down and review if questions arise about messages not getting to their users. I have the relay portion working just fine with postfix and Sendmail (originally i used Sendmail). I'm sure I can get spam filtering setup easily as I^Òve already done so with Sendmail. The problem I'm running into is having the e-mails stored in mbox format based on the domain they are going to such as /home/{{serveradmin}}/spam/domain.mbox. Has anyone done this before, or have any suggestions? someone previously suggested setting up a postfix rule, but I just dont see how that will fit in the configuration. My current configuration on the relay server consists of: [port 25 on relay]-----[spamassassin/mailscanner]-------[to destination server] Thanks in advance, -=-Bill-=- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Tue Jul 5 11:56:28 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:30:13 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: Hello again all... > MailScanner@ECS.SOTON.AC.UK 05/07/05 11:11:01 >>> > Just to confirm while I've turned off sophossavi in my configuration, > is anyone running this exact or similar configuration: > > MS 4.43.8 > Sophos 3.95 > SAVI-Perl 0.30 > RHEL4 (or similar, Fedora, etc.) > linux.intel.libc6.glibc.2.2.tar.Z (I normally used to pull this down, > should I pull down the plain 'libc6.tar.Z' version? >I used the top one, the libc6 one. Seems to work on RHEL4 for me, I >think. I've switched to the version that doesn't mention glibc.2.2 and all now seems to be okay, although I've also rebuilt SAVI-Perl, so that might have been the cause as well... I used to use the 'glibc' version because I read somewhere it would be quicker on a machine with the relevant version, but I guess not so good advice now :( Thanks as ever to Julian and the MS hordes. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Jul 5 13:20:18 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:13 2006 Subject: Changing Reply To: when replying to Mail List Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon:: Blacknight.ie wrote: It's probably your MUA that's doing it - thunderbird can be a bit silly at times, though using the "reply all" option seems to make even the dumbest MUA play nice M Thanks, I'll just play closer attention then to my replies then. -- This message has been scanned for viruses and dangerous content by Secure Resource, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 5 14:35:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: Kai Schaetzl wrote: > Drew Marshall wrote on Mon, 4 Jul 2005 20:46:09 +0100: > > >>No sorry, you misunderstood me. What I meant was not suggest that >>MailScanner does anything with the SMTP transaction but to suggest an >>option for Postfix users to lighten MailScanner's load in a more subtle >>way than the usual 'one RBL and you are out' technique of Postfix's RBL >>look up system. > > > Oh, I see, yes, certainly to be recommended. > > I like it because it reduces the chance of FP. Even if > >>one of your best customers or suppliers etc does get themselves listed >>in a RBL they won't get rejected as the points score will still let them >>through (Provided they have set their MTA up correctly). The other half >>of this is that I wouldn't use it by it's self, hence it is a supplement >>to MailScanner not a replacement or alternative etc. > > > Well, I'm referring more to the additional checks it does. Especially the > HELO check is quite useful (although an RFC violation to refuse on it). It > blocks most mail worms and such. However, I don't think that scoring > doesn't help much here. If I don't trust an RBL I simply don't use it. If a > communications partner gets listed, well, obviously for a reason, f.i. > their relay was open or whatever. I can just let them get in with an OK > entry in my local access db - if I want. The sooner they clear this up the > better. > We use three RBLs (spamhaus, sorbs and njabl - the latter doesn't add much, > I could just remove it) and the "FP" rate (FP in quotes because actually > they are not FPs) is extremely low (1 in 10.000 or less). If I get too many > FPs I'd simply drop the "offending" RBL. WE also reject on HELO and wrong > MAIL FROM and message ids and our own access db. > The beauty in this approach is that *one* "hit" is enough. It's quite > typical that this kind of mail hits only one or two of the above criteria. > But they all are spam, the FP rate is very very low. And if someone wants > to send me a legitimate mail from a misconfigured mail server, well, I > expect him to fix his server. So, with a scoring system you will miss a > *lot* of these, but gain *almost* nothing in regard to battling FPs. > Scoring by mail content is *much different* because there are simply no > single criteria that a mail is spam. (Although a SURBL listing and also a > BAYES_99 from a well-trained db may be accurate enough to use them as the > single criterion. However, these are more or less dependant on the > "history" of SA. Using scoring in SA betters your recognition ratio a lot, > but it doesn't much for RBLs and other technical checks on MTA level. > > > > > Kai > Another option I use is to only allow in valid email addresses and the MTA. I drop over 70% of my email that way..and don't get any FP's from RBLs ;-) Yes in theory you are open to email guessing attacks, but then my SA and MS are very well setup so this doesn't add much risk :-) No idea how you do this in PF as I run Exim.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Tue Jul 5 14:41:42 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:13 2006 Subject: High scroing Spam no longer deleted? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I get messages like these: X-frosted-MailScanner-SpamCheck: spam, SpamAssassin (score=20.575, required 5.1, BAYES_60 1.00, DEAR_FRIEND 0.07, MILLION_USD 2.80, NIGERIAN_BODY1 3.40, NIGERIAN_BODY2 0.60, NIGERIAN_SUBJECT2 2.09, NO_REAL_NAME 0.01, RAZOR2_CHECK 1.51, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, SARE_MONEYTERMS 0.68, SARE_ONDEAL 0.22, SARE_URGBIZ 0.72, SUBJ_ALL_CAPS 0.67, URG_BIZ 1.81) X-frosted-MailScanner-SpamScore: 20 My settings are: High Scoring Spam Actions = delete High SpamAssassin Score = 8.8 The version info is: MailScanner -v Running on Linux dragon 2.6.8.1 #1 Tue Sep 28 11:23:11 CEST 2004 i686 i686 i386 GNU/Linux This is Fedora Core release 4 (Stentz) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.43.8 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCyo4VPMoaMn4kKR4RAvxcAJ9/TcaK+6na00rrNtT+Uf+g5qk+OACaA6VS MnBCxt/gtFvZ6r9SRuO7i4U= =sXAT -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 5 14:31:38 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote on Mon, 4 Jul 2005 20:46:09 +0100: > No sorry, you misunderstood me. What I meant was not suggest that > MailScanner does anything with the SMTP transaction but to suggest an > option for Postfix users to lighten MailScanner's load in a more subtle > way than the usual 'one RBL and you are out' technique of Postfix's RBL > look up system. Oh, I see, yes, certainly to be recommended. I like it because it reduces the chance of FP. Even if > one of your best customers or suppliers etc does get themselves listed > in a RBL they won't get rejected as the points score will still let them > through (Provided they have set their MTA up correctly). The other half > of this is that I wouldn't use it by it's self, hence it is a supplement > to MailScanner not a replacement or alternative etc. Well, I'm referring more to the additional checks it does. Especially the HELO check is quite useful (although an RFC violation to refuse on it). It blocks most mail worms and such. However, I don't think that scoring doesn't help much here. If I don't trust an RBL I simply don't use it. If a communications partner gets listed, well, obviously for a reason, f.i. their relay was open or whatever. I can just let them get in with an OK entry in my local access db - if I want. The sooner they clear this up the better. We use three RBLs (spamhaus, sorbs and njabl - the latter doesn't add much, I could just remove it) and the "FP" rate (FP in quotes because actually they are not FPs) is extremely low (1 in 10.000 or less). If I get too many FPs I'd simply drop the "offending" RBL. WE also reject on HELO and wrong MAIL FROM and message ids and our own access db. The beauty in this approach is that *one* "hit" is enough. It's quite typical that this kind of mail hits only one or two of the above criteria. But they all are spam, the FP rate is very very low. And if someone wants to send me a legitimate mail from a misconfigured mail server, well, I expect him to fix his server. So, with a scoring system you will miss a *lot* of these, but gain *almost* nothing in regard to battling FPs. Scoring by mail content is *much different* because there are simply no single criteria that a mail is spam. (Although a SURBL listing and also a BAYES_99 from a well-trained db may be accurate enough to use them as the single criterion. However, these are more or less dependant on the "history" of SA. Using scoring in SA betters your recognition ratio a lot, but it doesn't much for RBLs and other technical checks on MTA level. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Tue Jul 5 14:39:09 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:30:13 2006 Subject: recent MailScanner + SAVI > 3.92 Message-ID: Apparently Sophos broke something when they released 3.92 in the glibc 2.2+ version. I had opened an incident with them on it, but never got an answer other than that they would look into it. I've been running the plain libc6 version ever since. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Peter Bates wrote: > Hello again all... > >> MailScanner@ECS.SOTON.AC.UK 05/07/05 11:11:01 >>> >> Just to confirm while I've turned off sophossavi in my configuration, >> is anyone running this exact or similar configuration: >> >> MS 4.43.8 >> Sophos 3.95 >> SAVI-Perl 0.30 >> RHEL4 (or similar, Fedora, etc.) >> linux.intel.libc6.glibc.2.2.tar.Z (I normally used to pull this down, >> should I pull down the plain 'libc6.tar.Z' version? > >> I used the top one, the libc6 one. Seems to work on RHEL4 for me, I >> think. > > I've switched to the version that doesn't mention glibc.2.2 and all > now seems to be okay, although I've also rebuilt SAVI-Perl, so that > might have been the cause as well... > > I used to use the 'glibc' version because I read somewhere it would be > quicker on a machine with the relevant version, but I guess not so > good advice now :( > > Thanks as ever to Julian and the MS hordes. > > > > ------------------------------------------------------------------------ ---------------------------> > Peter Bates, Systems Support Officer, IT Services. > London School of Hygiene & Tropical Medicine. > Telephone:0207-958 8353 / Fax: 0207- 636 9838 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Jul 5 15:57:18 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Message-ID: New install bitdefender 7.0 clamav 0.84 mailscanner 4.34.8 spamassassin 3.0.4 Getting a weird message from cron /etc/cron.hourly/update_virus_scanners: /usr/sbin/update_virus_scanners: line 46: 6541 Alarm clock ${UPDATER} "${PACKAGEDIR}" >/dev/null 2>1 Any Ideas ??????? Thank you. Philip Parsons Team Leader, IT Columbia Fuels Inc. 2nd Floor 2659 Douglas St Victoria BC, V8T 5M2 Phone: (250) 391-3638 Cell: (250) 883-5972 http://www.columbiafuels.com http://www.columbiaenergy.com http://www.columbiaice.com pparsons@columbiafuels.com E-mail protection by Mailscanner/SA Virus protection by Bitdefender/ClamAv ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 5 16:03:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: High scroing Spam no longer deleted? Message-ID: That's odd, it works fine for me. Can you check that you really do have the latest code, and there aren't a few files left over from previous versions or anything like this? I don't really know what to say other than that. What happens if you set your high score to an integer, does that make any difference? On 5 Jul 2005, at 14:41, David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I get messages like these: > > X-frosted-MailScanner-SpamCheck: spam, SpamAssassin (score=20.575, > required 5.1, BAYES_60 1.00, DEAR_FRIEND 0.07, MILLION_USD 2.80, > NIGERIAN_BODY1 3.40, NIGERIAN_BODY2 0.60, NIGERIAN_SUBJECT2 2.09, > NO_REAL_NAME 0.01, RAZOR2_CHECK 1.51, SARE_FRAUD_X3 1.67, > SARE_FRAUD_X4 1.67, SARE_FRAUD_X5 1.67, SARE_MONEYTERMS 0.68, > SARE_ONDEAL 0.22, SARE_URGBIZ 0.72, SUBJ_ALL_CAPS 0.67, > URG_BIZ 1.81) > X-frosted-MailScanner-SpamScore: 20 > > My settings are: > > High Scoring Spam Actions = delete > High SpamAssassin Score = 8.8 > > The version info is: > > MailScanner -v > Running on > Linux dragon 2.6.8.1 #1 Tue Sep 28 11:23:11 CEST 2004 i686 i686 > i386 GNU/Linux > This is Fedora Core release 4 (Stentz) > This is Perl version 5.008006 (5.8.6) > > This is MailScanner version 4.43.8 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.66 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 1.810 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000004 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.18 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (Darwin) > > iD8DBQFCyo4VPMoaMn4kKR4RAvxcAJ9/TcaK+6na00rrNtT+Uf+g5qk+OACaA6VS > MnBCxt/gtFvZ6r9SRuO7i4U= > =sXAT > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 5 16:02:04 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Message-ID: Philip Parsons wrote: > New install > > bitdefender 7.0 > clamav 0.84 > mailscanner 4.34.8 > spamassassin 3.0.4 > > Getting a weird message from cron > /etc/cron.hourly/update_virus_scanners: > /usr/sbin/update_virus_scanners: line 46: 6541 Alarm clock > ${UPDATER} "${PACKAGEDIR}" >/dev/null 2>1 > > Any Ideas ??????? > > > > Thank you. > Philip Parsons > Team Leader, IT > > Columbia Fuels Inc. > 2nd Floor 2659 Douglas St Phil I'd update to latest of everything and try again - clamav 0.86.1 and MS 4.43.8 -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Jul 5 16:12:54 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Message-ID: Ooppps typo on my part bitdefender 7.0 > clamav 0.86.1 > mailscanner 4.34.8 > spamassassin 3.0.4 All latest can get no higher. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: Tuesday, July 05, 2005 8:02 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New Install Philip Parsons wrote: > New install > > bitdefender 7.0 > clamav 0.84 > mailscanner 4.34.8 > spamassassin 3.0.4 > > Getting a weird message from cron > /etc/cron.hourly/update_virus_scanners: > /usr/sbin/update_virus_scanners: line 46: 6541 Alarm clock > ${UPDATER} "${PACKAGEDIR}" >/dev/null 2>1 > > Any Ideas ??????? > > > > Thank you. > Philip Parsons > Team Leader, IT > > Columbia Fuels Inc. > 2nd Floor 2659 Douglas St Phil I'd update to latest of everything and try again - clamav 0.86.1 and MS 4.43.8 -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Tue Jul 5 16:07:51 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:13 2006 Subject: OT: "best" virusprogram Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I was wundering if anyone has an opinion on what is the best combination of virus scanners? I thing I once say something about most virusscanners where simply builds of kaspersky? So using that one would void some others? Im looking at: bitdefender, clamavmodule, f-prot, kaspersky - using all 4 together. any insight as to why one would be better than the other? best regards Jan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Tue Jul 5 16:20:34 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:13 2006 Subject: High scroing Spam no longer deleted? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > That's odd, it works fine for me. > Can you check that you really do have the latest code, and there aren't > a few files left over from previous versions or anything like this? > I don't really know what to say other than that. > What happens if you set your high score to an integer, does that make > any difference? > As this is a test machine I simply wiped everything MailScanner related and re-installed. I also noticed that the 20+ scored spam is not tagged as High Scoring spam, but {Spam?} which would indicate "low scored" spam. I have now changed the scored to integers from my float values and I will not check what happens - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCyqVBPMoaMn4kKR4RArWrAJ4rMLg/ZmqsYlYPBAu5IyCul5m8KwCfQwxi Szib7pdWf1HrxmWQAkUeOhw= =737e -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Jul 5 16:25:40 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:13 2006 Subject: "best" virusprogram Message-ID: The best one is that which catches all viruses all of the time. Failing that, a mix increases your chances of catching new ones. We use McAfee's uvscan, Bitdefender, and ClamAV here. Usually ClamAV and Bitdefender get their new detections out before McAfee, which is on a daily DAT release cycle. One of the latest Bagle variants was an exception to the rule, with mcafee catching it first. I'd recommend ClamAV and Bitdefender to everybody. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan Agermose Sent: 05 July 2005 16:08 To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: "best" virusprogram Hi I was wundering if anyone has an opinion on what is the best combination of virus scanners? I thing I once say something about most virusscanners where simply builds of kaspersky? So using that one would void some others? Im looking at: bitdefender, clamavmodule, f-prot, kaspersky - using all 4 together. any insight as to why one would be better than the other? best regards Jan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jul 5 16:22:10 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Parsons wrote: > Ooppps typo on my part > > bitdefender 7.0 > >>clamav 0.86.1 >>mailscanner 4.34.8 -> this is not the latest MailScanner, unless you made a typo. >>spamassassin 3.0.4 > > > All latest can get no higher. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 5 16:42:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: Beta 4.44.1 Message-ID: I have just released the first beta of next month's release. Note that I will skip the August release if things are very quiet. So don't be too surprised if it doesn't appear. The main purpose is a bit more Postfix work, and making MailScanner more robust in the event of /var/spool/MailScanner/incoming running out of space. The Change Log so far is this: * New Features and Improvements * - Optimised situation where spam archive is being kept clean but many messages are being deleted. Thanks to yavor.trapkov@wipe.int for that. * Fixes * - Added more Postfix temporarily-invalid-message checks. - Added disk full checks for MailScanner/incoming space. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jul 5 16:24:01 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:13 2006 Subject: move from one os to another and live cloning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Harondel J. Sibble wrote: > Okay, we have a MS box running MDK 9.2 which we want to upgrade, however we > are looking at going with one of the RHEL clones like CentOS instead of MDK > because it offers a longer update cycle. > > To move the current config to the new box running CentOS, is this the basic > procedure? > > 1) Setup and update CentOS box > 2) install same version of MS, SA etc on new box > 3) Copy /etc/MailScanner from old box to new box > 4) Make sure MS works on new box > 5) Upgrade MS, SA etc on new box to latest and greates > 6) Tweak configuration on new box as necessary > > Anyone see any problems with this? Not really. Not an half-an-hour job though :). > > Also was thinking of imaging the CentOS configuration to another similar > machine as as backup, Anyone know of any software that will then keep both > boxes in completely in sync, so that any changes made on the main system get > automatically replicated to the secondary, in case the primary tanks? > We don't need automated failover, just need to keep both boxes identical. > > rsync or unison ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 5 16:44:49 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:13 2006 Subject: High scroing Spam no longer deleted? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David H. wrote on Tue, 5 Jul 2005 15:41:42 +0200: > This is MailScanner version 4.43.8 Hm, do you by chance use Mailwatch? If so, you could check if it is recognized as high scoring at all. 4.43.6 (I think) had a small bug in SA.pm which didn't let it identify high scoring spam. Julian provided a correct SA.pm in reply to a post by me a few days ago. Check out if that helps. Maybe he somehow forgot to include it in .8? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 5 16:44:48 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote on Tue, 5 Jul 2005 14:35:53 +0100: > Another option I use is to only allow in valid email addresses and the > MTA. I drop over 70% of my email that way..and don't get any FP's from > RBLs ;-) > > Yes in theory you are open to email guessing attacks, but then my SA and > MS are very well setup so this doesn't add much risk :-) > > No idea how you do this in PF as I run Exim.... I suppose you simply have to abandon using wildcards :-) BTW: I see a lot of mails from you on several lists and I read many of them because they contain valuable information. But there's one thing which drives me crazy: often I have to scroll endlessly down before I can read your comment. Sometimes I just skip the message because I only see "green" (quotes are colored in green by my newsreader). Is there a reason that you don't trim the quotes other than comfort? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 5 16:53:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: Kai Schaetzl wrote: > Martin Hepworth wrote on Tue, 5 Jul 2005 14:35:53 +0100: > > >>Another option I use is to only allow in valid email addresses and the >>MTA. I drop over 70% of my email that way..and don't get any FP's from >>RBLs ;-) >> >>Yes in theory you are open to email guessing attacks, but then my SA and >> MS are very well setup so this doesn't add much risk :-) >> >>No idea how you do this in PF as I run Exim.... > > > I suppose you simply have to abandon using wildcards :-) > > BTW: I see a lot of mails from you on several lists and I read many of them > because they contain valuable information. But there's one thing which > drives me crazy: often I have to scroll endlessly down before I can read > your comment. Sometimes I just skip the message because I only see "green" > (quotes are colored in green by my newsreader). Is there a reason that you > don't trim the quotes other than comfort? > > Kai > Laziness and a tendency to top post (ducks as internet police fire batton rounds) -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 5 17:01:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: Bang! Quack quack Bang! Quack... On 5 Jul 2005, at 16:53, Martin Hepworth wrote: > Kai Schaetzl wrote: > >> Martin Hepworth wrote on Tue, 5 Jul 2005 14:35:53 +0100: >> >>> Another option I use is to only allow in valid email addresses >>> and the MTA. I drop over 70% of my email that way..and don't get >>> any FP's from RBLs ;-) Yes in theory you are open to email >>> guessing attacks, but then my SA and MS are very well setup so >>> this doesn't add much risk :-) No idea how you do this in PF as I >>> run Exim.... >>> >> I suppose you simply have to abandon using wildcards :-) >> BTW: I see a lot of mails from you on several lists and I read >> many of them because they contain valuable information. But >> there's one thing which drives me crazy: often I have to scroll >> endlessly down before I can read your comment. Sometimes I just >> skip the message because I only see "green" (quotes are colored in >> green by my newsreader). Is there a reason that you don't trim the >> quotes other than comfort? >> Kai >> > Laziness and a tendency to top post (ducks as internet police fire > batton rounds) > > -- > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Jul 5 17:02:00 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Message-ID: Aah OK bad day lets start again Bitdefender 7 Clam 0.86.1 Mailscanner 4.43.8 Spamassassin 3.0.4 Getting a weird cron error /etc/cron.hourly/update_virus_scanners: > /usr/sbin/update_virus_scanners: line 46: 6541 Alarm clock ${UPDATER} "${PACKAGEDIR}" >/dev/null 2>1 Any Idea's ??? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance Sent: Tuesday, July 05, 2005 8:22 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New Install Philip Parsons wrote: > Ooppps typo on my part > > bitdefender 7.0 > >>clamav 0.86.1 >>mailscanner 4.34.8 -> this is not the latest MailScanner, unless you made a typo. >>spamassassin 3.0.4 > > > All latest can get no higher. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 5 17:08:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: Julian Field wrote: > Bang! Quack quack Bang! Quack... > >>> >> Laziness and a tendency to top post (ducks as internet police fire >> batton rounds) >> >> -- >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> Jules your sense of humour is even worse than mine - quack ... sheesh -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david at GRECCOCONSULTING.COM Tue Jul 5 17:12:41 2005 From: david at GRECCOCONSULTING.COM (David Grecco) Date: Thu Jan 12 21:30:13 2006 Subject: SA Lint processing time Message-ID: What is a good total time for sa lint processing? I’m running at an average of 4.5 seconds. Does this seem alright? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Tue Jul 5 17:26:11 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Philip Parsons > Sent: Tuesday, July 05, 2005 12:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: New Install > > Aah OK bad day lets start again > > Bitdefender 7 > Clam 0.86.1 > Mailscanner 4.43.8 > Spamassassin 3.0.4 > > Getting a weird cron error > > /etc/cron.hourly/update_virus_scanners: > > /usr/sbin/update_virus_scanners: line 46: 6541 Alarm clock ${UPDATER} > "${PACKAGEDIR}" >/dev/null 2>1 > > Any Idea's ??? > > An idea :) I believe your MailScanner auto-update (probably Bitdefender) is taking too long. You could try running Mailscanner's hourly cron update manually /etc/cron.hourly/update_virus_scanners (note it does a random sleep) And CalmAV and Bitdefender's /usr/local/bin/freshclam /opt/bdc/bdc -u Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jul 5 17:31:03 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:13 2006 Subject: SA Lint processing time Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Grecco wrote: > What is a good total time for sa lint processing? I^Òm running at an > average of 4.5 seconds. Does this seem alright? Yes, that's fine.. when you run spamassassin --lint, a new perl instance gets invoked, and SA has to parse all of it's configuration files from scratch. This adds a lot of overhead compared to scanning a message with a running instance of SA. For example, my SA 2.64 setup with DNS/Razor/DCC/SpamCopURI/bayes enabled has these timings: time spamassassin --lint real 0m6.948s user 0m5.500s sys 0m0.240s Scanning a message in MailScanner is slightly faster than using spamc, but this is the closes you can simulate using the command line tools: (spamd started as spamd -d) time spamc Thanks Matt. That good news (and good information)... -----Original Message----- From: owner-mailscanner@JISCMAIL.AC.UK [mailto:owner-mailscanner@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Tuesday, July 05, 2005 11:31 AM To: MailScanner mailing list Subject: Re: SA Lint processing time David Grecco wrote: > What is a good total time for sa lint processing? I'm running at an > average of 4.5 seconds. Does this seem alright? Yes, that's fine.. when you run spamassassin --lint, a new perl instance gets invoked, and SA has to parse all of it's configuration files from scratch. This adds a lot of overhead compared to scanning a message with a running instance of SA. For example, my SA 2.64 setup with DNS/Razor/DCC/SpamCopURI/bayes enabled has these timings: time spamassassin --lint real 0m6.948s user 0m5.500s sys 0m0.240s Scanning a message in MailScanner is slightly faster than using spamc, but this is the closes you can simulate using the command line tools: (spamd started as spamd -d) time spamc [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I've just upgraded from 4.40.11 to 4.43.8 and, with exactly the same MailScanner.conf, the new MailScanner processes start and grow in memory size, seemingly forever. Switching back to 4.40.11, the processes stop and stabilize at about 57M each (under prstat in Solaris). The new ones go sailing through that and only stop when I kill them, at which point the machine is out of memory and swap (each MailScanner being >>500M by this stage). It may be a really dumb thing, but i'd appreciate any suggestions........ Thanks Ade ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Jul 5 18:58:18 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:13 2006 Subject: New Install Message-ID: That was done a couple of time when I installed everything this just showed up at night.. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Tuesday, July 05, 2005 9:26 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: New Install > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Philip Parsons > Sent: Tuesday, July 05, 2005 12:02 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: New Install > > Aah OK bad day lets start again > > Bitdefender 7 > Clam 0.86.1 > Mailscanner 4.43.8 > Spamassassin 3.0.4 > > Getting a weird cron error > > /etc/cron.hourly/update_virus_scanners: > > /usr/sbin/update_virus_scanners: line 46: 6541 Alarm clock > > ${UPDATER} > "${PACKAGEDIR}" >/dev/null 2>1 > > Any Idea's ??? > > An idea :) I believe your MailScanner auto-update (probably Bitdefender) is taking too long. You could try running Mailscanner's hourly cron update manually /etc/cron.hourly/update_virus_scanners (note it does a random sleep) And CalmAV and Bitdefender's /usr/local/bin/freshclam /opt/bdc/bdc -u Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 5 20:10:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: MailScanner 4.43.8 Memory Usage Extreme Growth Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you try a bit of a binary chop and try to deduce which version first started the problem? 4.40.1 and 4.43.8 are a long way apart, it's going to be a pretty hopeless search inspecting all the code changes by eye. Ade Fewings wrote: > I've just upgraded from 4.40.11 to 4.43.8 and, with exactly the same > MailScanner.conf, the new MailScanner processes start and grow in > memory size, seemingly forever. Switching back to 4.40.11, the > processes stop and stabilize at about 57M each (under prstat in > Solaris). The new ones go sailing through that and only stop when I > kill them, at which point the machine is out of memory and swap (each > MailScanner being >>500M by this stage). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jul 5 20:16:23 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:13 2006 Subject: MailScanner 4.43.8 Memory Usage Extreme Growth Message-ID: Hi, I upgraded from 4.43.2 to 4.43.8 this morning, on Solaris 9. My MailScanner processes all run at 59 to 61 M of memory each. No memory bloat here. My system is nice and perky. Jeff Earickson Colby College On Tue, 5 Jul 2005, Julian Field wrote: > Date: Tue, 5 Jul 2005 20:10:07 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner 4.43.8 Memory Usage Extreme Growth > > Can you try a bit of a binary chop and try to deduce which version first > started the problem? > 4.40.1 and 4.43.8 are a long way apart, it's going to be a pretty hopeless > search inspecting all the code changes by eye. > > Ade Fewings wrote: > >> I've just upgraded from 4.40.11 to 4.43.8 and, with exactly the same >> MailScanner.conf, the new MailScanner processes start and grow in memory >> size, seemingly forever. Switching back to 4.40.11, the processes stop and >> stabilize at about 57M each (under prstat in Solaris). The new ones go >> sailing through that and only stop when I kill them, at which point the >> machine is out of memory and swap (each MailScanner being >>500M by this >> stage). > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 5 20:31:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:13 2006 Subject: MailScanner 4.43.8 Memory Usage Extreme Growth Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ade Fewings wrote on Tue, 5 Jul 2005 18:38:27 +0100: > It may be a really dumb thing, but i'd appreciate any suggestions upgrade all Perl modules in use by MS, switch off usage of external programs/modules (no SA, no virus scanners etc.) to see if it is actually the call to them which creates the problem. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 5 20:31:33 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote on Tue, 5 Jul 2005 16:53:58 +0100: > Laziness and a tendency to top post (ducks as internet police fire > batton rounds) Well, if you don't skim the quotes top posting is actually *much* better than bottom posting (or whatever that is called). It doesn't require the reader to scroll down just to see there are two lines which are not of interest. (But since you never know if they add something interesting or not you always have to scroll or just skip unknowingly if you lost something ...) I usually don't point to this and stay quiet, but I see quite a many postings from you on the list and it's really a nuisance that I can't see what you wrote right away. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jul 5 21:15:39 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >> Well, I'm referring more to the additional checks it does. Especially >> the HELO check is quite useful (although an RFC violation to refuse >> on it). It blocks most mail worms and such. However, I don't think >> that scoring doesn't help much here. If I don't trust an RBL I simply >> don't use it. If a communications partner gets listed, well, >> obviously for a reason, f.i. their relay was open or whatever. I can >> just let them get in with an OK entry in my local access db - if I >> want. The sooner they clear this up the better. We use three RBLs >> (spamhaus, sorbs and njabl - the latter doesn't add much, I could >> just remove it) and the "FP" rate (FP in quotes because actually they >> are not FPs) is extremely low (1 in 10.000 or less). If I get too >> many FPs I'd simply drop the "offending" RBL. WE also reject on HELO >> and wrong MAIL FROM and message ids and our own access db. > I ran, right up until implementing this policy daemon, spamhaus & sorbs list rejection and also reject non RFC821 envelopes, invalid host names, domains and a host of 'technically correct' fully qualified domain name checks. I am intrigued how you test for message ids? I believe you said you are running Sendmail which is obviously different to my Postfix (Which I am not aware of being able to make such checks). >> The beauty in this approach is that *one* "hit" is enough. It's quite >> typical that this kind of mail hits only one or two of the above >> criteria. But they all are spam, the FP rate is very very low. And if >> someone wants to send me a legitimate mail from a misconfigured mail >> server, well, I expect him to fix his server. So, with a scoring >> system you will miss a *lot* of these, but gain *almost* nothing in >> regard to battling FPs. >> Scoring by mail content is *much different* because there are simply >> no single criteria that a mail is spam. (Although a SURBL listing and >> also a BAYES_99 from a well-trained db may be accurate enough to use >> them as the single criterion. However, these are more or less >> dependant on the "history" of SA. Using scoring in SA betters your >> recognition ratio a lot, but it doesn't much for RBLs and other >> technical checks on MTA level. > Up until trying this beast, I would have agreed but all I can say is that is has reduced my 'through the MTA' spam levels and therefore the load (Which on one of my boxes is quite useful as it is some what under powered). I have been quite impressed with the results. Does the scoring make a huge difference? Maybe. The most useful thing is bringing a number of tests together and rejecting based on hitting more than one of them, something similar to that which can be set up with more granular control in Exim, as was being discussed last week (I think) where if for example, SPF check failed then a 'great pause' was introduced. Postfix doesn't have this control. Like it's author, Postfix is more black and white. Martin Hepworth wrote: > Another option I use is to only allow in valid email addresses and the > MTA. I drop over 70% of my email that way..and don't get any FP's from > RBLs ;-) > Agreed and every MTA should reject non users at SMTP stage (But not all do!). Where this isn't possible, I also drop non-deliverable Mailer-Daemon messages after a much shorter queue period. No point clogging the queue up. > Yes in theory you are open to email guessing attacks, but then my SA > and MS are very well setup so this doesn't add much risk :-) > > No idea how you do this in PF as I run Exim.... Dare I say, it's in the wiki... :-) Mind you I understand why you might have missed it, all them damn ducks. Completely quackers... :-P Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From randyf at SIBERNET.COM Tue Jul 5 21:49:49 2005 From: randyf at SIBERNET.COM (Randy Fishel) Date: Thu Jan 12 21:30:13 2006 Subject: MailScanner 4.43.8 Memory Usage Extreme Growth Message-ID: Over the weekend, I upgraded from 4.41.3 to 4.43.8 on an S10 system, and there were no issues or excessive memory usage (just a bit smaller then Jeff's). rf On Tue, 5 Jul 2005, Jeff A. Earickson wrote: > Hi, > I upgraded from 4.43.2 to 4.43.8 this morning, on Solaris 9. My > MailScanner processes all run at 59 to 61 M of memory each. No memory > bloat here. My system is nice and perky. > > Jeff Earickson > Colby College > > On Tue, 5 Jul 2005, Julian Field wrote: > >> Date: Tue, 5 Jul 2005 20:10:07 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MailScanner 4.43.8 Memory Usage Extreme Growth >> >> Can you try a bit of a binary chop and try to deduce which version first >> started the problem? >> 4.40.1 and 4.43.8 are a long way apart, it's going to be a pretty hopeless >> search inspecting all the code changes by eye. >> >> Ade Fewings wrote: >> >>> I've just upgraded from 4.40.11 to 4.43.8 and, with exactly the same >>> MailScanner.conf, the new MailScanner processes start and grow in memory >>> size, seemingly forever. Switching back to 4.40.11, the processes stop >>> and stabilize at about 57M each (under prstat in Solaris). The new ones >>> go sailing through that and only stop when I kill them, at which point the >>> machine is out of memory and swap (each MailScanner being >>500M by this >>> stage). >> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jflowers at EZO.NET Wed Jul 6 01:00:47 2005 From: jflowers at EZO.NET (Jim Flowers) Date: Thu Jan 12 21:30:13 2006 Subject: Sendmail call from MailScanner resolved Message-ID: Because my /var partition is small and my /usr partition is large I changed from /var/spool/mqueue* to /usr/var/spool/mqueue* on a FreeBSD5.4/Sendmail system that was running perfectly. Edited MailScanner.conf appropriately. All mail was then queued to be sent by the queuerunner (log entry sm-mta-out:) instead of using a direct sendmail call (log entry sendmail:) After some digging around, I found that symlinking the /usr/var/spool/mqueue directory back to /var/spool/mqueue solved the problem. The direct MailScanner call to sendmail chdirs to the default queue before executing and so fails. This could be avoided programatically by having the MailScanner call use the value in MailScanner.conf instead of the default (-OQueueDirectory=%%Outgoing Queue Dir%%). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jul 6 01:36:29 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > >> Another option I use is to only allow in valid email addresses and the >> MTA. I drop over 70% of my email that way..and don't get any FP's from >> RBLs ;-) On my second MX i drop 97% of inbound mail this way. Its amazing, all i have to do is not accept email that isnt address to our users. >> > Agreed and every MTA should reject non users at SMTP stage (But not all > do!). Where this isn't possible, I also drop non-deliverable > Mailer-Daemon messages after a much shorter queue period. No point > clogging the queue up. How do you do this in postfix? > >> Yes in theory you are open to email guessing attacks, but then my SA >> and MS are very well setup so this doesn't add much risk :-) >> >> No idea how you do this in PF as I run Exim.... > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jul 6 01:39:43 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:13 2006 Subject: OT: "best" virusprogram Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan Agermose wrote: > > Hi > > I was wundering if anyone has an opinion on what is the best combination > of virus scanners? > > I thing I once say something about most virusscanners where simply > builds of kaspersky? So using that one would void some others? > > Im looking at: bitdefender, clamavmodule, f-prot, kaspersky - using all > 4 together. > > any insight as to why one would be better than the other? Fairly subjective topic, but we all know one thing. All are much better together than individually. I think a combo of 3+ scanners is all you can do, and for almost everyone is enough to prevent any live ones getting through. As far rating them individually, might be better to google for reviews? > > best regards > Jan > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Wed Jul 6 02:59:28 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:13 2006 Subject: OT: "best" virusprogram Message-ID: Hi Folks, I am keen to evaluate Bitdefender but am unsure what distribution to use with MailScanner Their site has a number of releases and I initially installed BitDefender-sendmail-1.6.2-1.linux-gcc3x.i586.rpm.run however this seems to integrate at the MTA level in preference to mailscanner calling it. Could someone give me some insight on what version they are currently running with mailscanner? Many thanks in advance. Tony. Peter Russell Sent by: MailScanner mailing list 07/06/2005 10:39 AM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: OT: "best" virusprogram Jan Agermose wrote: > > Hi > > I was wundering if anyone has an opinion on what is the best combination > of virus scanners? > > I thing I once say something about most virusscanners where simply > builds of kaspersky? So using that one would void some others? > > Im looking at: bitdefender, clamavmodule, f-prot, kaspersky - using all > 4 together. > > any insight as to why one would be better than the other? Fairly subjective topic, but we all know one thing. All are much better together than individually. I think a combo of 3+ scanners is all you can do, and for almost everyone is enough to prevent any live ones getting through. As far rating them individually, might be better to google for reviews? > > best regards > Jan > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Wed Jul 6 04:19:49 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:13 2006 Subject: OT: "best" virusprogram Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, You just need to use the bdc (bitdefender console) for MailScanner. That is not something associated with mta or the likes. Cheers Raylund Tony Enderby wrote: > > Hi Folks, > > I am keen to evaluate Bitdefender but am unsure what distribution to > use with MailScanner > > Their site has a number of releases and I initially installed > BitDefender-sendmail-1.6.2-1.linux-gcc3x.i586.rpm.run > however this seems to integrate at the MTA level in preference to > mailscanner calling it. > > Could someone give me some insight on what version they are currently > running with mailscanner? > > Many thanks in advance. > > Tony. > > > > *Peter Russell * > Sent by: MailScanner mailing list > > 07/06/2005 10:39 AM > Please respond to > MailScanner mailing list > > > > To > MAILSCANNER@JISCMAIL.AC.UK > cc > > Subject > Re: OT: "best" virusprogram > > > > > > > > > > Jan Agermose wrote: > > > > Hi > > > > I was wundering if anyone has an opinion on what is the best > combination > > of virus scanners? > > > > I thing I once say something about most virusscanners where simply > > builds of kaspersky? So using that one would void some others? > > > > Im looking at: bitdefender, clamavmodule, f-prot, kaspersky - using all > > 4 together. > > > > any insight as to why one would be better than the other? > > Fairly subjective topic, but we all know one thing. All are much better > together than individually. I think a combo of 3+ scanners is all you > can do, and for almost everyone is enough to prevent any live ones > getting through. > > As far rating them individually, might be better to google for reviews? > > > > > best regards > > Jan > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Wed Jul 6 04:36:01 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:13 2006 Subject: OT: "best" virusprogram Message-ID: Cheers Raylund, Have installed and seems to be runnig fine .. many thanks for your help. Tony. Raylund Lai Sent by: MailScanner mailing list 07/06/2005 01:19 PM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: OT: "best" virusprogram Hi, You just need to use the bdc (bitdefender console) for MailScanner. That is not something associated with mta or the likes. Cheers Raylund Tony Enderby wrote: > > Hi Folks, > > I am keen to evaluate Bitdefender but am unsure what distribution to > use with MailScanner > > Their site has a number of releases and I initially installed > BitDefender-sendmail-1.6.2-1.linux-gcc3x.i586.rpm.run > however this seems to integrate at the MTA level in preference to > mailscanner calling it. > > Could someone give me some insight on what version they are currently > running with mailscanner? > > Many thanks in advance. > > Tony. > > > > *Peter Russell * > Sent by: MailScanner mailing list > > 07/06/2005 10:39 AM > Please respond to > MailScanner mailing list > > > > To > MAILSCANNER@JISCMAIL.AC.UK > cc > > Subject > Re: OT: "best" virusprogram > > > > > > > > > > Jan Agermose wrote: > > > > Hi > > > > I was wundering if anyone has an opinion on what is the best > combination > > of virus scanners? > > > > I thing I once say something about most virusscanners where simply > > builds of kaspersky? So using that one would void some others? > > > > Im looking at: bitdefender, clamavmodule, f-prot, kaspersky - using all > > 4 together. > > > > any insight as to why one would be better than the other? > > Fairly subjective topic, but we all know one thing. All are much better > together than individually. I think a combo of 3+ scanners is all you > can do, and for almost everyone is enough to prevent any live ones > getting through. > > As far rating them individually, might be better to google for reviews? > > > > > best regards > > Jan > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Wed Jul 6 07:06:58 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:13 2006 Subject: FW: ANNOUNCE: MailWatch for MailScanner 1.0 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] just for info > -----Original Message----- > From: mailwatch-users-admin@lists.sourceforge.net > [mailto:mailwatch-users-admin@lists.sourceforge.net] On > Behalf Of Steve Freegard > Sent: Wednesday, July 06, 2005 2:21 AM > To: mailwatch-users@lists.sourceforge.net > Cc: mailscanner-announce@jiscmail.ac.uk > Subject: [Mailwatch-users] ANNOUNCE: MailWatch for MailScanner 1.0 > > > Hi All, > > It gives me great pleasure to announce that MailWatch 1.0 is released: > > Change log: > > :: MCP Support > > :: User Management (create users GUI) with better filtering to allow > per-user/per-domain support. > > :: Audit logging > > :: XML-RPC web services for running multiple > MailScanner/MailWatch boxes > with a single database allowing quarantine view/release from any > front-end. > > :: Enhanced reporting of MTA deliveries/rejections - the total mail by > date will report unkown user, RBL, unknown domain rejection (sendmail > only). > > :: Better query builder for reports - allows you to select > the same row > more than once to do things like (date >= yyyy-mm-dd AND date <= > yyyy-mm-dd), you can also use MySQL functions by putting a > '!' in front > e.g. DATE is equal to !CURRENT_DATE() will always return today's date. > You can also save common queries for reuse again. > > :: Quarantine Report (similar to the Fortress Systems scripts except > generated using the MailWatch database and gives links to MailWatch to > view/release.) > > :: Integrated Blacklist/Whitelist - allow you to maintain > per-user/per-domain/global blacklist/whitelists. > > :: New MailWatch.pm to overcome newer DBI/DBD-MySQL problems > present in > the previous version (thanks for Walker Aumann for this). > > :: GeoIP country lookups in message detail and reports. > > :: **Lots** of fixes/updates > > You may download it from: > http://prdownloads.sourceforge.net/mailwatch/mailwatch-1.0.tar.gz?download Sorry that it's taken so long to release - I promise it won't be as long next time ;-))) Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From r.felber at EK-MUC.DE Wed Jul 6 08:32:43 2005 From: r.felber at EK-MUC.DE (Robert Felber) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: On Tue, 5 Jul 2005 15:31:38 +0200, Kai Schaetzl wrote: > >Well, I'm referring more to the additional checks it does. Especially the >HELO check is quite useful (although an RFC violation to refuse on it). It >blocks most mail worms and such. However, I don't think that scoring >doesn't help much here. The scoring helps a lot here. And because I see that it would be an violation if I'd only block on invalid HELOS, it performs subdomain checks of HELO and FROM domain parts. And Client IP /24 subnets. It's an attempt to have something similiar to SPF - which blocks too much legitimate mails of service forwarders (eg: mobile.de). For those that don't receive mails that mean money to them it might not be interresting. But our unknown customers would become annoyed and don't buy a car from us - they think "simple" too. -- rob ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jul 6 08:58:04 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: MailScanner 4.43.8 Memory Usage Extreme Growth Message-ID: Ade Fewings wrote: > Hi all, > > I've just upgraded from 4.40.11 to 4.43.8 and, with exactly the same > MailScanner.conf, the new MailScanner processes start and grow in memory > size, seemingly forever. Switching back to 4.40.11, the processes stop > and stabilize at about 57M each (under prstat in Solaris). The new ones > go sailing through that and only stop when I kill them, at which point > the machine is out of memory and swap (each MailScanner being >>500M by > this stage). > > It may be a really dumb thing, but i'd appreciate any suggestions........ > > Thanks > Ade > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Ade I really hope it's not the same MailScanner.conf as a few options have been added since 4.40..... -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jul 6 09:40:05 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:13 2006 Subject: OT: Postfix pre-MailScanner Policy Daemon Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, July 6, 2005 1:36, Peter Russell said: >> Agreed and every MTA should reject non users at SMTP stage (But not all >> do!). Where this isn't possible, I also drop non-deliverable >> Mailer-Daemon messages after a much shorter queue period. No point >> clogging the queue up. > > How do you do this in postfix? bounce_queue_lifetime = I set mine to 2d as opposed to the normal queue lifetime of 5d. If you set it to 0 then the bounce message will be attempted only once before being removed from the queue. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Wed Jul 6 10:21:34 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:13 2006 Subject: ClamAV Autoupdater. Message-ID: Hi All, I have until today ignored the errors when I tail -f /var/log/maillog indicating that the clamav auto update process fails because I have always run the freshclam update independantly of MailScanner Anyway, I had some time on my hands today and decided to try and fix it. It appeared that MailScanner was trying to run freshclam from the wrong directory /usr/local/bin/freshclam when freshclam actually exists in /usr/bin/freshclam I found what appears to be the update script in /usr/local/MailScanner/clamav-autoupdate and edited the PackageDir line to point to /usr in preference to /usr/local When I run the script directly with perl and tail maillog, it works and tells me that clamav did not need updating. If however tail maillog and watch MailScanner output I noticed that when the autoupdate script runs via MailScanner I get the original "/usr/local/bin/freshclam cannot be run" < indicating incorrect path again Can someone shed some light on why this may be case and if I am in fact looking in the wrong place? Many thanks in advance. Tony. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 10:28:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: ClamAV Autoupdater. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please don't just edit my code, you don't need to! You should just run update_virus_scanners and it will update all the scanners that are installed on your system, looking in the locations defined in /etc/MailScanner/virus.scanners.conf. You need to set the clamav line in there to point at /usr instead of /usr/local. On 6 Jul 2005, at 10:21, Tony Enderby wrote: Hi All, I have until today ignored the errors when I tail -f /var/log/maillog indicating that the clamav auto update process fails because I have always run the freshclam update independantly of MailScanner Anyway, I had some time on my hands today and decided to try and fix it.  It appeared that MailScanner was trying to run freshclam from the wrong directory /usr/local/bin/freshclam when freshclam actually exists in /usr/bin/freshclam I found what appears to be the update script in /usr/local/MailScanner/clamav-autoupdate and edited the PackageDir line to point to /usr in preference to /usr/local When I run the script directly with perl and tail maillog, it works and tells me that clamav did not need updating. If however tail maillog and watch MailScanner output I noticed that when the autoupdate script runs via MailScanner I get the original "/usr/local/bin/freshclam cannot be run"  < indicating incorrect path again Can someone shed some light on why this may be case and if I am in fact looking in the wrong place? Many thanks in advance. Tony. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Wed Jul 6 11:40:29 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:13 2006 Subject: ClamAV Autoupdater. Message-ID: Cheers Julian, I knew there'd be a more elegant approach. Tony. Julian Field Sent by: MailScanner mailing list 07/06/2005 07:28 PM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: ClamAV Autoupdater. Please don't just edit my code, you don't need to! You should just run update_virus_scanners and it will update all the scanners that are installed on your system, looking in the locations defined in /etc/MailScanner/virus.scanners.conf. You need to set the clamav line in there to point at /usr instead of /usr/local. On 6 Jul 2005, at 10:21, Tony Enderby wrote: Hi All, I have until today ignored the errors when I tail -f /var/log/maillog indicating that the clamav auto update process fails because I have always run the freshclam update independantly of MailScanner Anyway, I had some time on my hands today and decided to try and fix it. It appeared that MailScanner was trying to run freshclam from the wrong directory /usr/local/bin/freshclam when freshclam actually exists in /usr/bin/freshclam I found what appears to be the update script in /usr/local/MailScanner/clamav-autoupdate and edited the PackageDir line to point to /usr in preference to /usr/local When I run the script directly with perl and tail maillog, it works and tells me that clamav did not need updating. If however tail maillog and watch MailScanner output I noticed that when the autoupdate script runs via MailScanner I get the original "/usr/local/bin/freshclam cannot be run" < indicating incorrect path again Can someone shed some light on why this may be case and if I am in fact looking in the wrong place? Many thanks in advance. Tony. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Wed Jul 6 13:29:39 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:30:13 2006 Subject: Obvious Spam - not picked up. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've searched the archives and couldnt find anything exactly like this, so here goes .... This is a part of an email that I receive regularly; Subject: {Spam?} The Investor Communiqué Date: Wed, 06 Jul 2005 06:28:31 +0000 MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: base64 X-yyyyy-MailScanner-Information: Please contact the ISP for more information X-yyyyy-MailScanner: Found to be clean X-yyyyy-MailScanner-SpamCheck: spam, SpamAssassin (score=2.298, required 2, BAYES_80 2.00, MIME_BASE64_TEXT 0.30) X-yyyyy-MailScanner-SpamScore: ss X-yyyyy-MailScanner-From: nickolasnobleku@midcoast.com U2VudGljb3JlIEluYy4oT1RDLkJCOlNOSU8pDQpBdmVyYWdlIERhaWx5IFZv bHVtZSAoOTAgRGF5KTogNTkzLDAwMCBzaGFyZXMgIChTb3VyY2U6IFlhaG9v IEZpbmFuY2UpDQpIYXMgSW50cm9kdWNlZCBMb2JvUG9rZXIgVGhyb3VnaCBp dHMgTmV3ZXN0IFN1YnNpZGlhcnkgTG9ib0dhbWluZywgYSBHYW1pbmcNClNv ZnR3YXJlIERldmVsb3BtZW50IGFuZCBMaWNlbnNpbmcgQ29tcGFueS4gKFNv dXJjZTogTmV3czogNi8xNy8wNSApDQoNCkN1cnJlbnQgUHJpY2U6IC4wMjQN Is this not being picked up because its base64 encoded ? What is the best way to deal with this sort of spam ? I'm running Mailscanner 4.42.9 on Centos 4.1 i386. Thanks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jul 6 13:47:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: Obvious Spam - not picked up. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mailscanner wrote: > I've searched the archives and couldnt find anything exactly like this, > so here goes .... > > > This is a part of an email that I receive regularly; > > > Subject: {Spam?} The Investor Communiqué > Date: Wed, 06 Jul 2005 06:28:31 +0000 > MIME-Version: 1.0 > Content-Type: text/plain > Content-Transfer-Encoding: base64 > X-yyyyy-MailScanner-Information: Please contact the ISP for more > information > X-yyyyy-MailScanner: Found to be clean > X-yyyyy-MailScanner-SpamCheck: spam, SpamAssassin (score=2.298, required 2, > BAYES_80 2.00, MIME_BASE64_TEXT 0.30) > X-yyyyy-MailScanner-SpamScore: ss > X-yyyyy-MailScanner-From: nickolasnobleku@midcoast.com > > U2VudGljb3JlIEluYy4oT1RDLkJCOlNOSU8pDQpBdmVyYWdlIERhaWx5IFZv > bHVtZSAoOTAgRGF5KTogNTkzLDAwMCBzaGFyZXMgIChTb3VyY2U6IFlhaG9v > IEZpbmFuY2UpDQpIYXMgSW50cm9kdWNlZCBMb2JvUG9rZXIgVGhyb3VnaCBp > dHMgTmV3ZXN0IFN1YnNpZGlhcnkgTG9ib0dhbWluZywgYSBHYW1pbmcNClNv > ZnR3YXJlIERldmVsb3BtZW50IGFuZCBMaWNlbnNpbmcgQ29tcGFueS4gKFNv > dXJjZTogTmV3czogNi8xNy8wNSApDQoNCkN1cnJlbnQgUHJpY2U6IC4wMjQN > > > Is this not being picked up because its base64 encoded ? > What is the best way to deal with this sort of spam ? > > I'm running Mailscanner 4.42.9 on Centos 4.1 i386. > > Thanks. > > Depends on what extra SA rules you have installed, and what SA options (like URI-RBL's) are running also. -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Wed Jul 6 13:51:48 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:30:13 2006 Subject: Obvious Spam - not picked up. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Mailscanner wrote: > >> I've searched the archives and couldnt find anything exactly like >> this, so here goes .... >> >> >> This is a part of an email that I receive regularly; >> >> >> Subject: {Spam?} The Investor Communiqué >> Date: Wed, 06 Jul 2005 06:28:31 +0000 >> MIME-Version: 1.0 >> Content-Type: text/plain >> Content-Transfer-Encoding: base64 >> X-yyyyy-MailScanner-Information: Please contact the ISP for more >> information >> X-yyyyy-MailScanner: Found to be clean >> X-yyyyy-MailScanner-SpamCheck: spam, SpamAssassin (score=2.298, >> required 2, >> BAYES_80 2.00, MIME_BASE64_TEXT 0.30) >> X-yyyyy-MailScanner-SpamScore: ss >> X-yyyyy-MailScanner-From: nickolasnobleku@midcoast.com >> >> U2VudGljb3JlIEluYy4oT1RDLkJCOlNOSU8pDQpBdmVyYWdlIERhaWx5IFZv >> bHVtZSAoOTAgRGF5KTogNTkzLDAwMCBzaGFyZXMgIChTb3VyY2U6IFlhaG9v >> IEZpbmFuY2UpDQpIYXMgSW50cm9kdWNlZCBMb2JvUG9rZXIgVGhyb3VnaCBp >> dHMgTmV3ZXN0IFN1YnNpZGlhcnkgTG9ib0dhbWluZywgYSBHYW1pbmcNClNv >> ZnR3YXJlIERldmVsb3BtZW50IGFuZCBMaWNlbnNpbmcgQ29tcGFueS4gKFNv >> dXJjZTogTmV3czogNi8xNy8wNSApDQoNCkN1cnJlbnQgUHJpY2U6IC4wMjQN >> >> >> Is this not being picked up because its base64 encoded ? >> What is the best way to deal with this sort of spam ? >> >> I'm running Mailscanner 4.42.9 on Centos 4.1 i386. >> >> Thanks. >> >> > > Depends on what extra SA rules you have installed, and what SA options > (like URI-RBL's) are running also. > > Thanks for the quick reply martin, I'm just running the bog standard spamassasin that comes with Centos 4.1 (updated to 3.0.4) and the Standard install of Mailscanner. No mods. I suppose I need to read up on the rules. Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jul 6 13:51:52 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:13 2006 Subject: High Scoring Spam only deleted when Integer is set? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Julian. I have ensured that all my scores are set to integers, now the high scoring spam is marked and deleted, see: j66AC8MG015785: to=, delay=00:00:01, mailer=cyrusv2, pri=35426, stat=queued messages:Jul 6 12:12:26 dragon MailScanner[15620]: Message j66AC8MG015785 from 12.152.184.25 (sawyer@zincdesign.com) to useme.net is spam, SpamAssassin (score=14.344, required 5, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, SARE_FWDLOOK 1.67, SARE_MONEYTERMS 0.68, SPF_HELO_PASS -0.00, STOCK_PICK 1.47, STRONG_BUY 3.12, TW_NV 0.08) messages:Jul 6 12:12:26 dragon MailScanner[15620]: Spam Actions: message j66AC8MG015785 actions are delete when I set a float as score that slips through - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCy9PoPMoaMn4kKR4RAlTzAJ98BwcuUgIYUibMTPut8eHMvfWTyACfZGO2 eiV8QfY/RCkI6jypR8eotR8= =t+Nn -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Wed Jul 6 14:07:40 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:13 2006 Subject: High Scoring Spam only deleted when Integer is set? Message-ID: Can a few people try just adding 0.1 to their high spam score and see if this is a general problem please? On 6 Jul 2005, at 13:51, David H. wrote: > I have ensured that all my scores are set to integers, now the high > scoring > spam is marked and deleted, see: > > j66AC8MG015785: to=, delay=00:00:01, > mailer=cyrusv2, > pri=35426, stat=queued > messages:Jul 6 12:12:26 dragon MailScanner[15620]: Message > j66AC8MG015785 > from 12.152.184.25 (sawyer@zincdesign.com) to useme.net is spam, > SpamAssassin > (score=14.344, required 5, BAYES_99 3.50, DCC_CHECK 2.17, > DIGEST_MULTIPLE > 0.10, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, SARE_FWDLOOK > 1.67, > SARE_MONEYTERMS 0.68, SPF_HELO_PASS -0.00, STOCK_PICK 1.47, > STRONG_BUY 3.12, > TW_NV 0.08) > messages:Jul 6 12:12:26 dragon MailScanner[15620]: Spam Actions: > message > j66AC8MG015785 actions are delete > > when I set a float as score that slips through -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 6 14:12:48 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:13 2006 Subject: ClamAV Autoupdater. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > On 6 Jul 2005, at 10:21, Tony Enderby wrote: > > I found what appears to be the update script in > /usr/local/MailScanner/clamav-autoupdate and edited the PackageDir > line to point to /usr in preference to /usr/local > > When I run the script directly with perl and tail maillog, it works > and tells me that clamav did not need updating. > If however tail maillog and watch MailScanner output I noticed that > when the autoupdate script runs via MailScanner > I get the original "/usr/local/bin/freshclam cannot be run" < > indicating incorrect path again > > ** Why not just ln -s /usr/bin/freshclam /usr/local/bin/freshclam? That way everybody's happy ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 6 14:17:34 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:13 2006 Subject: Obvious Spam - not picked up. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The standard spamassassin that comes from CentOS is probably not going to work as well (at least in my experience) as a fresh install from CPAN - including the additional optional modules like Mail::SPF::Query and such. Mailscanner wrote: > Martin Hepworth wrote: > >> Mailscanner wrote: >> >>> I've searched the archives and couldnt find anything exactly like >>> this, so here goes .... >>> >>> >>> This is a part of an email that I receive regularly; >>> >>> >>> Subject: {Spam?} The Investor Communiqué >>> Date: Wed, 06 Jul 2005 06:28:31 +0000 >>> MIME-Version: 1.0 >>> Content-Type: text/plain >>> Content-Transfer-Encoding: base64 >>> X-yyyyy-MailScanner-Information: Please contact the ISP for more >>> information >>> X-yyyyy-MailScanner: Found to be clean >>> X-yyyyy-MailScanner-SpamCheck: spam, SpamAssassin (score=2.298, >>> required 2, >>> BAYES_80 2.00, MIME_BASE64_TEXT 0.30) >>> X-yyyyy-MailScanner-SpamScore: ss >>> X-yyyyy-MailScanner-From: nickolasnobleku@midcoast.com >>> >>> U2VudGljb3JlIEluYy4oT1RDLkJCOlNOSU8pDQpBdmVyYWdlIERhaWx5IFZv >>> bHVtZSAoOTAgRGF5KTogNTkzLDAwMCBzaGFyZXMgIChTb3VyY2U6IFlhaG9v >>> IEZpbmFuY2UpDQpIYXMgSW50cm9kdWNlZCBMb2JvUG9rZXIgVGhyb3VnaCBp >>> dHMgTmV3ZXN0IFN1YnNpZGlhcnkgTG9ib0dhbWluZywgYSBHYW1pbmcNClNv >>> ZnR3YXJlIERldmVsb3BtZW50IGFuZCBMaWNlbnNpbmcgQ29tcGFueS4gKFNv >>> dXJjZTogTmV3czogNi8xNy8wNSApDQoNCkN1cnJlbnQgUHJpY2U6IC4wMjQN >>> >>> >>> Is this not being picked up because its base64 encoded ? >>> What is the best way to deal with this sort of spam ? >>> >>> I'm running Mailscanner 4.42.9 on Centos 4.1 i386. >>> >>> Thanks. >>> >>> >> >> Depends on what extra SA rules you have installed, and what SA >> options (like URI-RBL's) are running also. >> >> > Thanks for the quick reply martin, > > > I'm just running the bog standard spamassasin that comes with Centos > 4.1 (updated to 3.0.4) and the Standard install of Mailscanner. No mods. > > I suppose I need to read up on the rules. > > > Cheers, > > Brian. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Wed Jul 6 14:20:37 2005 From: KLekas at FOXRIVER.COM (Lekas, Kosta) Date: Thu Jan 12 21:30:13 2006 Subject: recieved headers too revealing Message-ID: I have an Exchange server in my private network and MailScanner sits on the DMZ. I have configured Exchange to relay all internet bound mail thru MS. The problem is that the “Received:” headers reveal the private IP address of the Exchange box to external recipients. How do I stop this from happening? I am using MailScanner with Postfix, clamAV, and Spamassassin. Kosta Lekas Fox River Financial Resources ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Wed Jul 6 14:28:37 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:30:13 2006 Subject: recieved headers too revealing Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Kosta, Please take a look at your MailScanner.conf file, specifically the value of "Remove These Headers". You can configure this option to point to a ruleset which removes the Received headers for email originating from your Exchange server. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jul 6 15:11:14 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:13 2006 Subject: Obvious Spam - not picked up. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mailscanner wrote: > Martin Hepworth wrote: > >> Mailscanner wrote: >> >>> I've searched the archives and couldnt find anything exactly like >>> this, so here goes .... >>> >>> >>> This is a part of an email that I receive regularly; >>> >>> >>> Subject: {Spam?} The Investor Communiqué >>> Date: Wed, 06 Jul 2005 06:28:31 +0000 >>> MIME-Version: 1.0 >>> Content-Type: text/plain >>> Content-Transfer-Encoding: base64 >>> X-yyyyy-MailScanner-Information: Please contact the ISP for more >>> information >>> X-yyyyy-MailScanner: Found to be clean >>> X-yyyyy-MailScanner-SpamCheck: spam, SpamAssassin (score=2.298, >>> required 2, >>> BAYES_80 2.00, MIME_BASE64_TEXT 0.30) >>> X-yyyyy-MailScanner-SpamScore: ss >>> X-yyyyy-MailScanner-From: nickolasnobleku@midcoast.com >>> >>> U2VudGljb3JlIEluYy4oT1RDLkJCOlNOSU8pDQpBdmVyYWdlIERhaWx5IFZv >>> bHVtZSAoOTAgRGF5KTogNTkzLDAwMCBzaGFyZXMgIChTb3VyY2U6IFlhaG9v >>> IEZpbmFuY2UpDQpIYXMgSW50cm9kdWNlZCBMb2JvUG9rZXIgVGhyb3VnaCBp >>> dHMgTmV3ZXN0IFN1YnNpZGlhcnkgTG9ib0dhbWluZywgYSBHYW1pbmcNClNv >>> ZnR3YXJlIERldmVsb3BtZW50IGFuZCBMaWNlbnNpbmcgQ29tcGFueS4gKFNv >>> dXJjZTogTmV3czogNi8xNy8wNSApDQoNCkN1cnJlbnQgUHJpY2U6IC4wMjQN >>> >>> >>> Is this not being picked up because its base64 encoded ? >>> What is the best way to deal with this sort of spam ? >>> >>> I'm running Mailscanner 4.42.9 on Centos 4.1 i386. >>> >>> Thanks. >>> >>> >> >> Depends on what extra SA rules you have installed, and what SA options >> (like URI-RBL's) are running also. >> >> > Thanks for the quick reply martin, > > > I'm just running the bog standard spamassasin that comes with Centos 4.1 > (updated to 3.0.4) and the Standard install of Mailscanner. No mods. > > I suppose I need to read up on the rules. > > > There's some stuff in the MS wiki on this, also check you're running the URI-RBL's which can be very usefull too (from memory the RH RPM's have this switched off by default) -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 6 15:39:35 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:13 2006 Subject: Beta 4.44.1 Message-ID: > The Change Log so far is this: > > * New Features and Improvements * > - Optimised situation where spam archive is being kept clean but many > messages are being deleted. Thanks to yavor.trapkov@wipe.int for > that. Does this include scripts that can clean out the archive so that the disk won't get full? > > * Fixes * > - Added more Postfix temporarily-invalid-message checks. > - Added disk full checks for MailScanner/incoming space Awesome! > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dene at DATATECHIE.COM Wed Jul 6 15:54:03 2005 From: dene at DATATECHIE.COM (Dene Ulmschneider) Date: Thu Jan 12 21:30:14 2006 Subject: need assistance with minor SMGateway issue. Message-ID: Hi there: We are running a brand new installation of RH ES 3.0 along with the latest version of SMGateway and are having trouble getting any virtually hosted websites to work. Whenever we try to go to www.somevirtualdomain.com – we just get sent to the SMG login page. We have the apache configuration setup with the proper name based virtual hosting commands in the httpd.conf file and yet we still just get the SMGateway login page. We also have another RH9 machine that is setup with just MailScanner and virtual hosting and that works fine, so I am wondering if the SMGateway web interface grabs that much control over the apache or the entire server maybe that virtual hosting is not possible. Can anyone confirm or deny the ability to virtually host domains on a server along with SMGateway? If it is possible can anyone offer any suggestions as to what we can try? Regards, Dene Ulmschneider President DATA TECHIE 1220 Wantagh Avenue Wantagh, N.Y. 11793 (P) 866.MY.PC.HELP (F) 516.908.7724 (W) www.datatechie.com (E) help@datatechie.com *** Click here to chat LIVE with our support team! *** REMINDER: CLICK HERE to register NOW to win a FREE COMPUTER (or some other cool stuff)! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 16:06:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: Beta 4.44.1 Message-ID: On 6 Jul 2005, at 15:39, Billy A. Pumphrey wrote: >> The Change Log so far is this: >> >> * New Features and Improvements * >> - Optimised situation where spam archive is being kept clean but many >> messages are being deleted. Thanks to yavor.trapkov@wipe.int for >> that. >> > > Does this include scripts that can clean out the archive so that the > disk won't get full? Look in /etc/cron.daily. You will find a clean.quarantine script, which you have to enable by editing it and changing the obvious line right near the top. It's been there for several years now :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 16:07:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: need assistance with minor SMGateway issue. Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I suggest you contact Fort Systems for technical support on their products. This really isn't a MailScanner question. On 6 Jul 2005, at 15:54, Dene Ulmschneider wrote: Hi there: We are running a brand new installation of RH ES 3.0 along with the latest version of SMGateway and are having trouble getting any virtually hosted websites to work. Whenever we try to go towww.somevirtualdomain.com ^Ö we just get sent to the SMG login page. We have the apache configuration setup with the proper name based virtual hosting commands in the httpd.conf file and yet we still just get the SMGateway login page.   We also have another RH9 machine that is setup with just MailScanner and virtual hosting and that works fine, so I am wondering if the SMGateway web interface grabs that much control over the apache or the entire server maybe that virtual hosting is not possible. Can anyone confirm or deny the ability to virtually host domains on a server along with SMGateway? If it is possible can anyone offer any suggestions as to what we can try?   --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From webalizer at NWCWEB.COM Wed Jul 6 16:07:18 2005 From: webalizer at NWCWEB.COM (Dave Duffner - PSCGi) Date: Thu Jan 12 21:30:14 2006 Subject: Strange Rules Du Jour error Message-ID: Greetings, Running RDJ 1.21, the apparent latest version I can find. It was falsing out with an SA lint error that's been corrected, but is still generating this set of errors when run in cron: The following rules had errors: TripWire had an unknown error: curl exit code: 7 curl: (7) socket error: 110 000 EvilNumber had an unknown error: curl exit code: 7 curl: (7) socket error: 110 000 SARE Random Ruleset for SpamAssassin 2.5x and higher had an unknown error: curl exit code: 7 curl: (7) socket error: 110 000 There was an issue where apparently the script had updated, and returned the SA_DIR variable to the wrong default location. Fixed that, running it from the command line produces the same error response above except for the fact it now says '404 Error' at the end of the Subject line? Looks like this may be getting blocked by either port or IP, but I can't find where we're doing that in either of our firewall setups, nor MailScanner/SA or the like? Anyone know what a curl 7 error really is? Thanks! David J. Duffner President PSCGi Paradise Shore Communications Group www.pscginternet.com I--I Message scanned by MailScanner, and is believed to be clean. CONFIDENTIALITY NOTICE: This transmission intended for the specified destination and person. If this is not you, this e-mail must be deleted immediately. www.pscginternet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at FSL.COM Wed Jul 6 16:21:59 2005 From: steve.swaney at FSL.COM (Stephen Swaney) Date: Thu Jan 12 21:30:14 2006 Subject: FW: need assistance with minor SMGateway issue. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dene Ulmschneider > Sent: Wednesday, July 06, 2005 10:54 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: need assistance with minor SMGateway issue. > > Hi there: > > > > We are running a brand new installation of RH ES 3.0 along with the latest > version of SMGateway and are having trouble getting any virtually hosted > websites to work. Whenever we try to go to www.somevirtualdomain.com > - we just get sent to the SMG login > page. We have the apache configuration setup with the proper name based > virtual hosting commands in the httpd.conf file and yet we still just get > the SMGateway login page. > This is an apache issue. The SMGateway page is called from /etc/http/conf.d/fsmg.conf. You'll need to setup similar files for your virtual domains. Please send any questions regarding SMGateway to info@fsl.com. Please report bugs to: http://www.fsl.com/feedback/feedback.php Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 6 16:56:37 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:14 2006 Subject: 4.43.8 Language file problem Message-ID: Probably something that I messed up but lets see. I upgraded using the wiki instructions and the README. All went well except for the language file upgrade. Here is pretty much what I was following and did: RPM === If you are using the RPM distributions then try this: cd /etc/MailScanner/reports/en upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf 1) From MailScanner at ecs.soton.ac.uk Wed Jul 6 17:57:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: High Scoring Spam only deleted when Integer is set? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Presumably you mean you can confirm it is not a problem for you? Kai Schaetzl wrote: >Julian Field wrote on Wed, 6 Jul 2005 14:07:40 +0100: > > >>Can a few people try just adding 0.1 to their high spam score and see >>if this is a general problem please? >> >> > >I cannot confirm it for 4.43.7 > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 18:05:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: 4.43.8 Language file problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >Probably something that I messed up but lets see. > >I upgraded using the wiki instructions and the README. All went well >except for the language file upgrade. Here is pretty much what I was >following and did: > >RPM >=== >If you are using the RPM distributions then try this: > >cd /etc/MailScanner/reports/en >upgrade_languages_conf languages.conf languages.conf.rpmnew > >languages.new >mv -f languages.conf languages.old >mv -f languages.new languages.conf > > > > >1) >From what I seen I had no language.conf.rmpnew although I do have a file >called language.conf.new > > No you don't. Not in the ls output below, anyway. And it's rpmnew and not rmpnew. >[root@WoodenMS en]# ls >deleted.content.message.txt recipient.spam.report.txt >deleted.filename.message.txt sender.content.report.txt >deleted.virus.message.txt sender.error.report.txt >disinfected.report.txt sender.filename.report.txt >inline.sig.html sender.mcp.report.txt >inline.sig.txt sender.spam.rbl.report.txt >inline.spam.warning.txt sender.spam.report.txt >inline.warning.html sender.spam.sa.report.txt >inline.warning.txt sender.virus.report.txt >languages.conf stored.content.message.txt >languages.conf.from.new stored.filename.message.txt >languages.new stored.virus.message.txt >recipient.mcp.report.txt > >2) >The language.new has nothing in it. I am guessing that since there was >no language.rpmnew that it created the file from nothing and hence is >blank. > >The languages.conf.from.new file is the new one that was created. I >renamed this so that I could use my original language file and get >MailScanner up and running without the lanuage errors. > > Can you confirm that your /usr/sbin/upgrade_languages_conf contains 6 lines like this: my $oldfname = shift; my $newfname = shift; Usage() unless $oldfname && $newfname && -f $oldfname && -f $newfname && -s $oldfname && -s $newfname; If you hadn't edited the previous languages.conf file, then you won't have a .rpmnew file and therefore won't have any upgrading to do. Your typos in your filenames mentioned above make me slightly doubtful of the filenames you are talking about now. Sorry. > > > > > >Any idea what happened to my language.rpmnew file? > >Billy Pumphrey >IT Manager >Wooden & McLaughlin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Jul 6 18:29:54 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:14 2006 Subject: upgrade scripts Message-ID: Did an upgrade, and saw a phishing.safe.sites.conf and phishing.safe.sites.conf.rpmnew. Can I just use the upgrade_MailScanner_conf script to integrate those, substituting phishing.safe.sites.conf for MailScanner.conf in the command line? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ade at INFORMATICS.BANGOR.AC.UK Wed Jul 6 19:09:46 2005 From: ade at INFORMATICS.BANGOR.AC.UK (Ade Fewings) Date: Thu Jan 12 21:30:14 2006 Subject: MailScanner 4.43.8 Memory Usage Extreme Growth Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh blimey, you know how sometime you can do things because you think they make no difference, but you kinda forget it by the time you come to test things and then wonder why it all goes a bit pear-shaped? I certainly do. Very well, in fact. Sorry to bother any/everybody, suffice it to say that the problem was with this particular user and nothing else. For what it's worth, I shall never again think that commenting out the "use_bayes 0" in spam.assassin.prefs.conf is a good idea. Any mistaken belief that this would have no effect will never again enter my mind. Apologies Ade Julian Field wrote: > Can you try a bit of a binary chop and try to deduce which version > first started the problem? > 4.40.1 and 4.43.8 are a long way apart, it's going to be a pretty > hopeless search inspecting all the code changes by eye. > > Ade Fewings wrote: > >> I've just upgraded from 4.40.11 to 4.43.8 and, with exactly the same >> MailScanner.conf, the new MailScanner processes start and grow in >> memory size, seemingly forever. Switching back to 4.40.11, the >> processes stop and stabilize at about 57M each (under prstat in >> Solaris). The new ones go sailing through that and only stop when I >> kill them, at which point the machine is out of memory and swap (each >> MailScanner being >>500M by this stage). > > > -- ___________________________________________________ Ade Fewings MEng School of Informatics, University of Wales, Bangor, Dean Street, Bangor, Gwynedd. LL57 1UT. UK. ade@informatics.bangor.ac.uk www.informatics.bangor.ac.uk/~ade Tel: +44 (0)1248 382736 Fax: +44 (0)1248 361429 ___________________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 19:17:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: upgrade scripts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, sorry, there isn't an upgrade script. But here is how to do it: cat phishing.safe.sites.conf phishing.safe.sites.conf.rpmnew | sort | uniq > phishing.safe.sites.new (The whole of that should be on one line). Kevin Miller wrote: >Did an upgrade, and saw a phishing.safe.sites.conf and >phishing.safe.sites.conf.rpmnew. Can I just use the >upgrade_MailScanner_conf script to integrate those, substituting >phishing.safe.sites.conf for MailScanner.conf in the command line? > >TIA... > >...Kevin > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 19:19:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: MailScanner 4.43.8 Memory Usage Extreme Growth Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It's always the changes "that will have no effect" that come back to bite you. I suffer exactly the same problem :-( Ade Fewings wrote: > Oh blimey, you know how sometime you can do things because you think > they make no difference, but you kinda forget it by the time you come > to test things and then wonder why it all goes a bit pear-shaped? I > certainly do. Very well, in fact. > > Sorry to bother any/everybody, suffice it to say that the problem was > with this particular user and nothing else. > For what it's worth, I shall never again think that commenting out the > "use_bayes 0" in spam.assassin.prefs.conf is a good idea. Any > mistaken belief that this would have no effect will never again enter > my mind. > Apologies > Ade > > > Julian Field wrote: > >> Can you try a bit of a binary chop and try to deduce which version >> first started the problem? >> 4.40.1 and 4.43.8 are a long way apart, it's going to be a pretty >> hopeless search inspecting all the code changes by eye. >> >> Ade Fewings wrote: >> >>> I've just upgraded from 4.40.11 to 4.43.8 and, with exactly the same >>> MailScanner.conf, the new MailScanner processes start and grow in >>> memory size, seemingly forever. Switching back to 4.40.11, the >>> processes stop and stabilize at about 57M each (under prstat in >>> Solaris). The new ones go sailing through that and only stop when I >>> kill them, at which point the machine is out of memory and swap >>> (each MailScanner being >>500M by this stage). >> >> >> >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 6 19:30:35 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:14 2006 Subject: 4.43.8 Language file problem Message-ID: > Billy A. Pumphrey wrote: > >1) > >From what I seen I had no language.conf.rmpnew although I do have a file > >called language.conf.new > > > > > No you don't. Not in the ls output below, anyway. > And it's rpmnew and not rmpnew. Sorry about the typo. I was actually using rpmnew instead of rmpnew. > > >[root@WoodenMS en]# ls > >deleted.content.message.txt recipient.spam.report.txt > >deleted.filename.message.txt sender.content.report.txt > >deleted.virus.message.txt sender.error.report.txt > >disinfected.report.txt sender.filename.report.txt > >inline.sig.html sender.mcp.report.txt > >inline.sig.txt sender.spam.rbl.report.txt > >inline.spam.warning.txt sender.spam.report.txt > >inline.warning.html sender.spam.sa.report.txt > >inline.warning.txt sender.virus.report.txt > >languages.conf stored.content.message.txt > >languages.conf.from.new stored.filename.message.txt > >languages.new stored.virus.message.txt > >recipient.mcp.report.txt > > > >2) > >The language.new has nothing in it. I am guessing that since there was > >no language.rpmnew that it created the file from nothing and hence is > >blank. > > > >The languages.conf.from.new file is the new one that was created. I > >renamed this so that I could use my original language file and get > >MailScanner up and running without the lanuage errors. > > > > > Can you confirm that your /usr/sbin/upgrade_languages_conf contains 6 > lines like this: > > my $oldfname = shift; > my $newfname = shift; > > Usage() unless $oldfname && $newfname && > -f $oldfname && -f $newfname && > -s $oldfname && -s $newfname; I looked and they look the same, spaces and characters. my $oldfname = shift; my $newfname = shift; Usage() unless $oldfname && $newfname && -f $oldfname && -f $newfname && -s $oldfname && -s $newfname; > > If you hadn't edited the previous languages.conf file, then you won't > have a .rpmnew file and therefore won't have any upgrading to do. Ok, I will use my previous language file. > > Your typos in your filenames mentioned above make me slightly doubtful > of the filenames you are talking about now. Sorry. Again, sorry for the typos. Thank you for your response. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jul 6 19:33:02 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:14 2006 Subject: syslog for ClamAV? Message-ID: Julian, I've been switching back and forth between clamavmodule and clamav in 4.43.8 (bug chasing). With clamavmodule, I get a nice syslog message for an infected email: ClamAVModule::INFECTED:: Worm.SomeFool.Z:: ./j66IRGRu018517/Bill.zip With clamav, I don't get anything similar, just vague mumblings about Clam in the "silent virus" message -- maybe. Any chance that a nice INFECTED syslog could appear if you are using just clamav (or sophos instead of sophossavi)? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 19:48:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: syslog for ClamAV? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jeff A. Earickson wrote: > Julian, > > I've been switching back and forth between clamavmodule and > clamav in 4.43.8 (bug chasing). With clamavmodule, I get a nice > syslog message for an infected email: > > ClamAVModule::INFECTED:: Worm.SomeFool.Z:: ./j66IRGRu018517/Bill.zip > > With clamav, I don't get anything similar, just vague mumblings about > Clam in the "silent virus" message -- maybe. Any chance that a > nice INFECTED syslog could appear if you are using just clamav > (or sophos instead of sophossavi)? It just logs what it gets from the scanner. The line you are seeing above is the output from the function I wrote that interfaces to the clamav module. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 6 20:30:56 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:14 2006 Subject: Beta 4.44.1 Message-ID: Ok, thanks. I had ran the file before (did nothing obviously) but I didn't open it. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Wednesday, July 06, 2005 10:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.44.1 > > On 6 Jul 2005, at 15:39, Billy A. Pumphrey wrote: > > >> The Change Log so far is this: > >> > >> * New Features and Improvements * > >> - Optimised situation where spam archive is being kept clean but many > >> messages are being deleted. Thanks to yavor.trapkov@wipe.int for > >> that. > >> > > > > Does this include scripts that can clean out the archive so that the > > disk won't get full? > > Look in /etc/cron.daily. You will find a clean.quarantine script, > which you have to enable by editing it and changing the obvious line > right near the top. > It's been there for several years now :-) > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Wed Jul 6 20:26:55 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:14 2006 Subject: McAfee parameters Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I noticed you call mcafee with --secure and --analyze. --secure implies --analyze. Not a big deal, but I thought I'd mention it. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 6 21:00:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: Beta 4.44.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I don't like it to ship enabled by default, as you may have very good business reasons for keeping your quarantine for longer than 30 days (which is how long it keeps by default). Shipping it enabled would land some poor sod deep in the proverbial after everything had worked swimmingly for the first month. Billy A. Pumphrey wrote: >Ok, thanks. I had ran the file before (did nothing obviously) but I >didn't open it. > >Billy Pumphrey >IT Manager >Wooden & McLaughlin > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Wednesday, July 06, 2005 10:06 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Beta 4.44.1 >> >>On 6 Jul 2005, at 15:39, Billy A. Pumphrey wrote: >> >> >> >>>>The Change Log so far is this: >>>> >>>>* New Features and Improvements * >>>>- Optimised situation where spam archive is being kept clean but >>>> >>>> >many > > >>>> messages are being deleted. Thanks to yavor.trapkov@wipe.int for >>>>that. >>>> >>>> >>>> >>>Does this include scripts that can clean out the archive so that the >>>disk won't get full? >>> >>> >>Look in /etc/cron.daily. You will find a clean.quarantine script, >>which you have to enable by editing it and changing the obvious line >>right near the top. >>It's been there for several years now :-) >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jul 6 20:51:58 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:14 2006 Subject: High Scoring Spam only deleted when Integer is set? Message-ID: Julian, MS 4.43.8 on Solaris 9. I set "High SpamAssassin Score = 10.1" and found: Jul 6 15:41:30 basalt sendmail[1639]: [ID 801593 mail.info] j66JfF3v001639: from=, size=4242, class=0, nrcpts=1, msgid=<200507061941.j66JfF3v001639@basalt.colby.edu>, proto=SMTP, daemon=MTA, relay=bl4-225-157.dsl.telepac.pt [81.193.225.157] Jul 6 15:45:52 basalt <22>MailScanner[522]: Message j66JfF3v001639 from 81.193.225.157 (olallafinch2359@jugandbarrel.com) to colby.edu is spam, SpamAssassin (score=16.125, required 5, autolearn=spam, BAYES_50 0.00, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.10, HTML_80_90 0.15, HTML_FONT_BIG 0.14, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 0.04, MSGID_FROM_MTA_ID 1.72, PRIORITY_NO_NAME 1.10, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 2.46, URIBL_SBL 2.00, URIBL_SC_SURBL 4.26) Jul 6 15:45:52 basalt <22>MailScanner[522]: Spam Actions: message j66JfF3v001639 actions are delete Ahhh... Detected, rejected, AND deleted. Just what I want. Jeff Earickson Colby College On Wed, 6 Jul 2005, Julian Field wrote: > Date: Wed, 6 Jul 2005 14:07:40 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: High Scoring Spam only deleted when Integer is set? > > Can a few people try just adding 0.1 to their high spam score and see if this > is a general problem please? > > On 6 Jul 2005, at 13:51, David H. wrote: > >> I have ensured that all my scores are set to integers, now the high scoring >> spam is marked and deleted, see: >> >> j66AC8MG015785: to=, delay=00:00:01, mailer=cyrusv2, >> pri=35426, stat=queued >> messages:Jul 6 12:12:26 dragon MailScanner[15620]: Message j66AC8MG015785 >> from 12.152.184.25 (sawyer@zincdesign.com) to useme.net is spam, >> SpamAssassin >> (score=14.344, required 5, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE >> 0.10, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, SARE_FWDLOOK 1.67, >> SARE_MONEYTERMS 0.68, SPF_HELO_PASS -0.00, STOCK_PICK 1.47, STRONG_BUY >> 3.12, >> TW_NV 0.08) >> messages:Jul 6 12:12:26 dragon MailScanner[15620]: Spam Actions: message >> j66AC8MG015785 actions are delete >> >> when I set a float as score that slips through > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 6 21:30:47 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:14 2006 Subject: Beta 4.44.1 Message-ID: "worked for the first month"....brings a question to me. $days_to_keep Does that mean that it will keep the last 30 (or whatever I change it to) days at all times? Vs deleting all of quarantine after X number of days. Seems obvious that you would do X number of days at all times, but checking for my conscious. Billy Pumphrey IT Manager Wooden & McLaughlin > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Wednesday, July 06, 2005 3:01 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.44.1 > > I don't like it to ship enabled by default, as you may have very good > business reasons for keeping your quarantine for longer than 30 days > (which is how long it keeps by default). Shipping it enabled would land > some poor sod deep in the proverbial after everything had worked > swimmingly for the first month. > > Billy A. Pumphrey wrote: > > >Ok, thanks. I had ran the file before (did nothing obviously) but I > >didn't open it. > > > >Billy Pumphrey > >IT Manager > >Wooden & McLaughlin > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Julian Field > >>Sent: Wednesday, July 06, 2005 10:06 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: Beta 4.44.1 > >> > >>On 6 Jul 2005, at 15:39, Billy A. Pumphrey wrote: > >> > >> > >> > >>>>The Change Log so far is this: > >>>> > >>>>* New Features and Improvements * > >>>>- Optimised situation where spam archive is being kept clean but > >>>> > >>>> > >many > > > > > >>>> messages are being deleted. Thanks to yavor.trapkov@wipe.int for > >>>>that. > >>>> > >>>> > >>>> > >>>Does this include scripts that can clean out the archive so that the > >>>disk won't get full? > >>> > >>> > >>Look in /etc/cron.daily. You will find a clean.quarantine script, > >>which you have to enable by editing it and changing the obvious line > >>right near the top. > >>It's been there for several years now :-) > >> > >>-- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chen at HHMI.UMBC.EDU Wed Jul 6 21:47:40 2005 From: chen at HHMI.UMBC.EDU (Yu Chen) Date: Thu Jan 12 21:30:14 2006 Subject: High Scoring Spam only deleted when Integer is set? Message-ID: Set high spam score to 10.1 on RHEL-WS-3 with MailScanner 4.42.9-1, it's all fine, did what it suppose to do. Chen On Wed, 6 Jul 2005, Julian Field wrote: > Can a few people try just adding 0.1 to their high spam score and see if this > is a general problem please? > > On 6 Jul 2005, at 13:51, David H. wrote: > >> I have ensured that all my scores are set to integers, now the high scoring >> spam is marked and deleted, see: >> >> j66AC8MG015785: to=, delay=00:00:01, mailer=cyrusv2, >> pri=35426, stat=queued >> messages:Jul 6 12:12:26 dragon MailScanner[15620]: Message j66AC8MG015785 >> from 12.152.184.25 (sawyer@zincdesign.com) to useme.net is spam, >> SpamAssassin >> (score=14.344, required 5, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE >> 0.10, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51, SARE_FWDLOOK 1.67, >> SARE_MONEYTERMS 0.68, SPF_HELO_PASS -0.00, STOCK_PICK 1.47, STRONG_BUY >> 3.12, >> TW_NV 0.08) >> messages:Jul 6 12:12:26 dragon MailScanner[15620]: Spam Actions: message >> j66AC8MG015785 actions are delete >> >> when I set a float as score that slips through > > =========================================== Yu Chen Howard Hughes Medical Institute Chemistry Building, Rm 182 University of Maryland at Baltimore County 1000 Hilltop Circle Baltimore, MD 21250 phone: (410)455-6347 (primary) (410)455-2718 (secondary) fax: (410)455-1174 email: chen@hhmi.umbc.edu =========================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Carl.Andrews at CRACKERBARREL.COM Wed Jul 6 22:12:17 2005 From: Carl.Andrews at CRACKERBARREL.COM (Andrews Carl 448) Date: Thu Jan 12 21:30:14 2006 Subject: Redirect for Topic PFD->SQL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This help? http://www.outlookcode.com/d/database.htm -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of James R. Stevens Sent: Wednesday, July 06, 2005 4:09 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Redirect for Topic PFD->SQL Can someone direct me to a discussion/website about connecting an Exchange(2003) Public Folder to a SQL server 2000? Off topic I know but I'm not having any luck gathering info thus far. Just want to push OR pull PF Contacts from Exchange into SQL table. Thank You, James Stevens Athens Distributing of Tennessee Manager of Information Technology | James.Stevens@athensdistributing.com | -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Wed Jul 6 22:08:50 2005 From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens) Date: Thu Jan 12 21:30:14 2006 Subject: Redirect for Topic PFD->SQL Message-ID: Can someone direct me to a discussion/website about connecting an Exchange(2003) Public Folder to a SQL server 2000? Off topic I know but I'm not having any luck gathering info thus far. Just want to push OR pull PF Contacts from Exchange into SQL table. Thank You, James Stevens Athens Distributing of Tennessee Manager of Information Technology | James.Stevens@athensdistributing.com | -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jul 6 22:17:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:14 2006 Subject: Beta 4.44.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey spake the following on 7/6/2005 1:30 PM: > "worked for the first month"....brings a question to me. > > $days_to_keep > Does that mean that it will keep the last 30 (or whatever I change it > to) days at all times? Vs deleting all of quarantine after X number of > days. > > Seems obvious that you would do X number of days at all times, but > checking for my conscious. > It keeps x number of days in quarrantine, killing anything older than x. Watch the size, though, as it can get large if you process a lot of mail. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Jul 7 02:31:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:14 2006 Subject: High Scoring Spam only deleted when Integer is set? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Wed, 6 Jul 2005 17:57:25 +0100: > Presumably you mean you can confirm it is not a problem for you? Correct. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at GARDRAIL.COM Thu Jul 7 04:05:18 2005 From: mailscanner at GARDRAIL.COM (Bill) Date: Thu Jan 12 21:30:14 2006 Subject: quarantine queue messages doesn't contain .+-SpamLevel: sssss Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greetings, I looked through the quarantine directory at all the spam MailSCanner caught, and was quite impressed! The only problem I can see is MailScanner doesn't actually state what level of spam it is denoted by the SpamLevel statement in the header. Has anyone been able to get that in the queue files successfully? I'm running MailScanner 4.42.9 Thanks in advance, -=-Bill-=- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From imtiyaz at netcore.co.in Thu Jul 7 07:05:46 2005 From: imtiyaz at netcore.co.in (ansari imtiyaz ahmed khadim husain) Date: Thu Jan 12 21:30:14 2006 Subject: Disclaimer pattern Message-ID: Hi all.... I am using the disclaimer facility in MailScanner, but the problem is the pattern of disclaimer going outside the organization is not as I am specifying. Means I am attaching the disclaimer of only one very big line , but it is getting divided into many smaller lines and hence disturbing the whole pattern. Is it built_in functionality of MailScanner or we can set it from any configuration file. Please help.. Regards Imtiyaz ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jul 7 08:56:04 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:14 2006 Subject: quarantine queue messages doesn't contain .+-SpamLevel: sssss Message-ID: Bill wrote: > Greetings, > > I looked through the quarantine directory at all the spam MailSCanner caught, and was > quite impressed! The only problem I can see is MailScanner doesn't actually state what > level of spam it is denoted by the SpamLevel statement in the header. > > Has anyone been able to get that in the queue files successfully? I'm running > MailScanner 4.42.9 > > Thanks in advance, > Bill From what I remember (1st cup of tea is only just drunk so..) messages that go into quarantine/archive areas are the original message before MS has altered anything. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From zichovsky at TRUL.CZ Thu Jul 7 09:10:00 2005 From: zichovsky at TRUL.CZ (Pavel Zichovsky) Date: Thu Jan 12 21:30:14 2006 Subject: AV for Windows Clients with Central Admin? {Virus Scanned} Message-ID: MailScanner mailing list wrote: > AVG from Grisoft has a console that can store it's stuff on a Linux box > but I think the interface has to be from a Windows client. That > shouldn't be a problem. > > They also have AV for Win & Linux. Not free but worth a look. > Yes, AVG7 is very good, we are using it on win desktops and linux server, and central administration is very powerfull. "Communication server" could be run on linux with firebird database (easy to install, easy to setup) and it also can download actualization files and distribute them to desktop clients (saves bandwith). Grisoft is now even testing "push update service" which means that your server must not check for updates periodicaly, but Grisoft server will contact it whenever new update is available. Administration console must be run from windows station, but IMHO it is not problem. AVG7 is not free, but price is very fair, and if you buy multilicense (cheaper than single licenses), then remote administration is free of charge. With regards Pavel Zichovsky (zichovsky@trul) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 7 09:48:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: quarantine queue messages doesn't contain .+-SpamLevel: sssss Message-ID: On 7 Jul 2005, at 08:56, Martin Hepworth wrote: > Bill wrote: > >> Greetings, >> I looked through the quarantine directory at all the spam >> MailSCanner caught, and was >> quite impressed! The only problem I can see is MailScanner >> doesn't actually state what >> level of spam it is denoted by the SpamLevel statement in the header. >> Has anyone been able to get that in the queue files successfully? >> I'm running >> MailScanner 4.42.9 >> Thanks in advance, >> > > Bill > > From what I remember (1st cup of tea is only just drunk so..) > messages that go into quarantine/archive areas are the original > message before MS has altered anything. Correct. If you need more info about a message, look in the logs. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at GARDRAIL.COM Thu Jul 7 10:04:28 2005 From: mailscanner at GARDRAIL.COM (Bill) Date: Thu Jan 12 21:30:14 2006 Subject: quarantine queue messages doesn't contain .+-SpamLevel: sssss Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hmm. I was kinda hoping for MS to modify the header with that string in it. That way I atleast know what the spamlevel of that message was and why it triggered a quarantine response. ---------- Original Message ----------- From: Martin Hepworth To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thu, 7 Jul 2005 08:56:04 +0100 Subject: Re: quarantine queue messages doesn't contain .+-SpamLevel: sssss > Bill wrote: > > Greetings, > > > > I looked through the quarantine directory at all the spam MailSCanner caught, and was > > quite impressed! The only problem I can see is MailScanner doesn't actually state what > > level of spam it is denoted by the SpamLevel statement in the header. > > > > Has anyone been able to get that in the queue files successfully? I'm running > > MailScanner 4.42.9 > > > > Thanks in advance, > > > > Bill > > From what I remember (1st cup of tea is only just drunk so..) messages > that go into quarantine/archive areas are the original message before MS > has altered anything. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jul 7 10:11:23 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:14 2006 Subject: quarantine queue messages doesn't contain .+-SpamLevel: sssss Message-ID: Bill wrote: > Hmm. I was kinda hoping for MS to modify the header with that string in it. That way I > atleast know what the spamlevel of that message was and why it triggered a quarantine > response. > > ---------- Original Message ----------- > From: Martin Hepworth > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Thu, 7 Jul 2005 08:56:04 +0100 > Subject: Re: quarantine queue messages doesn't contain .+-SpamLevel: sssss > > >>Bill wrote: >> >>>Greetings, >>> >>>I looked through the quarantine directory at all the spam MailSCanner caught, and was >>>quite impressed! The only problem I can see is MailScanner doesn't actually state what >>>level of spam it is denoted by the SpamLevel statement in the header. >>> >>>Has anyone been able to get that in the queue files successfully? I'm running >>>MailScanner 4.42.9 >>> >>>Thanks in advance, >>> >> >>Bill >> >> From what I remember (1st cup of tea is only just drunk so..) messages >>that go into quarantine/archive areas are the original message before MS >>has altered anything. >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> Bill if you are using MaiWatch or other SQl-logger you could pull this info out of the mysql DB. -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jeff at IMAGE-SRC.COM Thu Jul 7 18:18:16 2005 From: jeff at IMAGE-SRC.COM (Jeff Graves) Date: Thu Jan 12 21:30:14 2006 Subject: Mark scan failure Message-ID: Currently using 4.30.3-2 on FC1. Is there a way to mark messages that had a problem being scanned not as a virus, but with a warning? For instance, a user reported that they weren't receiving a particular message that someone was sending them but that they could receive it at their personal account. Turns out there were two attachments - a PDF (scanned okay) and ".stix" file which caused sophos to return a "format not supported." I added that to the "allowed error messages" but what I'd rather do quarantine anything that errors out and still deliver as a non-virus (as procmail does the virus filtering - some power users receive them and then sort, others go directly to the bit-bucket). Is that configuration possible with my current version of MS or a newer one or not at all? Thanks, Jeff Graves, MCSA Customer Support Engineer Image Source, Inc. 10 Mill Street Bellingham, MA 02019 508.966.5200 - Phone 508.966.5170 - Fax jeff@image-src.com - Email www.image-src.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jul 7 22:30:47 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:14 2006 Subject: whitelisting Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A couple of spam messages are coming through because they're whitelisted. Problem is, that they're not from where they purport to be. This is a message that came through claiming to be from monster.com (which is in the whitelist) although it's obvious that it didn't come from there. Wouldn't it make more sense to whitelist on the envelope To: instead? Or do I just have something set wrong somewhere? Return-Path: <^Ág> Received: from monster.com (dial81-135-244-94.in-addr.btopenworld.com [81.135.244.94]) by mxl.ci.juneau.ak.us (8.13.3/8.13.3/SuSE Linux 0.7) with SMTP id j67KmOkW025458 for ; Thu, 7 Jul 2005 12:48:39 -0800 Date: Thu, 7 Jul 2005 12:48:24 -0800 Message-Id: <200507072048.j67KmOkW025458@mxl.ci.juneau.ak.us> From: Andrew Welch To: Joe Blow Subject: Ariel reps wanted X-Priority: 3 X-MSMail-Priority: Normal Reply-To: Andrew Welch mime-version: 1.0 content-type: multipart/mixed; boundary="qzsoft_directmail_seperator" (The original recipient was changed to joe_blow - all else is a straight cut and paste from Mailwatch) TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at blacknight.ie Thu Jul 7 23:00:56 2005 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:30:14 2006 Subject: whitelisting Message-ID: Kevin I am seeing a similar issue on our end :( Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 8 02:29:15 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:14 2006 Subject: whitelisting Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote on Thu, 7 Jul 2005 13:30:47 -0800: > Received: from monster.com (dial81-135-244-94.in-addr.btopenworld.com *.in-addr.btopenworld.com is probably all dynamic IP space, block it ... > Wouldn't > it make more sense to whitelist on the envelope To: instead? Your quote doesn't show the Envelope-To, maybe it was set to user@monster.com? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Fri Jul 8 04:51:40 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:30:14 2006 Subject: SQL Blacklist/Whitelist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is probably better asked on the MailScanner list as it is in regards to how MailScanner functions. I would like for it to work in realtime as well, but have a cron job that restarts MailScanner @ 3am every day. It seems apparent that MailScanner reads the entries upon startup and requires a reload to re-read the entries. Perhaps Julian might have a way to modify a future release of MS if possible or if necessary to re-read the SQL entries every hour for example. I will forward this to the MS list. Regards, Tracy Greggs ----- Original Message ----- From: "Philip J. Zeigler" To: Sent: Thursday, July 07, 2005 6:30 PM Subject: [Mailwatch-users] SQLBlacklist issue > Just upgraded from 0.51 to 1.0.1 and love the new interface. The > improvements are great. Keep up the great work!! > > The issue I am having is that MailScanner doesn't seem to utilize the > contents of &SQLBlacklist until after a restart. If I add a bunch of > addresses to the blacklist. they are only recognized and loaded in after a > restart of MailScanner and will not fire until a restart has occurred. > > This shows in the log as: > Jul 7 13:39:44 www MailScanner[5621]: Starting up SQL Blacklist > Jul 7 13:39:44 www MailScanner[5621]: Read 0 blacklist entries > Jul 7 13:39:55 www MailScanner[5628]: Config: calling custom init > function SQLBlacklist > > and after a restart: > Jul 7 19:18:29 www MailScanner[17093]: Starting up SQL Blacklist > Jul 7 19:18:29 www MailScanner[17093]: Read 13 blacklist entries > Jul 7 19:18:40 www MailScanner[17100]: Config: calling custom init > function SQLBlacklist > > Is there any way to make this real-time? Doing a restart after every > addidtion is a real pain... especially if I allow other users to manage > the blacklist. They won't have root access to restart MailScanner and I > may not know that they have made any changes for me to do the restart. > Obviously I would prefer not to be restarting all the time at all. > > Thanks, > Philip ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Fri Jul 8 06:45:13 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:14 2006 Subject: Win32.Netsky.P slipping through. Message-ID: Greetings Folks, I have noticed a few messages slipping past mailscanner file type detection and AV scan today but being blocked by spamassassin The attachment type varies between .wav and .pif sometimes with heaps of white space in the filename i.e document.txt .pif I have noticed that if I take the infected attachment from quarantine and resend via the mailscanner box, that the attachment is picked up and detected as a virus / bad content. Could anyone shed some light on why these may be slipping through mailscanner when sent from external sources. MS version is 4.43.8 and I'm running Clam AV and Bit Defender. A copy of the headers from one of the messages in question below. In this particular instance, the attachment was a .wav file but most of the others have been .pif Any help would be welcomed. Tony. ----------------------- Subject: Mail Delivery (failure -address removed-) Date: Fri, 8 Jul 2005 15:33:49 +1000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_001B_01C0CA80.6B015D10" X-Priority: 3 X-MSMail-Priority: Normal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 07:01:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: whitelisting Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In which case just change the From: to To: in the whitelist. On 7 Jul 2005, at 22:30, Kevin Miller wrote: > A couple of spam messages are coming through because they're > whitelisted. > Problem is, that they're not from where they purport to be. This is a > message that came through claiming to be from monster.com (which is > in the > whitelist) although it's obvious that it didn't come from there. > Wouldn't > it make more sense to whitelist on the envelope To: instead? Or do > I just > have something set wrong somewhere? > > Return-Path: <^Ùg> > Received: from monster.com (dial81-135-244-94.in-addr.btopenworld.com > [81.135.244.94]) > by mxl.ci.juneau.ak.us (8.13.3/8.13.3/SuSE Linux 0.7) with > SMTP id > j67KmOkW025458 > for ; Thu, 7 Jul 2005 12:48:39 -0800 > Date: Thu, 7 Jul 2005 12:48:24 -0800 > Message-Id: <200507072048.j67KmOkW025458@mxl.ci.juneau.ak.us> > From: Andrew Welch > To: Joe Blow > Subject: Ariel reps wanted > X-Priority: 3 > X-MSMail-Priority: Normal > Reply-To: Andrew Welch > mime-version: 1.0 > content-type: multipart/mixed; > boundary="qzsoft_directmail_seperator" > > (The original recipient was changed to joe_blow - all else is a > straight cut > and paste from Mailwatch) > > TIA... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 07:02:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: SQL Blacklist/Whitelist Message-ID: Just use the "Restart Every" setting. Setting it to 3600 will cause an hourly reload of configuration information. I wouldn't set it to less than 15 minutes. On 8 Jul 2005, at 04:51, Tracy Greggs wrote: > This is probably better asked on the MailScanner list as it is in > regards to > how MailScanner functions. I would like for it to work in realtime > as well, > but have a cron job that restarts MailScanner @ 3am every day. It > seems > apparent that MailScanner reads the entries upon startup and > requires a > reload to re-read the entries. Perhaps Julian might have a way to > modify a > future release of MS if possible or if necessary to re-read the SQL > entries > every hour for example. I will forward this to the MS list. > > Regards, > Tracy Greggs > > ----- Original Message ----- From: "Philip J. Zeigler" > > To: > Sent: Thursday, July 07, 2005 6:30 PM > Subject: [Mailwatch-users] SQLBlacklist issue > > > >> Just upgraded from 0.51 to 1.0.1 and love the new interface. The >> improvements are great. Keep up the great work!! >> >> The issue I am having is that MailScanner doesn't seem to utilize the >> contents of &SQLBlacklist until after a restart. If I add a bunch of >> addresses to the blacklist. they are only recognized and loaded in >> after a >> restart of MailScanner and will not fire until a restart has >> occurred. >> >> This shows in the log as: >> Jul 7 13:39:44 www MailScanner[5621]: Starting up SQL Blacklist >> Jul 7 13:39:44 www MailScanner[5621]: Read 0 blacklist entries >> Jul 7 13:39:55 www MailScanner[5628]: Config: calling custom init >> function SQLBlacklist >> >> and after a restart: >> Jul 7 19:18:29 www MailScanner[17093]: Starting up SQL Blacklist >> Jul 7 19:18:29 www MailScanner[17093]: Read 13 blacklist entries >> Jul 7 19:18:40 www MailScanner[17100]: Config: calling custom init >> function SQLBlacklist >> >> Is there any way to make this real-time? Doing a restart after every >> addidtion is a real pain... especially if I allow other users to >> manage >> the blacklist. They won't have root access to restart MailScanner >> and I >> may not know that they have made any changes for me to do the >> restart. >> Obviously I would prefer not to be restarting all the time at all. >> >> Thanks, >> Philip >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 07:03:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: Win32.Netsky.P slipping through. Message-ID: Almost certainly because you have rulesets in place that stop this detection taking place. On 8 Jul 2005, at 06:45, Tony Enderby wrote: > Greetings Folks, > > I have noticed a few messages slipping past mailscanner file type > detection > and AV scan today but being blocked by spamassassin > > The attachment type varies between .wav and .pif sometimes with > heaps of > white space in the filename > > i.e document.txt > .pif > > I have noticed that if I take the infected attachment from > quarantine and > resend via the mailscanner box, that the attachment is picked up and > detected as a virus / bad content. > > Could anyone shed some light on why these may be slipping through > mailscanner when sent from external sources. > MS version is 4.43.8 and I'm running Clam AV and Bit Defender. A > copy of > the headers from one of the messages in question below. > In this particular instance, the attachment was a .wav file but > most of the > others have been .pif > > Any help would be welcomed. > > Tony. > > ----------------------- > > Subject: Mail Delivery (failure -address removed-) > Date: Fri, 8 Jul 2005 15:33:49 +1000 > MIME-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="----=_NextPart_000_001B_01C0CA80.6B015D10" > X-Priority: 3 > X-MSMail-Priority: Normal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Fri Jul 8 07:11:50 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:14 2006 Subject: Win32.Netsky.P slipping through. Message-ID: I'm not so sure that's the case Julian, sending a message remotely via a network that's not part of any ruleset exemptions with the infected attachment but via a different mail client results in the mail being picked up correctly. Is there anything else I should have a look at that may be causing it? .. they have only been coming through since my upgrade to 4.43.8 last night. Julian Field To Sent by: MAILSCANNER@JISCMAIL.AC.UK MailScanner cc mailing list Re: Win32.Netsky.P slipping through. 08/07/2005 04:03 PM Please respond to MailScanner mailing list Almost certainly because you have rulesets in place that stop this detection taking place. On 8 Jul 2005, at 06:45, Tony Enderby wrote: > Greetings Folks, > > I have noticed a few messages slipping past mailscanner file type > detection > and AV scan today but being blocked by spamassassin > > The attachment type varies between .wav and .pif sometimes with > heaps of > white space in the filename > > i.e document.txt > .pif > > I have noticed that if I take the infected attachment from > quarantine and > resend via the mailscanner box, that the attachment is picked up and > detected as a virus / bad content. > > Could anyone shed some light on why these may be slipping through > mailscanner when sent from external sources. > MS version is 4.43.8 and I'm running Clam AV and Bit Defender. A > copy of > the headers from one of the messages in question below. > In this particular instance, the attachment was a .wav file but > most of the > others have been .pif > > Any help would be welcomed. > > Tony. > > ----------------------- > > Subject: Mail Delivery (failure -address removed-) > Date: Fri, 8 Jul 2005 15:33:49 +1000 > MIME-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="----=_NextPart_000_001B_01C0CA80.6B015D10" > X-Priority: 3 > X-MSMail-Priority: Normal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 8 11:51:49 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:14 2006 Subject: SQL Blacklist/Whitelist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Fri, 8 Jul 2005 07:02:30 +0100: > Just use the "Restart Every" setting. Setting it to 3600 will cause > an hourly reload of configuration information. I wouldn't set it to > less than 15 minutes. Obviously, a reload of only the SQL-based list would do. Can you consider implementing this? After all we don't want to restart all MailScanner processes every hour or less. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 12:14:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: SQL Blacklist/Whitelist Message-ID: On 8 Jul 2005, at 11:51, Kai Schaetzl wrote: > Julian Field wrote on Fri, 8 Jul 2005 07:02:30 +0100: > > >> Just use the "Restart Every" setting. Setting it to 3600 will cause >> an hourly reload of configuration information. I wouldn't set it to >> less than 15 minutes. >> > > Obviously, a reload of only the SQL-based list would do. Can you > consider > implementing this? After all we don't want to restart all MailScanner > processes every hour or less. You can implement this yourself. Just have a variable in the CustomConfig.pm that is declared outside of any function. Put in there the (alarm) time when you want the next SQL reload to happen. In the Custom Function, check the time to see if you are after the alarm time. If you are, then reload the SQL data and update the alarm time to point another hour in the future. It's about 5 lines of code :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evanderleun at HAL9000.NL Fri Jul 8 13:43:02 2005 From: evanderleun at HAL9000.NL (Erik van der Leun) Date: Thu Jan 12 21:30:14 2006 Subject: updating mcafee uvscan Message-ID: Hi, I've been struggling with the autoupdating of McAfee uvscan virus definitions. Although I've seen the updatescript at work, retrieving updates, etc, I noticed that the script I have from McAfee uvscan itself (update-nai.pl) comes with different results. For the record: the autoupdate scripts from MailScanner is used every hour and actually does (seem to) work. It just retrieves updates of a previous day... I guess a bit of output says enough: uvscan simply detects more/earlier when I use update-nai... I'd like some feedback spamfilter root # uvscan --version Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4530 created Jul 07 2005 Scanning for 136042 viruses, trojans and variants. spamfilter root # /usr/local/uvscan/update-nai.pl Downloading DAILYDAT.ZIP ... Extracting DAILYDAT.ZIP to /usr/local/uvscan ... Installing: scan.dat Installing: names.dat Installing: clean.dat Installing: betadat.txt Daily Dat Installed! spamfilter root # uvscan --version Virus Scan for Linux v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Linux. Virus data file v4100 created Jul 08 2005 Scanning for 137601 viruses, trojans and variants. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Jul 8 13:53:26 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:14 2006 Subject: deny cabinet files? Message-ID: Julian, I got a suspicious email today with a .cab file attachment. I've submitted the file to clam, but this inspired me to add the following rule to filename.rules.conf: deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet files may hide viruses \t for real tabs here. I googled and checked Microsoft's website and see no positive use for an emailed .cab file. Anybody else seen this? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 14:21:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: deny cabinet files? Message-ID: Good point, it's a format that I expect many virus scanners miss. And Windows users have in-built support for opening them too, IIRC. I'll add that rule to the default set of rules I supply. On 8 Jul 2005, at 13:53, Jeff A. Earickson wrote: > Julian, > > I got a suspicious email today with a .cab file attachment. > I've submitted the file to clam, but this inspired me to > add the following rule to filename.rules.conf: > > deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet > files may hide viruses > > \t for real tabs here. I googled and checked Microsoft's > website and see no positive use for an emailed .cab file. > Anybody else seen this? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Fri Jul 8 14:25:16 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:30:14 2006 Subject: deny cabinet files? Message-ID: Once or twice we've had a vendor e-mail us a cab file when the cab file on the original media was corrupt. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Jeff A. Earickson wrote: > Julian, > > I got a suspicious email today with a .cab file attachment. > I've submitted the file to clam, but this inspired me to > add the following rule to filename.rules.conf: > > deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet > files may hide viruses > > \t for real tabs here. I googled and checked Microsoft's > website and see no positive use for an emailed .cab file. > Anybody else seen this? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Fri Jul 8 14:42:55 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:30:14 2006 Subject: deny cabinet files? Message-ID: Sophos will scan them if you use the -cab switch on the command line. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com Julian Field wrote: > Good point, it's a format that I expect many virus scanners miss. And > Windows users have in-built support for opening them too, IIRC. > > I'll add that rule to the default set of rules I supply. > > On 8 Jul 2005, at 13:53, Jeff A. Earickson wrote: > >> Julian, >> >> I got a suspicious email today with a .cab file attachment. >> I've submitted the file to clam, but this inspired me to >> add the following rule to filename.rules.conf: >> >> deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet >> files may hide viruses >> >> \t for real tabs here. I googled and checked Microsoft's >> website and see no positive use for an emailed .cab file. >> Anybody else seen this? >> >> Jeff Earickson >> Colby College >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Jul 8 14:57:37 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:14 2006 Subject: deny cabinet files? Message-ID: Hi, I keep the attached little script around to use in case I want to run file thru my virus scanners by hand. Unless it is out-of-date, it mimics the arguments used by MailScanner for checking an attachment. I read the manpage for sweep and noted the -cab option AND the fact that -archive does not include .cab files. Yikes. Maybe this option needs to be added to the MailScanner invocation of sweep. I added -cab to sweep and ran the suspicious file thru Sophos again. Still no complaints about the file. It has been submitted to Sophos and Clam for analysis. Jeff Earickson Colby College On Fri, 8 Jul 2005, Aaron K. Moore wrote: > Date: Fri, 8 Jul 2005 08:42:55 -0500 > From: Aaron K. Moore > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: deny cabinet files? > > Sophos will scan them if you use the -cab switch on the command line. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > Phone: 260.920.2808 > E-mail: amoore@dekalbmemorial.com > > Julian Field wrote: >> Good point, it's a format that I expect many virus scanners miss. And >> Windows users have in-built support for opening them too, IIRC. >> >> I'll add that rule to the default set of rules I supply. >> >> On 8 Jul 2005, at 13:53, Jeff A. Earickson wrote: >> >>> Julian, >>> >>> I got a suspicious email today with a .cab file attachment. >>> I've submitted the file to clam, but this inspired me to >>> add the following rule to filename.rules.conf: >>> >>> deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet >>> files may hide viruses >>> >>> \t for real tabs here. I googled and checked Microsoft's >>> website and see no positive use for an emailed .cab file. >>> Anybody else seen this? >>> >>> Jeff Earickson >>> Colby College >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "virus.scan") 15 lines. ] [ Unable to print this part. ] From jaearick at COLBY.EDU Fri Jul 8 15:04:26 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:14 2006 Subject: deny cabinet files? It was a virus! Message-ID: I just got a response from the Clam team, my suspicious cab file is a worm: Submission: 64289 Sender: Andreas Grip Added: Worm.Kebede.G-cab Added: Worm.Kebede.G Virus name alias: Email-Worm.Win32.Kebede.g (Kaspersky AVP), Virus name alias: BACKDOOR.Trojan (Drweb), Win32.Worm.Kebede.G Virus name alias: (Bitdefender) Submission: 64309 Sender: Jeff Earickson Submission notes: Same as 64289. Just updated my Clam files and ran the file thru my virus.scan script, now it says: === Checking content.cab with ClamAV clamscan Scanning content.cab content.cab: Worm.Kebede.G-cab FOUND So I wasn't just paranoid, I was right! :) (Still waiting for the Sophos update...) Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Fri Jul 8 14:51:07 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:14 2006 Subject: Broken link Message-ID: Hi OT----- Are you everybody ok over there? tough times OT END---- totally trivial: There is no .sig for the beta version http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4.44.1-1.tar.gz.sig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evanderleun at HAL9000.NL Fri Jul 8 15:39:38 2005 From: evanderleun at HAL9000.NL (Erik van der Leun) Date: Thu Jan 12 21:30:14 2006 Subject: SpamAssassin Timeouts Message-ID: Hi, I've been trying to find more information regarding the spamassassin timeouts I sometimes have... Some mails are scanned very quickly, others timeout... I've tried several things... - disabling all online blocklists (ORBB-RBL, spamhaus.org, spamcop.net, etc) - disabling the enormous number of rulesets caused by rulesdujour - updating spamassassin (and MailScanner) to the most recent versions - adjusting the timeout settings to a higher value (from 40 to 60 seconds). spamassassin --lint does not report any errors... These are the messages of maillog... it's not more detailed than this. Jul 8 16:11:40 hal9000 MailScanner[32429]: SpamAssassin timed out and was killed, failure 1 of 20 Jul 8 16:11:40 hal9000 MailScanner[32429]: SpamAssassin timed out and was killed, failure 1 of 20 I'm not sure what to look for anymore... Does anybody have suggestions? :) Kind regards, Erik van der Leun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel at PLUSINE.COM Fri Jul 8 15:56:14 2005 From: marcel at PLUSINE.COM (Marcel Burggraeve) Date: Thu Jan 12 21:30:14 2006 Subject: SpamAssassin Timeouts Message-ID: > Hi, > > I've been trying to find more information regarding the > spamassassin timeouts I sometimes have... Some mails are > scanned very quickly, others timeout... > > I've tried several things... > - disabling all online blocklists (ORBB-RBL, spamhaus.org, > spamcop.net, etc) > - disabling the enormous number of rulesets caused by rulesdujour > - updating spamassassin (and MailScanner) to the most > recent versions > - adjusting the timeout settings to a higher value (from 40 > to 60 seconds). > > spamassassin --lint does not report any errors... > > These are the messages of maillog... it's not more detailed than this. > > Jul 8 16:11:40 hal9000 MailScanner[32429]: SpamAssassin > timed out and was killed, failure 1 of 20 Jul 8 16:11:40 > hal9000 MailScanner[32429]: SpamAssassin timed out and was > killed, failure 1 of 20 > > I'm not sure what to look for anymore... > > Does anybody have suggestions? :) > Hi, Couple of months ago we had random timeouts as well. After deleting all bayes db files and creating them again by feeding spam and ham via sa-learn our problems were gone. Best regards, Marcel Burggraeve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 16:01:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: deny cabinet files? Message-ID: I have added the -cab option to the command line for Sophos. On 8 Jul 2005, at 14:57, Jeff A. Earickson wrote: > Hi, > I keep the attached little script around to use in case I want > to run file thru my virus scanners by hand. Unless it is out-of-date, > it mimics the arguments used by MailScanner for checking an > attachment. > > I read the manpage for sweep and noted the -cab option AND the fact > that -archive does not include .cab files. Yikes. Maybe this option > needs to be added to the MailScanner invocation of sweep. > > I added -cab to sweep and ran the suspicious file thru Sophos again. > Still no complaints about the file. It has been submitted to Sophos > and Clam for analysis. > > Jeff Earickson > Colby College > > On Fri, 8 Jul 2005, Aaron K. Moore wrote: > > >> Date: Fri, 8 Jul 2005 08:42:55 -0500 >> From: Aaron K. Moore >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: deny cabinet files? >> Sophos will scan them if you use the -cab switch on the command line. >> >> -- >> Aaron Kent Moore >> Information Technology Services >> DeKalb Memorial Hospital, Inc. >> Auburn, IN >> Phone: 260.920.2808 >> E-mail: amoore@dekalbmemorial.com >> >> Julian Field wrote: >> >>> Good point, it's a format that I expect many virus scanners miss. >>> And >>> Windows users have in-built support for opening them too, IIRC. >>> >>> I'll add that rule to the default set of rules I supply. >>> >>> On 8 Jul 2005, at 13:53, Jeff A. Earickson wrote: >>> >>> >>>> Julian, >>>> >>>> I got a suspicious email today with a .cab file attachment. >>>> I've submitted the file to clam, but this inspired me to >>>> add the following rule to filename.rules.conf: >>>> >>>> deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet >>>> files may hide viruses >>>> >>>> \t for real tabs here. I googled and checked Microsoft's >>>> website and see no positive use for an emailed .cab file. >>>> Anybody else seen this? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 16:03:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: Broken link Message-ID: We're okay, thanks for asking. I have added the PGP sigs for the beta version. On 8 Jul 2005, at 14:51, Leonardo Helman wrote: > Hi > > OT----- > Are you everybody ok over there? > tough times > OT END---- > > totally trivial: > There is no .sig for the beta version > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/ > MailScanner-install-4.44.1-1.tar.gz.sig > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Fri Jul 8 15:58:15 2005 From: KLekas at FOXRIVER.COM (Lekas, Kosta) Date: Thu Jan 12 21:30:14 2006 Subject: recieved headers too revealing Message-ID: I need help with a rule that is not working. I configured "Remove These Headers = removeheaders.rules" in my MailScanner.conf. Then I created the file removeheaders.rules in /MailScanner/rules directory. This is what the file looks like: ######################################## #Remove revealing internal Recieved: headers From: 10.0. X-Mozilla-Status: X-Mozilla-Status2: Received: #Preserve Default MailScanner setting FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: ######################################### I sent out a few test emails and the Received: headers from my internal Exchange server were never removed. If I don't use a ruleset and just do: "Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Received" It removes all Received headers from all mail regardless of origin which is not what I want. Can someone tell me what is wrong with my rule. Kosta Lekas Fox River Financial Resources 630.482.7142 - office 630.885.9355 - mobile 630.232.6074 - fax -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Joshua Hirsh Sent: Wednesday, July 06, 2005 8:29 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: recieved headers too revealing Hi Kosta, Please take a look at your MailScanner.conf file, specifically the value of "Remove These Headers". You can configure this option to point to a ruleset which removes the Received headers for email originating from your Exchange server. Regards, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Jul 8 16:08:06 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:14 2006 Subject: updating mcafee uvscan Message-ID: McAfee update their released DAT files daily (and on the odd occasion more frequently, usually when there are false-positives). The DAT files your update-nai.pl script grabs are published every hour by McAfee and are regarded by them as "test" DAT files - they may contain false positives, for example. If you can live with this possibility, that's fine. But I'd strongly advise you to use additional scanners like Bitdefender and ClamAV as well if you want timely detections of new threats. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Erik van der Leun > Sent: 08 July 2005 13:43 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: updating mcafee uvscan > > Hi, > > I've been struggling with the autoupdating of McAfee uvscan > virus definitions. > Although I've seen the updatescript at work, retrieving > updates, etc, I noticed that the script I have from McAfee > uvscan itself (update-nai.pl) comes with different results. > > For the record: the autoupdate scripts from MailScanner is > used every hour and actually does (seem to) work. It just > retrieves updates of a previous day... > > I guess a bit of output says enough: > uvscan simply detects more/earlier when I use update-nai... > > I'd like some feedback > > spamfilter root # uvscan --version > Virus Scan for Linux v4.40.0 > Copyright (c) 1992-2004 Networks Associates Technology Inc. > All rights reserved. > (408) 988-3832 LICENSED COPY - Sep 23 2004 > > Scan engine v4.4.00 for Linux. > Virus data file v4530 created Jul 07 2005 Scanning for 136042 > viruses, trojans and variants. > > spamfilter root # /usr/local/uvscan/update-nai.pl Downloading > DAILYDAT.ZIP ... > Extracting DAILYDAT.ZIP to /usr/local/uvscan ... > Installing: scan.dat > Installing: names.dat > Installing: clean.dat > Installing: betadat.txt > Daily Dat Installed! > > spamfilter root # uvscan --version > Virus Scan for Linux v4.40.0 > Copyright (c) 1992-2004 Networks Associates Technology Inc. > All rights reserved. > (408) 988-3832 LICENSED COPY - Sep 23 2004 > > Scan engine v4.4.00 for Linux. > Virus data file v4100 created Jul 08 2005 Scanning for 137601 > viruses, trojans and variants. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 16:08:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: SpamAssassin Timeouts Message-ID: Edit MailScanner.conf and set Debug = yes Debug SpamAssassin = yes Then shut down the MailScanner processes (leave sendmail running!) and wait about 30 seconds. Then get your fingers ready to thump Ctrl-S when necessary. Run the command check_MailScanner It will start spewing out debug info from SpamAssassin, as soon as it has a message waiting to be processed. Whenever the output pauses, press Ctrl-S and read the last few lines to see what it is trying to do. Ctrl-Q resumes it. Make some educated guesses from the points where it is stopping, feel free to post here for advice. Then reset your MailScanner.conf to its normal settings, and run check_MailScanner again. This will start it up in its normal state. Can someone post this to the wiki please? On 8 Jul 2005, at 15:39, Erik van der Leun wrote: > Hi, > > I've been trying to find more information regarding the > spamassassin timeouts I sometimes have... Some mails are scanned > very quickly, others timeout... > > I've tried several things... > - disabling all online blocklists (ORBB-RBL, spamhaus.org, > spamcop.net, etc) > - disabling the enormous number of rulesets caused by rulesdujour > - updating spamassassin (and MailScanner) to the most recent versions > - adjusting the timeout settings to a higher value (from 40 to 60 > seconds). > > spamassassin --lint does not report any errors... > > These are the messages of maillog... it's not more detailed than this. > > Jul 8 16:11:40 hal9000 MailScanner[32429]: SpamAssassin timed out > and was killed, failure 1 of 20 Jul 8 16:11:40 hal9000 MailScanner > [32429]: SpamAssassin timed out and was killed, failure 1 of 20 > > I'm not sure what to look for anymore... > > Does anybody have suggestions? :) > > Kind regards, > Erik van der Leun > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 16:12:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: recieved headers too revealing Message-ID: You need to specify the full path to the file either starting with a % variable% or a / It will have been removing a header called removeheaders.rules which probably isn't what you intended :-) On 8 Jul 2005, at 15:58, Lekas, Kosta wrote: > I need help with a rule that is not working. I configured "Remove > These > Headers = removeheaders.rules" in my MailScanner.conf. Then I created > the file removeheaders.rules in /MailScanner/rules directory. This is > what the file looks like: > > > ######################################## > #Remove revealing internal Recieved: headers > From: 10.0. X-Mozilla-Status: X-Mozilla-Status2: > Received: > > #Preserve Default MailScanner setting > FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: > ######################################### > > I sent out a few test emails and the Received: headers from my > internal > Exchange server were never removed. If I don't use a ruleset and just > do: > "Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Received" > It removes all Received headers from all mail regardless of origin > which > is not what I want. Can someone tell me what is wrong with my rule. > > > > > Kosta Lekas > Fox River Financial Resources > 630.482.7142 - office > 630.885.9355 - mobile > 630.232.6074 - fax > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Joshua Hirsh > Sent: Wednesday, July 06, 2005 8:29 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: recieved headers too revealing > > Hi Kosta, > > Please take a look at your MailScanner.conf file, specifically the > value of "Remove These Headers". > > You can configure this option to point to a ruleset which removes the > Received headers for email originating from your Exchange server. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jul 8 16:17:09 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:14 2006 Subject: whitelisting Message-ID: Kai Schaetzl wrote: > Kevin Miller wrote on Thu, 7 Jul 2005 13:30:47 -0800: > >> Received: from monster.com (dial81-135-244-94.in-addr.btopenworld.com > > *.in-addr.btopenworld.com is probably all dynamic IP space, block it > ... > > >> Wouldn't >> it make more sense to whitelist on the envelope To: instead? > > Your quote doesn't show the Envelope-To, maybe it was set to > user@monster.com? > > Kai The envelope To:? Wouldn't that route to monster.com instead of ci.juneau.ak.us? Also, here's the rule: spam.whitelist.rules:From: *@monster.com yes So it should only be filtering on From monster.com, not FromOrTo... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jul 8 16:31:46 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:14 2006 Subject: whitelisting Message-ID: Julian Field wrote: > In which case just change the From: to To: in the whitelist. Huh? How's that work? The mail is addressed To: user@ci.juneau.ak.us, pretending to be From: user@monster.com. In spam.whitelist.rules I have From: *@monster.com yes so that any mail from there is allowed in. Wouldn't using To: basically mean that any internal originating mail was allowed out? Or am I just being dense? > On 7 Jul 2005, at 22:30, Kevin Miller wrote: > >> A couple of spam messages are coming through because they're >> whitelisted. Problem is, that they're not from where they purport to >> be. This is a message that came through claiming to be from >> monster.com (which is in the whitelist) although it's obvious that >> it didn't come from there. Wouldn't it make more sense to whitelist >> on the envelope To: instead? Or do >> I just >> have something set wrong somewhere? >> >> Return-Path: <(tm)g> >> Received: from monster.com >> (dial81-135-244-94.in-addr.btopenworld.com [81.135.244.94]) by >> mxl.ci.juneau.ak.us (8.13.3/8.13.3/SuSE Linux 0.7) with >> SMTP id >> j67KmOkW025458 >> for ; Thu, 7 Jul 2005 12:48:39 -0800 >> Date: Thu, 7 Jul 2005 12:48:24 -0800 >> Message-Id: <200507072048.j67KmOkW025458@mxl.ci.juneau.ak.us> >> From: Andrew Welch >> To: Joe Blow >> Subject: Ariel reps wanted >> X-Priority: 3 >> X-MSMail-Priority: Normal >> Reply-To: Andrew Welch >> mime-version: 1.0 >> content-type: multipart/mixed; >> boundary="qzsoft_directmail_seperator" >> >> (The original recipient was changed to joe_blow - all else is a >> straight cut and paste from Mailwatch) >> >> TIA... >> >> ...Kevin ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 8 16:36:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:14 2006 Subject: whitelisting Message-ID: Can someone else post some thoughts on this one please? I'm having a Friday-afternoon-brain-mush moment. On 8 Jul 2005, at 16:31, Kevin Miller wrote: > Julian Field wrote: > >> In which case just change the From: to To: in the whitelist. >> > > Huh? How's that work? The mail is addressed To: > user@ci.juneau.ak.us, > pretending to be From: user@monster.com. > > In spam.whitelist.rules I have > > From: *@monster.com yes > > so that any mail from there is allowed in. Wouldn't using To: > basically > mean that any internal originating mail was allowed out? > > Or am I just being dense? > > > > >> On 7 Jul 2005, at 22:30, Kevin Miller wrote: >> >> >>> A couple of spam messages are coming through because they're >>> whitelisted. Problem is, that they're not from where they purport to >>> be. This is a message that came through claiming to be from >>> monster.com (which is in the whitelist) although it's obvious that >>> it didn't come from there. Wouldn't it make more sense to whitelist >>> on the envelope To: instead? Or do >>> I just >>> have something set wrong somewhere? >>> >>> Return-Path: <(tm)g> >>> Received: from monster.com >>> (dial81-135-244-94.in-addr.btopenworld.com [81.135.244.94]) by >>> mxl.ci.juneau.ak.us (8.13.3/8.13.3/SuSE Linux 0.7) with >>> SMTP id >>> j67KmOkW025458 >>> for ; Thu, 7 Jul 2005 12:48:39 -0800 >>> Date: Thu, 7 Jul 2005 12:48:24 -0800 >>> Message-Id: <200507072048.j67KmOkW025458@mxl.ci.juneau.ak.us> >>> From: Andrew Welch >>> To: Joe Blow >>> Subject: Ariel reps wanted >>> X-Priority: 3 >>> X-MSMail-Priority: Normal >>> Reply-To: Andrew Welch >>> mime-version: 1.0 >>> content-type: multipart/mixed; >>> boundary="qzsoft_directmail_seperator" >>> >>> (The original recipient was changed to joe_blow - all else is a >>> straight cut and paste from Mailwatch) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 8 16:17:47 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:14 2006 Subject: SpamAssassin Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Edit MailScanner.conf and set > Debug = yes > Debug SpamAssassin = yes > Then shut down the MailScanner processes (leave sendmail running!) and > wait about 30 seconds. > Then get your fingers ready to thump Ctrl-S when necessary. > Run the command > check_MailScanner > It will start spewing out debug info from SpamAssassin, as soon as it > has a message waiting to be processed. > Whenever the output pauses, press Ctrl-S and read the last few lines to > see what it is trying to do. Ctrl-Q resumes it. > > Make some educated guesses from the points where it is stopping, feel > free to post here for advice. > > Then reset your MailScanner.conf to its normal settings, and run > check_MailScanner again. This will start it up in its normal state. > > Can someone post this to the wiki please? Done http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spamassassin:timeouts ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Fri Jul 8 16:29:46 2005 From: KLekas at FOXRIVER.COM (Lekas, Kosta) Date: Thu Jan 12 21:30:14 2006 Subject: recieved headers too revealing Message-ID: Thanks for your help for my stupid mistake Kosta -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Friday, July 08, 2005 10:12 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: recieved headers too revealing You need to specify the full path to the file either starting with a % variable% or a / It will have been removing a header called removeheaders.rules which probably isn't what you intended :-) On 8 Jul 2005, at 15:58, Lekas, Kosta wrote: > I need help with a rule that is not working. I configured "Remove > These > Headers = removeheaders.rules" in my MailScanner.conf. Then I created > the file removeheaders.rules in /MailScanner/rules directory. This is > what the file looks like: > > > ######################################## > #Remove revealing internal Recieved: headers > From: 10.0. X-Mozilla-Status: X-Mozilla-Status2: > Received: > > #Preserve Default MailScanner setting > FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: > ######################################### > > I sent out a few test emails and the Received: headers from my > internal > Exchange server were never removed. If I don't use a ruleset and just > do: > "Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Received" > It removes all Received headers from all mail regardless of origin > which > is not what I want. Can someone tell me what is wrong with my rule. > > > > > Kosta Lekas > Fox River Financial Resources > 630.482.7142 - office > 630.885.9355 - mobile > 630.232.6074 - fax > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Joshua Hirsh > Sent: Wednesday, July 06, 2005 8:29 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: recieved headers too revealing > > Hi Kosta, > > Please take a look at your MailScanner.conf file, specifically the > value of "Remove These Headers". > > You can configure this option to point to a ruleset which removes the > Received headers for email originating from your Exchange server. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 8 16:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:14 2006 Subject: SQL Blacklist/Whitelist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Fri, 8 Jul 2005 12:14:19 +0100: > then reload the SQL data Julian, can you point me to the function that loads them? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 8 16:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:14 2006 Subject: SpamAssassin Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Erik van der Leun wrote on Fri, 8 Jul 2005 16:39:38 +0200: > spamassassin --lint does not report any errors... You have to run these messages thru spamassassin -D, not --lint. --lint just tells you your setup is basically okay. Since other messages are scanned fine you already know that! If you are not subscribed to the sa-talk list, I suggest you do, lots of valuable information! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Fri Jul 8 16:50:50 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:14 2006 Subject: Virus-scanning spam Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just came across a situation where messages that are being flagged as spam due to the fact that they are listed on one or more RBL's are not being scanned for viruses. I cannot quickly find anything on the FAQ/MAQ that discusses how to adjust settings to virus-scan these messages? Am I missing something somewhere? - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQs6g5BBVT8XLuTbnEQK4iQCeIlSqf2D0fA/K5ZDmPryNUimJhvcAoIFX X/ERPx3UDlf8ggTj+E7tCRQW =pFSz -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Fri Jul 8 16:59:29 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:15 2006 Subject: whitelisting Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 8, 2005, at 8:36 AM, Julian Field wrote: > Can someone else post some thoughts on this one please? > I'm having a Friday-afternoon-brain-mush moment. > > On 8 Jul 2005, at 16:31, Kevin Miller wrote: > >> Julian Field wrote: >> >>> In which case just change the From: to To: in the whitelist. >>> >> >> Huh? How's that work? The mail is addressed To: >> user@ci.juneau.ak.us, >> pretending to be From: user@monster.com. >> >> In spam.whitelist.rules I have >> >> From: *@monster.com yes >> >> so that any mail from there is allowed in. Wouldn't using To: >> basically >> mean that any internal originating mail was allowed out? >> >> Or am I just being dense? >> No, using "To:" in the whitelist rules would mean that any incoming mail addressed to that particular user would be allowed through. It sounds like what you need to do is configure your MTA to refuse mail where the domain in the "From:" envelope is coming from MX's that are not listed in DNS for that domain. - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQs6i5hBVT8XLuTbnEQJ3WACfYcWedLBttW6V/nPr7CLjZWO6PBYAoPdp JPlQcWWNgJufgT5zXe9IiZz1 =4ISE -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Jul 8 17:02:29 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:15 2006 Subject: Virus-scanning spam Message-ID: See here: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/277.html There might be a more elegant way of doing it these days, but that works for me. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Craig Daters > Sent: 08 July 2005 16:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Virus-scanning spam > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I just came across a situation where messages that are being > flagged as spam due to the fact that they are listed on one > or more RBL's are not being scanned for viruses. I cannot > quickly find anything on the FAQ/MAQ that discusses how to > adjust settings to virus-scan these messages? Am I missing > something somewhere? > > - --- > Craig Daters (craig@westpress.com) > Systems Administrator > > West Press > 1663 West Grant Road > Tucson, Arizona 85745 > > (520) 624-4939 x208 > (520) 624-2715 fax > www.westpress.com > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.1 > > iQA/AwUBQs6g5BBVT8XLuTbnEQK4iQCeIlSqf2D0fA/K5ZDmPryNUimJhvcAoIFX > X/ERPx3UDlf8ggTj+E7tCRQW > =pFSz > -----END PGP SIGNATURE----- > > > -- > Please note: It is the policy of West Press that all e-mail > sent to and from any @westpress.com address may be recorded > and monitored. Unless it is West Press related business, > please do not send any material of a private, personal, or > confidential nature to this or any @westpress.com e-mail address. > > This message has been scanned for UCE (spam), viruses, and > dangerous content, and is believed to be clean > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jul 8 17:16:00 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:15 2006 Subject: whitelisting Message-ID: Craig Daters wrote: > No, using "To:" in the whitelist rules would mean that any incoming > mail addressed to that particular user would be allowed through. That's how I've always intrepreted it, and, of course, I don't want to do a blanket whitelist for a user. Well, sometimes I'm *tempted* to open the floodgates for select 'special' users but so far I've refrained. :-) > It sounds like what you need to do is configure your MTA to refuse > mail where the domain in the "From:" envelope is coming from MX's > that are not listed in DNS for that domain. Running sendmail - any pointers on how to do that, and more importantly, any downsides? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Fri Jul 8 17:26:36 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:15 2006 Subject: SpamAssassin Timeouts Message-ID: Julian Field wrote: > Then shut down the MailScanner processes (leave sendmail running!) > and wait about 30 seconds. I see timeouts periodically but blamed them on a overworked line (soon to be upgraded). This looks worth looking into though. To kill the MailScanner processes I presume one would just find the pids via ps and do a kill on 'em? TIA... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 8 17:24:29 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:15 2006 Subject: Virus-scanning spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > I just came across a situation where messages that are being flagged as > spam due to the fact that they are listed on one or more RBL's are not > being scanned for viruses. I cannot quickly find anything on the > FAQ/MAQ that discusses how to adjust settings to virus-scan these > messages? Am I missing something somewhere? From craig at WESTPRESS.COM Fri Jul 8 18:05:00 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:15 2006 Subject: whitelisting Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 8, 2005, at 9:16 AM, Kevin Miller wrote: > >> It sounds like what you need to do is configure your MTA to refuse >> mail where the domain in the "From:" envelope is coming from MX's >> that are not listed in DNS for that domain. > > Running sendmail - any pointers on how to do that, and more > importantly, any > downsides? > I too am running sendmail, and unfortunately I have no information on how to do this. I know that it can be done, but I have yet to find a how-to or something similar which explains how. Commenting out the option: FEATURE(`accept_unresolvable_domains')dnl is supposed to take care of most of that. But it still seems like some of this type of crap gets through too. I have noticed that Postfix seems to have a lot of these kinds of features and that it seems relatively easy to configure. I have been pondering a switch to Postfix, though I have been using sendmail for years and am very familiar with it, so I don't know.... - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQs6yRRBVT8XLuTbnEQKIEgCglkdYZmko90kN+/24U6X8TI3pJ3oAoMEN 7+mwC26kqU2EWCnXy6Hqo9d9 =KkuQ -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Fri Jul 8 18:10:15 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:15 2006 Subject: Virus-scanning spam Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 8, 2005, at 9:24 AM, Ugo Bellavance wrote: > # Do you want to stop any virus-infected spam getting into the spam or > MCP > # archives? If you have a system where users can release messages from > the > # spam or MCP archives, then you probably want to stop them being able > to > # release any infected messages, so set this to yes. > # It is set to no by default as it causes a small hit in performance, > and > # many people don't allow users to access the spam quarantine, so don't > # need it. > # This can also be the filename of a ruleset. > Keep Spam And MCP Archive Clean = no > I take this option to mean that any message that scans positive for a virus/worm/whatever is either kept with the message, or not based on this setting. In my situation, the message is immediately being flagged as spam, and no virus checks are being performed. Is my understanding of this feature wrong? - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQs6zexBVT8XLuTbnEQJQiACfUcrs1ZTOjFY+f5JLFlIEDtwrzooAoPVT JADwjpoPuvYUwdAmsBAMWBhd =yPgx -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Fri Jul 8 18:13:20 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:15 2006 Subject: Virus-scanning spam Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 8, 2005, at 9:02 AM, Randal, Phil wrote: > See here: > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/277.html > > There might be a more elegant way of doing it these days, but that > works > for me. > Phil, This is it! Thank you very much. I knew this was in there somewhere, and I because I had to re-install everything some time ago due to replacing the server, this was one configuration I missed :) - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQs60NhBVT8XLuTbnEQLJYQCcCRvGIyXXkJC9+/ijqVamRDbJXWcAnRmt RYbBCaIFViv5LBGDqzhJ2i/Q =2guW -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 8 21:31:23 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:15 2006 Subject: whitelisting Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote on Fri, 8 Jul 2005 10:05:00 -0700: > FEATURE(`accept_unresolvable_domains')dnl > > is supposed to take care of most of that. But it still seems like some > of this type of crap gets through too. This will only help against non-existing domains. But it should be enabled (= accept_unresolvable_domains disabled) in any case, anyway. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 8 21:31:23 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:15 2006 Subject: whitelisting Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote on Fri, 8 Jul 2005 07:17:09 -0800: > The envelope To:? Wouldn't that route to monster.com instead of > ci.juneau.ak.us? Also, here's the rule: > > spam.whitelist.rules:From: *@monster.com yes > > So it should only be filtering on From monster.com Sorry, I meant Envelope-From. I think MS uses the Envelope addresses for From maillists at CONACTIVE.COM Fri Jul 8 21:31:23 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:15 2006 Subject: Virus-scanning spam Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote on Fri, 8 Jul 2005 10:10:15 -0700: > I take this option to mean that any message that scans positive for a > virus/worm/whatever is either kept with the message, or not based on > this setting. In my situation, the message is immediately being flagged > as spam, and no virus checks are being performed. This should change if you set this to yes. This option is new, I mean it's been added after I read the MailScanner.conf from beginning to end last time ;-) I think if you set this option to yes it will *not* stop scanning after it was found to be spam and will find the virus. Since it is then flagged as a virus Mailwatch won't give you an option to release it. Jules? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Fri Jul 8 23:08:30 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:15 2006 Subject: MCP suggestions Message-ID: I obviously have nothing in the MCP settings. When I go to mailwatch and Update MCP Rule Descriptions it says: Rule Description SAMPLE_RULE1 Banned Subject SAMPLE_RULE2 Banned body text SAMPLE_RULE1 Banned Subject SAMPLE_RULE2 Banned body text I was looking in /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf and it has: Skip_rml_checks 1 Should this be 0 so that it does not skip? Does anyone have good .cf files for the mcp directory? Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Sat Jul 9 00:31:35 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:30:15 2006 Subject: Question about relay and costs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello ^Ö Hoping someone can offer advice on an issue I^Òm having. I have a server with the latest version of MailScanner, and DNS configured for the email domain with a cost of 10 pointing to this server. I have another server that is not running MailScanner (yet) in another location. It simply relays mail to the MailScanner server using Sendmail with a cost of 20. What's strange first off, is that tons of mail still passes through the server with cost of 20, even though the primary MailScanner server with cost of 10 never goes down. Anybody know how to prevent this? The other question is what I might be able to do with the non-MailScanner server so that when the mail does get relayed back to the MailScanner server, it has the original IP of the sender, rather than the relay server's IP. I believe this is causing SpamAssassin not to tag email with SpamCop or XBL list scores. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Jul 9 01:33:15 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:15 2006 Subject: Question about relay and costs Message-ID: Many spammers attempt to hit MX's with a lower priority (your 20) since many secondary MX's are not as secure (as yours is not). Why not run MailScanner on both of your MX's? It would reduce traffic coming into your primary MX as a large percentage of the spam would hit your secondary. I would also run your DNSRBL's at the MTA level on the 20 MX. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Max Kipness Sent: Friday, July 08, 2005 6:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Question about relay and costs Hello - Hoping someone can offer advice on an issue I'm having. I have a server with the latest version of MailScanner, and DNS configured for the email domain with a cost of 10 pointing to this server. I have another server that is not running MailScanner (yet) in another location. It simply relays mail to the MailScanner server using Sendmail with a cost of 20. What's strange first off, is that tons of mail still passes through the server with cost of 20, even though the primary MailScanner server with cost of 10 never goes down. Anybody know how to prevent this? The other question is what I might be able to do with the non-MailScanner server so that when the mail does get relayed back to the MailScanner server, it has the original IP of the sender, rather than the relay server's IP. I believe this is causing SpamAssassin not to tag email with SpamCop or XBL list scores. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Sat Jul 9 09:03:30 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:15 2006 Subject: Question about relay and costs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: > The other question is what I might be able to do with the non-MailScanner > server so that when the mail does get relayed back to the MailScanner > server, it has the original IP of the sender, rather than the relay > server's IP. I believe this is causing SpamAssassin not to tag email with > SpamCop or XBL list scores. SA checks all received headers, not just the last one. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Sat Jul 9 11:18:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:15 2006 Subject: File type rulesets Message-ID: [ The following text is in the "iso-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > On 29 Jun 2005, at 12:30, Martin Hepworth wrote: > >> Julian >> >> just spend a few mins getting my head around this... >> >> OK this is quite nicely put, can this go in the wiki maybe with a >> full example rather than the partial you provided. > > How about you add it and mail me the URL and I will check it for you. > That you you can see if you really understand it, by you adding the > extra bits yourself. I will then just correct anthing that's wrong. > >> I presume the followind would be correct... >> >> %rules-dir%/filename.rules: >> FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf / >> etc/MailScanner/filename.rules.conf >> FromOrTo: default /etc/MailScanner/filename.rules.conf > > Correct. > Jules Finally got 30 mins to do this.. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading Can you check I'm not talking rubbish and then I'll adding the bit about variable substitution. -- Martin Hepworth ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 9 13:45:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: SQL Blacklist/Whitelist Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >Julian Field wrote on Fri, 8 Jul 2005 12:14:19 +0100: > > > >>then reload the SQL data >> >> > >Julian, can you point me to the function that loads them? > > This will all be in your Custom Function. There is no SQL code of any sort built into MailScanner. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 9 13:48:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: SpamAssassin Timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >Julian Field wrote: > > > >>Then shut down the MailScanner processes (leave sendmail running!) >>and wait about 30 seconds. >> >> > >I see timeouts periodically but blamed them on a overworked line (soon to be >upgraded). This looks worth looking into though. > >To kill the MailScanner processes I presume one would just find the pids via >ps and do a kill on 'em? > > > Yes, that will work. Don't kill -9 them, just kill them and wait for them to die on their own. The easy alternative is kill `cat /var/run/MailScanner.pid` -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 9 13:52:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: Virus-scanning spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >Craig Daters wrote on Fri, 8 Jul 2005 10:10:15 -0700: > > > >>I take this option to mean that any message that scans positive for a >>virus/worm/whatever is either kept with the message, or not based on >>this setting. In my situation, the message is immediately being flagged >>as spam, and no virus checks are being performed. >> >> > >This should change if you set this to yes. >This option is new, I mean it's been added after I read the >MailScanner.conf from beginning to end last time ;-) I think if you set >this option to yes it will *not* stop scanning after it was found to be >spam and will find the virus. Since it is then flagged as a virus >Mailwatch won't give you an option to release it. Jules? > > Don't know about the MailWatch bit at the end (I'm no expert on that, ask on the MailWatch list). But otherwise you are right. By not virus scanning spam, you can save a lot of work. But by scanning it, you can forward mis-tagged messages to users safe in the knowledge that they aren't infected. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 9 13:55:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: MCP suggestions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >I obviously have nothing in the MCP settings. When I go to mailwatch >and Update MCP Rule Descriptions it says: >Rule Description >SAMPLE_RULE1 Banned Subject >SAMPLE_RULE2 Banned body text >SAMPLE_RULE1 Banned Subject >SAMPLE_RULE2 Banned body text > >I was looking in /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf and >it has: >Skip_rml_checks 1 >Should this be 0 so that it does not skip? > >Does anyone have good .cf files for the mcp directory? > > skip_rbl_checks 1 is correct as in MCP you don't want to do RBL lookups. As MCP is just content-filtering, it doesn't want to do any network-based checks at all. What sort of thing are you trying to stop? I can write a couple of examples for you if you like. But there is already an example in the mcp directory anyway, can't you just work from that? More docs on what you can do in there is in "man Mail::SpamAssassin::Conf". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 9 14:01:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: Question about relay and costs Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: >Hello ^Ö > >Hoping someone can offer advice on an issue I^Òm having. > >I have a server with the latest version of MailScanner, and DNS configured >for the email domain with a cost of 10 pointing to this server. > >I have another server that is not running MailScanner (yet) in another >location. It simply relays mail to the MailScanner server using Sendmail >with a cost of 20. > >What's strange first off, is that tons of mail still passes through the >server with cost of 20, even though the primary MailScanner server with >cost of 10 never goes down. Anybody know how to prevent this? > > The spammers don't follow the rules. In order to avoid your best-configured mail servers, they deliberately target the mail servers with the highest cost. So the genuine mail will be going to 10, and all the spam will go to 20. Your best bet is to even up the mail load going to each one. The best way to do that is to set them both to the same cost, use a virtual hostname (e.g. mx.your.domain) and have 2 A records for that hostname, which are the IP addresses of your mail servers. Also, you will need to change the IP address of your original 20 server, as it will have been hard-coded into a lot of spammers' target lists by now. Take a look at the Wiki entry I wrote about this a while ago: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:dns >The other question is what I might be able to do with the non-MailScanner >server so that when the mail does get relayed back to the MailScanner >server, it has the original IP of the sender, rather than the relay >server's IP. I believe this is causing SpamAssassin not to tag email with >SpamCop or XBL list scores. > > You will have to do the MailScanner "Spam List" checks on the first server it hits. However, SpamAssassin checks all the IP addresses in the headers, so will provide far more useful results. You are using SpamAssassin, aren't you? :-) >Thanks, >Max > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevin at KEVINSPICER.CO.UK Sat Jul 9 14:00:31 2005 From: kevin at KEVINSPICER.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:15 2006 Subject: MailScanner-MRTG new testing release Message-ID: Hi all, I've just uploaded the latest MailScanner-MRTG UNSTABLE release (0.11.00) to sourceforge for the brave amongst you to test ;) You can download the tarball or rpm at http://tinyurl.com/988vk This testing release contains the initial implementation of the new alarm functionality. This allows the user to specify thresholds (high or low) beyond which an alarm is triggered. There are two levels of alarm, warning or critical. At this stage alarms are only indicated by a coloured bar on the web page, I plan to add additional alert capability in a future release. Note that this functionality relies on server side includes, so apache should be configured with mod_include enabled and 'AllowOverride Options' The existing functionality remains unchanged, with just a few minor bug fixes and extra safety checks. Feedback is invited via the forums on the MailScanner-MRTG sourceforge site at http://mailscannermrtg.sourceforge.net CHANGELOG: - Updated specfile and install script to include new features - Data collection run writes small include files into webserver directory which are included using SSI's from index.html to provide a visual indication of alarm status, a .htaccess file enables server side includes. - New Alarm.pm which works out the current alarm status. - Update copyright messages - Added new threshold configuration file and parsing routines - Fix typos in man page - Include recipients discarded in count of spams rejected by the MTA. NOTE: this currently works for sendmail only. If anyone wants this in exim/ postfix please email me. - Check that data run timeout is defined in config file - Minor correction to usage of df to eliminate error messages from df if filesystem specifications are missing from the conf file ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Sat Jul 9 14:04:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: File type rulesets Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: >>On 29 Jun 2005, at 12:30, Martin Hepworth wrote: >> >> >> >>>Julian >>> >>>just spend a few mins getting my head around this... >>> >>>OK this is quite nicely put, can this go in the wiki maybe with a >>>full example rather than the partial you provided. >>> >>> >>How about you add it and mail me the URL and I will check it for you. >>That you you can see if you really understand it, by you adding the >>extra bits yourself. I will then just correct anthing that's wrong. >> >> >> >>>I presume the followind would be correct... >>> >>>%rules-dir%/filename.rules: >>>FromOrTo: *@domain1.ie /etc/MailScanner/filename.domain1.ie.conf / >>>etc/MailScanner/filename.rules.conf >>>FromOrTo: default /etc/MailScanner/filename.rules.conf >>> >>> >>Correct. >> >> >> >Jules > >Finally got 30 mins to do this.. > >http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading > >Can you check I'm not talking rubbish and then I'll adding the bit about >variable substitution. > > It's pretty concise, but it is quite correct. A bit near the top explaining what effect you are trying to achieve with the example would be good. So people can read it and say "Yes, that's what I am trying to do" and then follow through the example to copy it into their setup. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkipness at PAVESTONE.COM Sun Jul 10 14:51:21 2005 From: mkipness at PAVESTONE.COM (Max Kipness) Date: Thu Jan 12 21:30:15 2006 Subject: Question about relay and costs Message-ID: > >Hoping someone can offer advice on an issue I'm having. > > > >I have a server with the latest version of MailScanner, and DNS > configured > >for the email domain with a cost of 10 pointing to this server. > > > >I have another server that is not running MailScanner (yet) in another > >location. It simply relays mail to the MailScanner server using Sendmail > >with a cost of 20. > > > >What's strange first off, is that tons of mail still passes through the > >server with cost of 20, even though the primary MailScanner server with > >cost of 10 never goes down. Anybody know how to prevent this? > > > > > The spammers don't follow the rules. In order to avoid your > best-configured mail servers, they deliberately target the mail servers > with the highest cost. So the genuine mail will be going to 10, and all > the spam will go to 20. Your best bet is to even up the mail load going > to each one. The best way to do that is to set them both to the same > cost, use a virtual hostname (e.g. mx.your.domain) and have 2 A records > for that hostname, which are the IP addresses of your mail servers. > Also, you will need to change the IP address of your original 20 server, > as it will have been hard-coded into a lot of spammers' target lists by > now. > > Take a look at the Wiki entry I wrote about this a while ago: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:dns This is very interesting, I will configure this way. One question I have about two servers configured with MailScanner, though? What about the configurations of the two servers? For example, the bayes db, white and black lists, storage of quarantines, etc. Right now I have a program that allows users to add to a white/black list by forwarding received emails. I also have created a web based quarantine review and release app. I wonder if it would make sense to replicate bayes, white/black lists via rsync every 5 minutes or so? Move messages to one of the servers every so often? Has anybody dealt with this scenario? A neat addition to MailScanner would be a replication feature so you could have MailScanner servers in different geographical locations for the same domain. > >The other question is what I might be able to do with the non-MailScanner > >server so that when the mail does get relayed back to the MailScanner > >server, it has the original IP of the sender, rather than the relay > >server's IP. I believe this is causing SpamAssassin not to tag email with > >SpamCop or XBL list scores. > > > > > You will have to do the MailScanner "Spam List" checks on the first > server it hits. However, SpamAssassin checks all the IP addresses in the > headers, so will provide far more useful results. You are using > SpamAssassin, aren't you? :-) Yes, I am using SpamAssassin. Maybe I'm overlooking something, but when I look at the headers of a message that went through the higher-cost relay first, the first line states it's from the IP of my relay. Isn't that the IP that is looked up in the black hole lists? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sun Jul 10 15:34:23 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:15 2006 Subject: New MailScanner Documentation soon Message-ID: We're almost finished with the revisions to the updated MailScanner Documentation. This effort will update the free documentation available at www.fsl.com/sopport to match the latest version of MailScanner. If anyone has some time next week (our deadline for the final documentation is 7/19) and would like to help with the proof and content reading, please drop me a line off list and I'll send you a link to the new PDF file. Thanks in advance! Steve Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Sun Jul 10 18:07:55 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:30:15 2006 Subject: New MailScanner Documentation soon Message-ID: Hi! > We're almost finished with the revisions to the updated MailScanner > Documentation. This effort will update the free documentation available at > www.fsl.com/sopport to match the latest version of MailScanner. If anyone > has some time next week (our deadline for the final documentation is 7/19) > and would like to help with the proof and content reading, please drop me a > line off list and I'll send you a link to the new PDF file. you might want to redirect that URL to http://www.fsl.com/support/ ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sun Jul 10 22:34:05 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:15 2006 Subject: New MailScanner Documentation soon Message-ID: Thanks, It was to early on a weekend morning here to do mych typing :) Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Raymond Dijkxhoorn > Sent: Sunday, July 10, 2005 1:08 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: New MailScanner Documentation soon > > Hi! > > > We're almost finished with the revisions to the updated MailScanner > > Documentation. This effort will update the free documentation available > at > > www.fsl.com/sopport to match the latest version of MailScanner. If > anyone > > has some time next week (our deadline for the final documentation is > 7/19) > > and would like to help with the proof and content reading, please drop > me a > > line off list and I'll send you a link to the new PDF file. > > you might want to redirect that URL to http://www.fsl.com/support/ ;) > > Bye, Thanks. http://www.fsl.com/support/ it is. It was to early on a weekend morning here to do much typing :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Mon Jul 11 03:59:34 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:15 2006 Subject: Virus mail slipped through under special condition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I wonder if anybody has seen this scenario. I've set up MailScanner as our gateway. Recently, I implemented milter-ahead to minimize virus mail sending to non-existing account. This works great as far as the virus mail directly sends to our gateway. We've a backup MX services by easyDNS. The function of this service is that when our internet link is broken, their mail server will hold the mail sending to us. The mail will be holding for a week at most and will try to re-send them to our MX (gateway) every hour. This works great too. When the above two combined together and with a special condition, MailScanner couldn't detect the virus mail. :( The condition is that: 1. Virus mail sending to a non-existing account of us but spoofed from an existing account of us. e.g. From: support@kankanwoo.com; To: james@kankanwoo.com where "support" is a valid account but not "james". 2. The virus mail was not sending to our gateway directly at the time of sending because: (i) our internet link was broken; or (ii) it deliberately sent to our backup MX. 3. Our backup MX services received the virus mail and queued for later delivery. 4. The backup MX services delivered the virus mail to our gateway. 5. Our gateway rejected the email by milter-ahead. :) 6. The backup MX services received our "550 5.7.1 ..." message and then sent out an "Undelivered Mail Return to Sender" mail. i.e. sent this notification with the virus mail embedded to support@kankanwoo.com 7. Our gateway received this notification with embedded virus. But MailScanner "found clean" and relayed to our mail server. :( 8. The virus mail was luckily quarantined by our virus scanner (McAfee) at the mail server. I must say that except this special condition MailScanner works fine all the time. We're using these on the mail gateway: FreeBSD 5.3 MailScanner 4.42.9_1 p5-Mail-SpamAssassin-3.0.4 clamav-0.86.1 p5-Mail-ClamAV-0.12 bdc-7.0.1 (BitDefender) f-prot-4.5.4 Have I do something wrong? Or should I disable milter-ahead? Could someone help me fixing this or giving some suggestions? Cheers Raylund ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From evanderleun at HAL9000.NL Mon Jul 11 09:31:18 2005 From: evanderleun at HAL9000.NL (Erik van der Leun) Date: Thu Jan 12 21:30:15 2006 Subject: SpamAssassin Timeouts Message-ID: Hi y'all :) (no, not American, just mondayish :P ) Thanks for all your suggestions and feedback... In the meanwhile I've learned a bit more about the debugging and --lint of spamassassin, and I've got a nice up to date installation :P It seems to have turned out to be my own fault (logically), as I changed my installation a while ago from the regular way of using the tarfile to the Gentoo way... My MailScanner.conf was a mess... it still had a couple of links to a path I no longer used but still was in existence... I've used the clean configuration file as brought with the package and worked my way through it again... So... eh... it appears... that I'm a... anyway, It's been my own fault... My apologies and thanks for the help :) Erik ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 11 09:33:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:15 2006 Subject: Virus mail slipped through under special condition Message-ID: Raylund Lai wrote: > Hi, > > I wonder if anybody has seen this scenario. > > I've set up MailScanner as our gateway. Recently, I implemented > milter-ahead to minimize virus mail sending to non-existing account. > This works great as far as the virus mail directly sends to our gateway. > > We've a backup MX services by easyDNS. The function of this service is > that when our internet link is broken, their mail server will hold the > mail sending to us. The mail will be holding for a week at most and > will try to re-send them to our MX (gateway) every hour. This works > great too. > > When the above two combined together and with a special condition, > MailScanner couldn't detect the virus mail. :( > > The condition is that: > 1. Virus mail sending to a non-existing account of us but spoofed > from an existing account of us. e.g. From: support@kankanwoo.com; To: > james@kankanwoo.com where "support" is a valid account but not "james". > 2. The virus mail was not sending to our gateway directly at the time > of sending because: (i) our internet link was broken; or (ii) it > deliberately sent to our backup MX. > 3. Our backup MX services received the virus mail and queued for > later delivery. > 4. The backup MX services delivered the virus mail to our gateway. > 5. Our gateway rejected the email by milter-ahead. :) > 6. The backup MX services received our "550 5.7.1 ..." message and > then sent out an "Undelivered Mail Return to Sender" mail. i.e. sent > this notification with the virus mail embedded to support@kankanwoo.com > 7. Our gateway received this notification with embedded virus. But > MailScanner "found clean" and relayed to our mail server. :( > 8. The virus mail was luckily quarantined by our virus scanner > (McAfee) at the mail server. > > I must say that except this special condition MailScanner works fine all > the time. > > We're using these on the mail gateway: > FreeBSD 5.3 > MailScanner 4.42.9_1 > p5-Mail-SpamAssassin-3.0.4 > clamav-0.86.1 > p5-Mail-ClamAV-0.12 > bdc-7.0.1 (BitDefender) > f-prot-4.5.4 > > Have I do something wrong? Or should I disable milter-ahead? Could > someone help me fixing this or giving some suggestions? > > Cheers > Raylund > Raylund we see quite a bit of this kind of 'bounce' as well, but for me both ClamAV and Sophos still pick up the virus laden content as well. (Running FreeBSD 4.10 and MS 4.43). Can you do a MailScanner -v and send the output back to the list... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jul 11 10:21:13 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:15 2006 Subject: Virus mail slipped through under special Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, July 11, 2005 9:33, Martin Hepworth said: > Raylund Lai wrote: >> The condition is that: >> 1. Virus mail sending to a non-existing account of us but spoofed >> from an existing account of us. e.g. From: support@kankanwoo.com; To: >> james@kankanwoo.com where "support" is a valid account but not "james". >> 2. The virus mail was not sending to our gateway directly at the time >> of sending because: (i) our internet link was broken; or (ii) it >> deliberately sent to our backup MX. >> 3. Our backup MX services received the virus mail and queued for >> later delivery. >> 4. The backup MX services delivered the virus mail to our gateway. >> 5. Our gateway rejected the email by milter-ahead. :) >> 6. The backup MX services received our "550 5.7.1 ..." message and >> then sent out an "Undelivered Mail Return to Sender" mail. i.e. sent >> this notification with the virus mail embedded to support@kankanwoo.com >> 7. Our gateway received this notification with embedded virus. But >> MailScanner "found clean" and relayed to our mail server. :( >> 8. The virus mail was luckily quarantined by our virus scanner >> (McAfee) at the mail server. >> Have you got a rules set for not scanning 'support' e-mail? That would cause this. > Raylund > > we see quite a bit of this kind of 'bounce' as well, but for me both > ClamAV and Sophos still pick up the virus laden content as well. > (Running FreeBSD 4.10 and MS 4.43). The other thing to do is configure your MTA not to bounce mail with the virus attached (Which seems sensible not to pass the virus on). Instructions can be found here http://virbl.bit.nl/faq.php under 'My mailserver is listed, but it is impossible that it is infected with a virus.' (9th item down). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Mon Jul 11 12:19:41 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:15 2006 Subject: SV: Virus-scanning spam Message-ID: > >>I take this option to mean that any message that scans positive for a >>virus/worm/whatever is either kept with the message, or not based on >>this setting. In my situation, the message is immediately being flagged >>as spam, and no virus checks are being performed. >> >> > >This should change if you set this to yes. >This option is new, I mean it's been added after I read the >MailScanner.conf from beginning to end last time ;-) I think if you set >this option to yes it will *not* stop scanning after it was found to be >spam and will find the virus. Since it is then flagged as a virus >Mailwatch won't give you an option to release it. Jules? > > Hi Im running mailscanner / SMGateway on our domains. It seams that mail that is digitally signed are corrupted when being passed through the mailscanner. The certificates are still certified, but outlook displays an error saying the message might have been altered – how can this be? Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "image001.gif" Image/GIF 732bytes. ] [ Unable to print this part. ] From ewallig at AEROCONTRACTORS.COM Mon Jul 11 12:35:47 2005 From: ewallig at AEROCONTRACTORS.COM (Ed Wallig) Date: Thu Jan 12 21:30:15 2006 Subject: digitally signed mails are currupted? Message-ID: @font-face { font-family: Verdana; } @page Section1 {size: 595.3pt 841.9pt; margin: 3.0cm 2.0cm 3.0cm 2.0cm; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose } DIV.Section1 { page: Section1 } Don't know if this is a part of MailScanner or not, but are you appending a "disclaimer" or company signature to your outbound messages? This will supposedly mess up digitally signed messages as there is data being added to the message after it's being signed. Hope this helps... - Ed ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan Agermose Sent: Monday, July 11, 2005 7:23 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: digitally signed mails are currupted? Hi Im running mailscanner / SMGateway on our domains. It seams that mail that is digitally signed are corrupted when being passed through the mailscanner. The certificates are still certified, but outlook displays an error saying the message might have been altered – how can this be? Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Human Resource profile ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 1.2, Image/GIF 732bytes. ] [ Unable to print this part. ] [ Part 2, Application/X-PKCS7-SIGNATURE 6.1KB. ] [ Unable to print this part. ] From michele at BLACKNIGHT.IE Mon Jul 11 12:41:37 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:15 2006 Subject: digitally signed mails are currupted? Message-ID: > displays an error saying the message might have been altered - how > can this be? > Search the mailing list archives. This has come up in the past. Basically MS alters the email and may break some digital signatures. You are probably appending something to inbound or outbound mail which is causing this behaviour Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/GIF 732bytes. ] [ Unable to print this part. ] From kenneth.kalmer at gmail.com Mon Jul 11 13:18:03 2005 From: kenneth.kalmer at gmail.com (Kenneth Kalmer) Date: Thu Jan 12 21:30:15 2006 Subject: Store messages that break size rules... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Guys I've been reading and searching around on how to do the following, without much luck. Went through the wiki and my gmail archive with no success. I want messages that break the "Maximum Attachment Size" rule to be "store"d the same way messages are stored that get's identified by spamassassin as spam. My spam action is set to store, so I can easily use Mailwatch to release false positives and do a sa-lean on them. It's just to tedious to wander into the quarantine directory every time somebody needs a file that got caught by the maximum size rule... And using mailwatch's release would work great for this. I asked on the mailwatch list and another user recommended that I store all mail, which is out of the question... Regards -- Kenneth Kalmer kenneth.kalmer@gmail.com Folding@home stats http://vspx27.stanford.edu/cgi-bin/main.py?qtype=userpage&username=kenneth%2Ekalmer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Mon Jul 11 13:36:46 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:15 2006 Subject: SV: digitally signed mails are currupted? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] På vegne af Michele Neylon :: Blacknight Solutions Sendt: 11. juli 2005 13:42 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: Re: digitally signed mails are currupted? > displays an error saying the message might have been altered - how > can this be? > ""notification" -> " notices editor" -> "inline.sig" -> and removed the text. This must still insert something though nothing visible. Feature :-) /regards Jan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 11 14:24:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: SV: Virus-scanning spam Message-ID: On 11 Jul 2005, at 12:19, Jan Agermose wrote: >> >> >>> I take this option to mean that any message that scans positive >>> for a >>> virus/worm/whatever is either kept with the message, or not based on >>> this setting. In my situation, the message is immediately being >>> > flagged > >>> as spam, and no virus checks are being performed. >>> >>> >>> >> >> This should change if you set this to yes. >> This option is new, I mean it's been added after I read the >> MailScanner.conf from beginning to end last time ;-) I think if >> you set >> > > >> this option to yes it will *not* stop scanning after it was found >> to be >> > > >> spam and will find the virus. Since it is then flagged as a virus >> Mailwatch won't give you an option to release it. Jules? >> >> >> > can > > > > > it looks to me that if the first scanner marks the mail as having > virus > the other scanners are still being run on the mail? Why is that? Because the whole batch of messages is scanned at once, with one command. So the only way to stop the message being scanned is to delete the attachment files, which will screw you up later on when it comes to all the HTML content scanning and things like that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From danc at BLUESTARSHOWS.COM Mon Jul 11 14:51:50 2005 From: danc at BLUESTARSHOWS.COM (Dan Carl) Date: Thu Jan 12 21:30:15 2006 Subject: howto stop 1 users outgong mail from being scanned & headers changed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a user named "mailer" that I use to send bulk emails. I don't want Mailscanner to scan or change headers on any of its outgoing mail. I made a virus.scanning.rules listed below. From: mailer@mydomain.com no FromOrTo: default yes and a signing rule as follows From: mailer@mydomain.com no FromOrTo: default yes When I send emails they are still sent via Mailscanner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 11 14:50:25 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:15 2006 Subject: digitally signed mails are currupted? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jan Agermose wrote: > Hi > > > > Im running mailscanner / SMGateway on our domains. It seams that mail > that is digitally signed are corrupted when being passed through the > mailscanner. The certificates are still certified, but outlook displays > an error saying the message might have been altered ^Ö how can this be? Do you have this set to yes? Sign Clean Messages = -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 11 15:05:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:15 2006 Subject: howto stop 1 users outgong mail from being scanned & headers changed Message-ID: Dan Carl wrote: > I have a user named "mailer" that I use to send bulk emails. > I don't want Mailscanner to scan or change headers on any of its outgoing > mail. > I made a virus.scanning.rules listed below. > From: mailer@mydomain.com no > FromOrTo: default yes > > and a signing rule as follows > From: mailer@mydomain.com no > FromOrTo: default yes > > When I send emails they are still sent via Mailscanner > > Correct MS will still process them...you also prob want to skip the spam scanning, iframe tests etc etc -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 11 15:24:24 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:15 2006 Subject: digitally signed mails are currupted? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Jan Agermose wrote: > >>Hi >> >> >> >>Im running mailscanner / SMGateway on our domains. It seams that mail >>that is digitally signed are corrupted when being passed through the >>mailscanner. The certificates are still certified, but outlook displays >>an error saying the message might have been altered ^Ö how can this be? > > > Do you have this set to yes? > > Sign Clean Messages = > > Sorry, you were talking about SMGateway... but as others stated, it probably has to do with some kind of signature that you add to the message. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Mon Jul 11 15:49:03 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:30:15 2006 Subject: OT: RH9 Kernel Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Off topic. Just thought maybe someone here can point me in the right direction. I wish to update the kernel on my RH9 machines. I have the latest kernel installed that was released by Red Hat before the product end of life. Is it possible to build and install a generic kernel from kernel.org without any major headaches? Any links to references on this would be great. Also any tips would be welcome. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon Jul 11 16:08:27 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:15 2006 Subject: MCP suggestions Message-ID: > Billy A. Pumphrey wrote: > > >I obviously have nothing in the MCP settings. When I go to mailwatch > >and Update MCP Rule Descriptions it says: > >Rule Description > >SAMPLE_RULE1 Banned Subject > >SAMPLE_RULE2 Banned body text > >SAMPLE_RULE1 Banned Subject > >SAMPLE_RULE2 Banned body text > > > >I was looking in /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf and > >it has: > >Skip_rml_checks 1 > >Should this be 0 so that it does not skip? > > > >Does anyone have good .cf files for the mcp directory? > > > > > skip_rbl_checks 1 > is correct as in MCP you don't want to do RBL lookups. As MCP is just > content-filtering, it doesn't want to do any network-based checks at all. > What sort of thing are you trying to stop? I can write a couple of > examples for you if you like. But there is already an example in the mcp > directory anyway, can't you just work from that? More docs on what you > can do in there is in "man Mail::SpamAssassin::Conf". > > -- > Julian Field I don't want to put vague rules in there and have false positives. Here is an example email that slipped through: How are you, $400,000 = few hundred per month My friend showed me this now or never rifienance QU0TE. ==================================================================== ==================================================================== Check below: http://innhgh.com ==================================================================== ==================================================================== This is Valid for next 24 hrs. only. I am a teacher of preschool children with disabilities. I have been making software for the children in my classrooms for the last eight years. Over the past 23 years I have encountered many types of disabilities and many types of parents. The question. i need to get a pedicure. my feet smell and itch. Sincerely, Sammie Faris -------------- Headers -------------- Microsoft Mail Internet Headers Version 2.0 Received: from localhost.localdomain ([10.1.1.15]) by mail.woodmaclaw.com with Microsoft SMTPSVC(5.0.2195.6713); Sat, 9 Jul 2005 06:49:24 -0500 Received: from owl.dns-nac-zone.com (owl.dns-nac-zone.com [207.99.35.2]) by localhost.localdomain (8.13.4/8.13.1) with ESMTP id j69BlJlP026342 for ; Sat, 9 Jul 2005 06:47:19 -0500 Received: from nuno by owl.dns-nac-zone.com with local-bsmtp (Exim 4.44) id 1DrDpQ-0006YD-RH for nuno@indysmash.com; Sat, 09 Jul 2005 11:49:05 +0000 Received: from 148.219113109.m-net.ne.jp ([219.113.109.148]) by owl.dns-nac-zone.com with smtp (Exim 4.44) id 1DrDpO-0006Wz-Ry; Sat, 09 Jul 2005 11:49:04 +0000 Subject: check our new site with h!storic L0W QU0TE Message-ID: From: "Clarice Z. Olariu" To: "Clarice Z. Olariu" Cc: boomer123@indysmash.com, bried@indysmash.com, burlaza@indysmash.com, calvelo@indysmash.com, caska@indysmash.com, maxloragno@indysmash.com, mcevers@indysmash.com, nuno@indysmash.com, pattysines@indysmash.com, paul.vigurs@indysmash.com Date: Sat, 09 Jul 2005 06:30:28 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--Piece.PHDWba7W3.m" X-Spam-Level: *** X-Spam-Status: No, score=3.8 required=5.0 tests=BAYES_99,HTML_10_20, HTML_MESSAGE,MPART_ALT_DIFF autolearn=no version=3.0.4 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on owl.dns-nac-zone.com X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - owl.dns-nac-zone.com X-AntiAbuse: Original Domain - indysmash.com X-AntiAbuse: Originator/Caller UID/GID - [32668 12] / [47 12] X-AntiAbuse: Sender Address Domain - yahoo.co.jp X-Source: X-Source-Args: /usr/sbin/exim -Mc 1DrDpO-0006Wz-Ry X-Source-Dir: /tmp X-WoodMacLaw-MailScanner-Information: Please contact the ISP for more information X-WoodMacLaw-MailScanner: Found to be clean X-WoodMacLaw-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 1) X-WoodMacLaw-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.809, required 5, BAYES_99 3.50, HTML_10_20 0.25, HTML_MESSAGE 0.00, MPART_ALT_DIFF 0.07, URIBL_SBL 1.00) X-WoodMacLaw-MailScanner-SpamScore: ssss X-WoodMacLaw-MailScanner-From: freekfreek9tmr@yahoo.co.jp Return-Path: freekfreek9tMr@yahoo.co.jp X-OriginalArrivalTime: 09 Jul 2005 11:49:24.0606 (UTC) FILETIME=[40B0B1E0:01C5847C] ----Piece.PHDWba7W3.m Content-Type: text/plain; format=flowed; charset=iso-8859-15 Content-Transfer-Encoding: 7Bit ----Piece.PHDWba7W3.m Content-Type: text/html; format=flowed; charset=iso-8859-15 Content-Transfer-Encoding: 7Bit ----Piece.PHDWba7W3.m-- Maybe I am misunderstanding the 'importance' or 'function' of MCP. I remember when I start my admin job and there was Symantec spam filtering setup on the exchange server. I was like, oh yeah we going to get that spam. So I started filtering words like sex, pu***, free, and so on. Then it made a little chaos because that did not work and got good emails. I do not want to do this with MCP, so I was thinking that there might be files for MCP as there are .cf's for rules for spamassassin. Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 11 15:59:16 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:15 2006 Subject: OT: RH9 Kernel Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rodney Green wrote: > Hello, > > Off topic. Just thought maybe someone here can point me in the right > direction. I wish to update the kernel on my RH9 machines. I have the > latest kernel installed that was released by Red Hat before the product > end of life. Is it possible to build and install a generic kernel from > kernel.org without any major headaches? Any links to references on this > would be great. Also any tips would be welcome. > > Thanks, > Rod > If you'r only looking for a way to have an up to date system, you should see http://www.fedoralegacy.org -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Mon Jul 11 16:13:10 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:30:15 2006 Subject: RH9 Kernel Message-ID: Go look-see the Fedora Legacy Project: http://www.fedoralegacy.org/ -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green Sent: 11 July 2005 15:49 To: MAILSCANNER@JISCMAIL.AC.UK Subject: OT: RH9 Kernel Hello, Off topic. Just thought maybe someone here can point me in the right direction. I wish to update the kernel on my RH9 machines. I have the latest kernel installed that was released by Red Hat before the product end of life. Is it possible to build and install a generic kernel from kernel.org without any major headaches? Any links to references on this would be great. Also any tips would be welcome. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 11 16:28:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: MCP suggestions Message-ID: On 11 Jul 2005, at 16:08, Billy A. Pumphrey wrote: > > Maybe I am misunderstanding the 'importance' or 'function' of MCP. I > remember when I start my admin job and there was Symantec spam > filtering > setup on the exchange server. I was like, oh yeah we going to get > that > spam. So I started filtering words like sex, pu***, free, and so on. > Then it made a little chaos because that did not work and got good > emails. I do not want to do this with MCP, so I was thinking that > there > might be files for MCP as there are .cf's for rules for spamassassin. MCP is done so that it is entirely up to you to add rules that do what you want. There are no pre-defined sets of standard rules that you can copy. For example, you might want to stop all mail leaving your company that contains the name of sensitive projects perhaps. If all you are trying to do is to stop porn leaving or entering your site, you are probably better off using SpamAssassin and increase the score of some of the anti-porn rules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon Jul 11 16:33:08 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:15 2006 Subject: OT Cron and GUI Message-ID: Will someone tell me how I can: Test my crons by running cron.daily? Turn off the GUI on my linux box? Thank you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 11 16:36:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:15 2006 Subject: OT Cron and GUI Message-ID: On 11 Jul 2005, at 16:33, Billy A. Pumphrey wrote: > Will someone tell me how I can: > Test my crons by running cron.daily? cd /etc/cron.daily Run each of the scripts in there (e.g. ./clean.quarantine) > Turn off the GUI on my linux box? Edit /etc/inittab and change the line that says id:5:initdefault: so that it says id:3:initdefault: and reboot your box. Theoretically you can do it without rebooting with the command telinit 3 but I don't usually trust that. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 11 16:31:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:15 2006 Subject: MCP suggestions Message-ID: Billy A. Pumphrey wrote: > > I don't want to put vague rules in there and have false positives. Here > is an example email that slipped through: > Billy here are the rules that fired on that memail on by system. Forgetting the ALL_TRUSTED misfire (hmm where'd that come from must check my spam.assassin.prefs.conf) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 MISSING_DATE Missing Date: header -2.8 ALL_TRUSTED Did not pass through any untrusted hosts 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter 0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter 2.3 MANGLED_LOW BODY: mangled low 0.1 FU_FREE URI: FU_FREE 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: innhgh.com] 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: innhgh.com] 1.6 MISSING_SUBJECT Missing Subject: header 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO 0.5 FM_NO_TO FM_NO_TO 3.2 FM_MASKEDW0RDS FM_MASKEDW0RDS -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Jul 11 17:08:12 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:15 2006 Subject: MCP suggestions Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, July 11, 2005 11:29 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MCP suggestions > > On 11 Jul 2005, at 16:08, Billy A. Pumphrey wrote: > > > > > Maybe I am misunderstanding the 'importance' or 'function' of MCP. I > > remember when I start my admin job and there was Symantec spam > > filtering > > setup on the exchange server. I was like, oh yeah we going to get > > that > > spam. So I started filtering words like sex, pu***, free, and so on. > > Then it made a little chaos because that did not work and got good > > emails. I do not want to do this with MCP, so I was thinking that > > there > > might be files for MCP as there are .cf's for rules for spamassassin. > > MCP is done so that it is entirely up to you to add rules that do > what you want. There are no pre-defined sets of standard rules that > you can copy. For example, you might want to stop all mail leaving > your company that contains the name of sensitive projects perhaps. > > If all you are trying to do is to stop porn leaving or entering your > site, you are probably better off using SpamAssassin and increase the > score of some of the anti-porn rules. Some financial institutions are using MCP to check any outgoing emails that contain strings that look like US social security numbers :) Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon Jul 11 17:15:43 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:15 2006 Subject: MCP suggestions Message-ID: > > Billy A. Pumphrey wrote: > > > > > I don't want to put vague rules in there and have false positives. Here > > is an example email that slipped through: > > > > Billy > > here are the rules that fired on that memail on by system. > Forgetting the ALL_TRUSTED misfire (hmm where'd that come from must > check my spam.assassin.prefs.conf) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 MISSING_DATE Missing Date: header > -2.8 ALL_TRUSTED Did not pass through any untrusted hosts > 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter > 0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter > 2.3 MANGLED_LOW BODY: mangled low > 0.1 FU_FREE URI: FU_FREE > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > blocklist > [URIs: innhgh.com] > 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist > [URIs: innhgh.com] > 1.6 MISSING_SUBJECT Missing Subject: header > 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO > 0.5 FM_NO_TO FM_NO_TO > 3.2 FM_MASKEDW0RDS FM_MASKEDW0RDS > > > -- > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > Thank you. If I may ask. How did you test that? Command line or mailwatch? Looked like a mailwatch report but how did you send it? Anyway... I went back through my mailwatch and found the message and here is my report: Score Matching Rule Description 3.50 BAYES_99 Bayesian spam probability is 99 to 100% 0.25 HTML_10_20 Message is 10% to 20% HTML 0.00 HTML_MESSAGE HTML included in message 0.07 MPART_ALT_DIFF HTML and text parts are different 1.00 URIBL_SBL Contains an URL listed in the SBL blocklist I need more rules. I thought that I had a lot of rules on my machine. I have all of the recomened ones at http://www.rulesemporium.com/ I do not see chicken pox on there though. You have quite a few more rule hits that I do. I have: [root@WoodenMS CustomFunctions]# locate *.cf /etc/isdn/ibod.cf /etc/MailScanner/mcp/10_example.cf /etc/mail/spamassassin.local.cf /etc/mail/spamassassin/bogus-virus-warnings.cf /etc/mail/spamassassin/70_sare_oem.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf /etc/mail/spamassassin/RulesDuJour/70_sare_oem.cf /etc/mail/spamassassin/RulesDuJour/72_sare_bml_post25x.cf /etc/mail/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf /etc/mail/spamassassin/RulesDuJour/70_sare_html.cf /etc/mail/spamassassin/RulesDuJour/99_sare_fraud_post25x.cf /etc/mail/spamassassin/RulesDuJour/70_sare_spoof.cf /etc/mail/spamassassin/RulesDuJour/70_sare_specific.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_header.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_adult.cf /etc/mail/spamassassin/72_sare_bml_post25x.cf /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf /etc/mail/spamassassin/70_sare_html.cf /etc/mail/spamassassin/99_sare_fraud_post25x.cf /etc/mail/spamassassin/70_sare_spoof.cf /etc/mail/spamassassin/german.cf /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/70_sare_specific.cf /etc/mail/spamassassin/70_sare_random.cf /etc/mail/spamassassin/70_sare_header.cf /etc/mail/spamassassin/antidrug.cf /etc/mail/spamassassin/70_sare_evilnum0.cf /etc/mail/spamassassin/70_sare_adult.cf /etc/mail/sendmail.cf /etc/mail/submit.cf /usr/share/sendmail-cf/cf/generic-solaris.cf /usr/share/sendmail-cf/cf/generic-nextstep3.3.cf /usr/share/sendmail-cf/cf/generic-ultrix4.cf /usr/share/sendmail-cf/cf/generic-bsd4.4.cf /usr/share/sendmail-cf/cf/generic-osf1.cf /usr/share/sendmail-cf/cf/generic-linux.cf /usr/share/sendmail-cf/cf/generic-sunos4.1.cf /usr/share/sendmail-cf/cf/submit.cf /usr/share/sendmail-cf/cf/generic-mpeix.cf /usr/share/sendmail-cf/cf/generic-hpux10.cf /usr/share/sendmail-cf/cf/generic-hpux9.cf /usr/share/spamassassin/20_fake_helo_tests.cf /usr/share/spamassassin/25_hashcash.cf /usr/share/spamassassin/30_text_pl.cf /usr/share/spamassassin/30_text_de.cf /usr/share/spamassassin/25_spf.cf /usr/share/spamassassin/20_porn.cf /usr/share/spamassassin/20_head_tests.cf /usr/share/spamassassin/20_compensate.cf /usr/share/spamassassin/23_bayes.cf /usr/share/spamassassin/25_body_tests_es.cf /usr/share/spamassassin/30_text_fr.cf /usr/share/spamassassin/50_scores.cf /usr/share/spamassassin/20_dnsbl_tests.cf /usr/share/spamassassin/20_ratware.cf /usr/share/spamassassin/20_drugs.cf /usr/share/spamassassin/20_uri_tests.cf /usr/share/spamassassin/10_misc.cf /usr/share/spamassassin/20_meta_tests.cf /usr/share/spamassassin/20_html_tests.cf /usr/share/spamassassin/60_whitelist.cf /usr/share/spamassassin/20_phrases.cf /usr/share/spamassassin/20_body_tests.cf /usr/share/spamassassin/25_uribl.cf /usr/share/spamassassin/20_anti_ratware.cf /usr/share/spamassassin/30_text_nl.cf /home/install/sendmail-8.13.4/cf/cf/generic-solaris.cf /home/install/sendmail-8.13.4/cf/cf/generic-nextstep3.3.cf /home/install/sendmail-8.13.4/cf/cf/generic-ultrix4.cf /home/install/sendmail-8.13.4/cf/cf/generic-bsd4.4.cf /home/install/sendmail-8.13.4/cf/cf/generic-osf1.cf /home/install/sendmail-8.13.4/cf/cf/generic-linux.cf /home/install/sendmail-8.13.4/cf/cf/generic-sunos4.1.cf /home/install/sendmail-8.13.4/cf/cf/submit.cf /home/install/sendmail-8.13.4/cf/cf/generic-mpeix.cf /home/install/sendmail-8.13.4/cf/cf/generic-hpux10.cf /home/install/sendmail-8.13.4/cf/cf/generic-hpux9.cf [root@WoodenMS CustomFunctions]# I seen chickenpox here: http://wiki.apache.org/spamassassin/CustomRulesets I will go/can go through these and do some more searching for rules, however do you have recommendations that you find work well? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Mon Jul 11 17:30:41 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:30:15 2006 Subject: RH9 Kernel Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, I'll check it out. Nigel kendrick wrote: >Go look-see the Fedora Legacy Project: http://www.fedoralegacy.org/ > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Rodney Green >Sent: 11 July 2005 15:49 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: OT: RH9 Kernel > > >Hello, > >Off topic. Just thought maybe someone here can point me in the right >direction. I wish to update the kernel on my RH9 machines. I have the >latest kernel installed that was released by Red Hat before the product >end of life. Is it possible to build and install a generic kernel from >kernel.org without any major headaches? Any links to references on this >would be great. Also any tips would be welcome. > >Thanks, >Rod > > > -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 11 17:31:02 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:16 2006 Subject: MCP suggestions Message-ID: Billy A. Pumphrey wrote: >>Billy A. Pumphrey wrote: >> >> >>>I don't want to put vague rules in there and have false positives. > > Here > >>>is an example email that slipped through: >>> >> >> >>Billy >> >>here are the rules that fired on that memail on by system. >>Forgetting the ALL_TRUSTED misfire (hmm where'd that come from must >>check my spam.assassin.prefs.conf) >> >> pts rule name description >>---- ---------------------- >>-------------------------------------------------- >> 0.0 MISSING_DATE Missing Date: header >>-2.8 ALL_TRUSTED Did not pass through any untrusted hosts >> 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter >> 0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter >> 2.3 MANGLED_LOW BODY: mangled low >> 0.1 FU_FREE URI: FU_FREE >> 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL >>blocklist >> [URIs: innhgh.com] >> 3.0 URIBL_BLACK Contains an URL listed in the URIBL > > blacklist > >> [URIs: innhgh.com] >> 1.6 MISSING_SUBJECT Missing Subject: header >> 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO >> 0.5 FM_NO_TO FM_NO_TO >> 3.2 FM_MASKEDW0RDS FM_MASKEDW0RDS >> >> >>-- >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> > > > Thank you. If I may ask. How did you test that? Command line or > mailwatch? Looked like a mailwatch report but how did you send it? > Anyway... > > I went back through my mailwatch and found the message and here is my > report: > Score Matching Rule Description > 3.50 BAYES_99 Bayesian spam probability is 99 to 100% > 0.25 HTML_10_20 Message is 10% to 20% HTML > 0.00 HTML_MESSAGE HTML included in message > 0.07 MPART_ALT_DIFF HTML and text parts are different > 1.00 URIBL_SBL Contains an URL listed in the SBL blocklist > > I need more rules. I thought that I had a lot of rules on my machine. > I have all of the recomened ones at http://www.rulesemporium.com/ > > I do not see chicken pox on there though. You have quite a few more > rule hits that I do. I have: > > [root@WoodenMS CustomFunctions]# locate *.cf > /etc/isdn/ibod.cf > /etc/MailScanner/mcp/10_example.cf > /etc/mail/spamassassin.local.cf > /etc/mail/spamassassin/bogus-virus-warnings.cf > /etc/mail/spamassassin/70_sare_oem.cf > /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_oem.cf > /etc/mail/spamassassin/RulesDuJour/72_sare_bml_post25x.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_html.cf > /etc/mail/spamassassin/RulesDuJour/99_sare_fraud_post25x.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_spoof.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_specific.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_header.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf > /etc/mail/spamassassin/RulesDuJour/70_sare_adult.cf > /etc/mail/spamassassin/72_sare_bml_post25x.cf > /etc/mail/spamassassin/tripwire.cf > /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > /etc/mail/spamassassin/70_sare_html.cf > /etc/mail/spamassassin/99_sare_fraud_post25x.cf > /etc/mail/spamassassin/70_sare_spoof.cf > /etc/mail/spamassassin/german.cf > /etc/mail/spamassassin/local.cf > /etc/mail/spamassassin/70_sare_specific.cf > /etc/mail/spamassassin/70_sare_random.cf > /etc/mail/spamassassin/70_sare_header.cf > /etc/mail/spamassassin/antidrug.cf > /etc/mail/spamassassin/70_sare_evilnum0.cf > /etc/mail/spamassassin/70_sare_adult.cf > /etc/mail/sendmail.cf > /etc/mail/submit.cf > /usr/share/sendmail-cf/cf/generic-solaris.cf > /usr/share/sendmail-cf/cf/generic-nextstep3.3.cf > /usr/share/sendmail-cf/cf/generic-ultrix4.cf > /usr/share/sendmail-cf/cf/generic-bsd4.4.cf > /usr/share/sendmail-cf/cf/generic-osf1.cf > /usr/share/sendmail-cf/cf/generic-linux.cf > /usr/share/sendmail-cf/cf/generic-sunos4.1.cf > /usr/share/sendmail-cf/cf/submit.cf > /usr/share/sendmail-cf/cf/generic-mpeix.cf > /usr/share/sendmail-cf/cf/generic-hpux10.cf > /usr/share/sendmail-cf/cf/generic-hpux9.cf > /usr/share/spamassassin/20_fake_helo_tests.cf > /usr/share/spamassassin/25_hashcash.cf > /usr/share/spamassassin/30_text_pl.cf > /usr/share/spamassassin/30_text_de.cf > /usr/share/spamassassin/25_spf.cf > /usr/share/spamassassin/20_porn.cf > /usr/share/spamassassin/20_head_tests.cf > /usr/share/spamassassin/20_compensate.cf > /usr/share/spamassassin/23_bayes.cf > /usr/share/spamassassin/25_body_tests_es.cf > /usr/share/spamassassin/30_text_fr.cf > /usr/share/spamassassin/50_scores.cf > /usr/share/spamassassin/20_dnsbl_tests.cf > /usr/share/spamassassin/20_ratware.cf > /usr/share/spamassassin/20_drugs.cf > /usr/share/spamassassin/20_uri_tests.cf > /usr/share/spamassassin/10_misc.cf > /usr/share/spamassassin/20_meta_tests.cf > /usr/share/spamassassin/20_html_tests.cf > /usr/share/spamassassin/60_whitelist.cf > /usr/share/spamassassin/20_phrases.cf > /usr/share/spamassassin/20_body_tests.cf > /usr/share/spamassassin/25_uribl.cf > /usr/share/spamassassin/20_anti_ratware.cf > /usr/share/spamassassin/30_text_nl.cf > /home/install/sendmail-8.13.4/cf/cf/generic-solaris.cf > /home/install/sendmail-8.13.4/cf/cf/generic-nextstep3.3.cf > /home/install/sendmail-8.13.4/cf/cf/generic-ultrix4.cf > /home/install/sendmail-8.13.4/cf/cf/generic-bsd4.4.cf > /home/install/sendmail-8.13.4/cf/cf/generic-osf1.cf > /home/install/sendmail-8.13.4/cf/cf/generic-linux.cf > /home/install/sendmail-8.13.4/cf/cf/generic-sunos4.1.cf > /home/install/sendmail-8.13.4/cf/cf/submit.cf > /home/install/sendmail-8.13.4/cf/cf/generic-mpeix.cf > /home/install/sendmail-8.13.4/cf/cf/generic-hpux10.cf > /home/install/sendmail-8.13.4/cf/cf/generic-hpux9.cf > [root@WoodenMS CustomFunctions]# > > I seen chickenpox here: > http://wiki.apache.org/spamassassin/CustomRulesets > > I will go/can go through these and do some more searching for rules, > however do you have recommendations that you find work well? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Billy see http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:rules:recommended for my list.... I've got lots over the last 18 months or so... my /etc/mail/spammassassin is quite full ;-) -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Mon Jul 11 19:37:55 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:16 2006 Subject: Virus mail slipped through under special condition Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin, Sure, I post my MailScanner -v output here now. For completeness, I post the virus message (with the virus part stripped ;)). I've a rule not to scan local sender too. At first, I thought MailScanner should detect the virus no matter whether it's bounced mail or not. But it seems that my configuration not doing so. I've tested my setting for embedded mail with virus and MailScanner found them without problem. Only this particular condition happen that my configuration let the virus mail through. I'm out of clue on this issue now. Hope someone could help. Cheers Raylund ----- begin MailScanner -v ----- Running on FreeBSD mxgw.kankanwoo.com 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Sat Apr 16 15:11:56 EDT 2005 root@mxgw.kankanwoo.com:/usr/obj/usr/src/sys/KANKANWOO i386 This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.42.9 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.12 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.52 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.6 Test::Simple 1.95 Text::Balanced 1.35 URI ----- end MailScanner -v ----- ----- begin mail ----- Return-Path: <> Sun Jul 10 21:56:27 2005 Received: from UnknownHost [192.168.0.252] by mercury with SMTP; Sun, 10 Jul 2005 21:56:27 -0400 Received: from maryjane.easydns.com (smtp.easydns.com [205.210.42.52]) by mxgw.kankanwoo.com (8.13.1/8.13.1) with ESMTP id j6B1u9h9017459 for ; Sun, 10 Jul 2005 21:56:09 -0400 (EDT) Received: by maryjane.easydns.com (Postfix) id AD462511C0; Sun, 10 Jul 2005 21:56:07 -0400 (EDT) Date: Sun, 10 Jul 2005 21:56:07 -0400 (EDT) From: MAILER-DAEMON@mxgw.kankanwoo.com (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: support@kankanwoo.com MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="D84D35120F.1121046967/maryjane.easydns.com" Message-Id: <20050711015607.AD462511C0@maryjane.easydns.com> X-KanKanWoo-MailScanner-Information: This message has been scanned for viruses/spam. Please contact postmaster@kankanwoo.com if you have questions about this scanning. X-KanKanWoo-MailScanner: Found to be clean X-KanKanWoo-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.348, required 5, BAYES_20 -1.95, FROM_NO_LOWER 0.38, HTML_20_30 0.23, HTML_MESSAGE 0.00, SPF_HELO_PASS -0.00) X-KanKanWoo-MailScanner-From: This is a MIME-encapsulated message. --D84D35120F.1121046967/maryjane.easydns.com Content-Description: Notification Content-Type: text/plain This is the Postfix program at host maryjane.easydns.com. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program : host mail.kankanwoo.com[216.138.195.111] said: 550 5.7.1 ... server [192.168.0.11] for rejected address saying " No such user here" (in reply to RCPT TO command) --D84D35120F.1121046967/maryjane.easydns.com Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; maryjane.easydns.com X-Postfix-Queue-ID: D84D35120F X-Postfix-Sender: rfc822; support@kankanwoo.com Arrival-Date: Sun, 10 Jul 2005 21:55:41 -0400 (EDT) Final-Recipient: rfc822; james@kankanwoo.com Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host mail.kankanwoo.com[216.138.195.111] said: 550 5.7.1 ... server [192.168.0.11] for rejected address saying " No such user here" (in reply to RCPT TO command) --D84D35120F.1121046967/maryjane.easydns.com Content-Description: Undelivered Message Content-Type: message/rfc822 Received: from kankanwoo.com (unknown [211.75.194.240]) by maryjane.easydns.com (Postfix) with ESMTP id D84D35120F for ; Sun, 10 Jul 2005 21:55:41 -0400 (EDT) From: support@kankanwoo.com To: james@kankanwoo.com Subject: Your password has been successfully updated Date: Mon, 11 Jul 2005 09:55:49 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0009_1AA443A3.29DBB61D" X-Priority: 3 X-MSMail-Priority: Normal Message-Id: <20050711015541.D84D35120F@maryjane.easydns.com> This is a multi-part message in MIME format. ------=_NextPart_000_0009_1AA443A3.29DBB61D Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
Dear user james,

You have successfully updated the password of your Kankanwoo account.

If you did not authorize this change or if you need assistance with your account, please contact Kankanwoo customer service at: support@kankanwoo.com

Thank you for using Kankanwoo!
The Kankanwoo Support Team






+++ Attachment: No Virus (Clean)
+++ Kankanwoo Antivirus - www.kankanwoo.com ------=_NextPart_000_0009_1AA443A3.29DBB61D Content-Type: application/octet-stream; name="updated-password.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="updated-password.zip" [Here is where the virus data] ------=_NextPart_000_0009_1AA443A3.29DBB61D-- --D84D35120F.1121046967/maryjane.easydns.com-- ----- end mail ----- ----- begin rules ----- # Set "Virus Scanning = /usr/local/etc/MailScanner/rules/virus.scanning.rules". # From: 127.0.0.1 no FromOrTo: default yes ----- end rules ----- Martin Hepworth wrote: > Raylund Lai wrote: > >> Hi, >> >> I wonder if anybody has seen this scenario. >> >> I've set up MailScanner as our gateway. Recently, I implemented >> milter-ahead to minimize virus mail sending to non-existing account. >> This works great as far as the virus mail directly sends to our gateway. >> >> We've a backup MX services by easyDNS. The function of this service >> is that when our internet link is broken, their mail server will hold >> the mail sending to us. The mail will be holding for a week at most >> and will try to re-send them to our MX (gateway) every hour. This >> works great too. >> >> When the above two combined together and with a special condition, >> MailScanner couldn't detect the virus mail. :( >> >> The condition is that: >> 1. Virus mail sending to a non-existing account of us but spoofed >> from an existing account of us. e.g. From: support@kankanwoo.com; >> To: james@kankanwoo.com where "support" is a valid account but not >> "james". >> 2. The virus mail was not sending to our gateway directly at the >> time of sending because: (i) our internet link was broken; or (ii) it >> deliberately sent to our backup MX. >> 3. Our backup MX services received the virus mail and queued for >> later delivery. >> 4. The backup MX services delivered the virus mail to our gateway. >> 5. Our gateway rejected the email by milter-ahead. :) >> 6. The backup MX services received our "550 5.7.1 ..." message and >> then sent out an "Undelivered Mail Return to Sender" mail. i.e. sent >> this notification with the virus mail embedded to support@kankanwoo.com >> 7. Our gateway received this notification with embedded virus. >> But MailScanner "found clean" and relayed to our mail server. :( >> 8. The virus mail was luckily quarantined by our virus scanner >> (McAfee) at the mail server. >> >> I must say that except this special condition MailScanner works fine >> all the time. >> >> We're using these on the mail gateway: >> FreeBSD 5.3 >> MailScanner 4.42.9_1 >> p5-Mail-SpamAssassin-3.0.4 >> clamav-0.86.1 >> p5-Mail-ClamAV-0.12 >> bdc-7.0.1 (BitDefender) >> f-prot-4.5.4 >> >> Have I do something wrong? Or should I disable milter-ahead? Could >> someone help me fixing this or giving some suggestions? >> >> Cheers >> Raylund >> > Raylund > > we see quite a bit of this kind of 'bounce' as well, but for me both > ClamAV and Sophos still pick up the virus laden content as well. > (Running FreeBSD 4.10 and MS 4.43). > > Can you do a MailScanner -v and send the output back to the list... > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Mon Jul 11 19:43:29 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:16 2006 Subject: MCP suggestions Message-ID: > > > > > Billy A. Pumphrey wrote: > > > > > > > > I don't want to put vague rules in there and have false positives. > Here > > > is an example email that slipped through: > > > > > > > Billy > > > > here are the rules that fired on that memail on by system. > > Forgetting the ALL_TRUSTED misfire (hmm where'd that come from must > > check my spam.assassin.prefs.conf) > > > > pts rule name description > > ---- ---------------------- > > -------------------------------------------------- > > 0.0 MISSING_DATE Missing Date: header > > -2.8 ALL_TRUSTED Did not pass through any untrusted hosts > > 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter > > 0.6 J_CHICKENPOX_16 BODY: {1}Letter - punctuation - {6}Letter > > 2.3 MANGLED_LOW BODY: mangled low > > 0.1 FU_FREE URI: FU_FREE > > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > > blocklist > > [URIs: innhgh.com] > > 3.0 URIBL_BLACK Contains an URL listed in the URIBL > blacklist > > [URIs: innhgh.com] > > 1.6 MISSING_SUBJECT Missing Subject: header > > 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO > > 0.5 FM_NO_TO FM_NO_TO > > 3.2 FM_MASKEDW0RDS FM_MASKEDW0RDS > > > > > > -- > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > Thank you. If I may ask. How did you test that? Command line or > mailwatch? Looked like a mailwatch report but how did you send it? > Anyway... > 1) Ok, I have updated my rules. My currect trusted rulesets for rulesdujour: TRUSTED_RULESETS=" RANDOMVAL ANTIDRUG BLACKLIST BLACKLIST_URI EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 TRIPWIRE SARE_ADULT SARE_BAYES_POISON_NXM SARE_CODING SARE_HEADER SARE_BML SARE_BML_PRE25X SARE_FRAUD SARE_FRAUD_PRE25X SARE_OEM SARE_SPECIFIC SARE_SPOOF SARE_RANDOM SARE_RATWARE I am having problems getting the ones that have multiple files to work though (the reason that I did not have them to begin with). To make sure that I am clear on this, *.cf files go into the /etc/mail/spamassassin/ directory don't they? And not the /etc/mail/spamassassin/rulesdujour/ directory? a) I put the files in both places. For instance uri http://www.rulesemporium.com/rules.htm#uri I put the files: 70_sare_uri0.cf 70_sare_uri1.cf 70_sare_uri3.cf 70_sare_uri_eng.cf 70_sare_uri_arc.cf In the places mentioned above. b) I put the line SARE_URI0 in the file /etc/rulesdujour/config c) Then I ran /root/bin/rules_du_jour and I get No index found for ruleset named SARE_URI0. Check that this ruleset is still valid. 2) Also, when I go to the mailwatch tools and to a lint test, should I be concerned about the time that it takes to do certain things? Some things take 3+ seconds to do. debug: bayes: 13674 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks took 44 seconds debug: all '*To' addrs: took 10 seconds Finish - Total Time 77.1091 Those are the major offenders, there are a handful of others taking from 3-5 seconds. I keep this up I'll have to get a bigger machine hey. Load average says: MailScanner: YES 7 children Sendmail: YES 5 proc(s) Load Average: 3.04 3.02 2.56 Mail Queues Inbound: 4 Outbound: 0 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Mon Jul 11 19:45:36 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:16 2006 Subject: Virus mail slipped through under special Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, Thanks for the good advice. :) I'll try this later. But I want to find out what is wrong in my configuration as MailScanner should detect the virus no matter it's a bounced mail or not. I don't want a hidden hole in my server setting. ;) Cheers Raylund Drew Marshall wrote: >On Mon, July 11, 2005 9:33, Martin Hepworth said: > > >>Raylund Lai wrote: >> >> >>>The condition is that: >>>1. Virus mail sending to a non-existing account of us but spoofed >>>from an existing account of us. e.g. From: support@kankanwoo.com; To: >>>james@kankanwoo.com where "support" is a valid account but not "james". >>>2. The virus mail was not sending to our gateway directly at the time >>>of sending because: (i) our internet link was broken; or (ii) it >>>deliberately sent to our backup MX. >>>3. Our backup MX services received the virus mail and queued for >>>later delivery. >>>4. The backup MX services delivered the virus mail to our gateway. >>>5. Our gateway rejected the email by milter-ahead. :) >>>6. The backup MX services received our "550 5.7.1 ..." message and >>>then sent out an "Undelivered Mail Return to Sender" mail. i.e. sent >>>this notification with the virus mail embedded to support@kankanwoo.com >>>7. Our gateway received this notification with embedded virus. But >>>MailScanner "found clean" and relayed to our mail server. :( >>>8. The virus mail was luckily quarantined by our virus scanner >>>(McAfee) at the mail server. >>> >>> >>> > >Have you got a rules set for not scanning 'support' e-mail? That would >cause this. > > > >>Raylund >> >>we see quite a bit of this kind of 'bounce' as well, but for me both >>ClamAV and Sophos still pick up the virus laden content as well. >>(Running FreeBSD 4.10 and MS 4.43). >> >> > >The other thing to do is configure your MTA not to bounce mail with the >virus attached (Which seems sensible not to pass the virus on). >Instructions can be found here http://virbl.bit.nl/faq.php under 'My >mailserver is listed, but it is impossible that it is infected with a >virus.' (9th item down). > >Drew > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Mon Jul 11 21:28:26 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:16 2006 Subject: Error's when running spamassassin --lint Message-ID: Hello, I'm trying to get rid of all the errors I get when I run: /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint One of them I get is an error with DCC: Lint output: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/DCC.pm in @INC (@INC contains: lib /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at (eval 36) line 1. failed to create instance of plugin Mail::SpamAssassin::Plugin::DCC: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::DCC" at (eval 37) line 1. If I run the same command in debug mode, it says this about DCC: debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 14332: ruid=0 euid=0 debug: DCC: got response: X-DCC-sonic.net-Metrics: destiny.winnefox.org 1117; Body=41771 Fuz1=7347771 Fuz2=7344245 debug: leaving helper-app run mode debug: DCC: Listed! BODY: 41771 of 999999 FUZ1: 7347771 of 999999 FUZ2: 7344245 of 999999 Any ideas on how I can correct the errors? -- Jody Cleveland Computer Support Specialist cleveland@winnefox.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at blacknight.ie Mon Jul 11 22:11:27 2005 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:30:16 2006 Subject: Error's when running spamassassin --lint Message-ID: Which version of spamassassin? It sounds like you are running a beta, as I can't find any reference to DCC.pm in my installs of the latest stable: [/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin] # ls -l total 48 -r--r--r-- 1 root root 9259 Oct 22 2004 Hashcash.pm -r--r--r-- 1 root root 1334 Oct 22 2004 RelayCountry.pm -r--r--r-- 1 root root 7714 Oct 22 2004 SPF.pm -r--r--r-- 1 root root 950 Oct 22 2004 Test.pm -r--r--r-- 1 root root 19307 Apr 27 21:47 URIDNSBL.pm Michele Mr Michele Neylon Blacknight Internet Solutions Ltd Quality Hosting, co-location & domains http://www.blacknight.ie/ Lo-call: 1850 927 280 Tel. +353 59 9183072 Fax. +353 59 9164239 Tired of your current host? Save 15% when you move to us! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Mon Jul 11 22:15:53 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:16 2006 Subject: Error's when running spamassassin --lint Message-ID: > Which version of spamassassin? I think 3.000004 Mail::SpamAssassin ]# MailScanner -V Running on Linux destiny.winnefox.org 2.4.21-32.0.1.ELsmp #1 SMP Tue May 17 17:52:23 EDT 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 3 (Taroon Update 5) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.42.9 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.00 Digest missing Digest::HMAC 2.20 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rpoe at PLATTESHERIFF.ORG Mon Jul 11 22:47:33 2005 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:30:16 2006 Subject: OT: RH9 Kernel Message-ID: Check the Fedora Legacy Project's updates.. >>> rgreen@TRAYERPRODUCTS.COM 7/11/2005 9:49:03 AM >>> Hello, Off topic. Just thought maybe someone here can point me in the right direction. I wish to update the kernel on my RH9 machines. I have the latest kernel installed that was released by Red Hat before the product end of life. Is it possible to build and install a generic kernel from kernel.org without any major headaches? Any links to references on this would be great. Also any tips would be welcome. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jul 11 22:54:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:16 2006 Subject: Error's when running spamassassin --lint Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland wrote: >>Which version of spamassassin? > > > I think 3.000004 Mail::SpamAssassin > Sounds like you have 3.0.4 SA, but you've managed to get an init.pre that goes with a 3.1.0 prerelease. check /etc/mail/spamassassin/*.pre for references to the DCC plugin. (in SA 3.0.* DCC is a built in, not a plugin, but in 3.1.* it's a plugin) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Mon Jul 11 23:00:44 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:16 2006 Subject: Error's when running spamassassin --lint Message-ID: > Sounds like you have 3.0.4 SA, but you've managed to get an > init.pre that goes > with a 3.1.0 prerelease. check /etc/mail/spamassassin/*.pre > for references to > the DCC plugin. > > (in SA 3.0.* DCC is a built in, not a plugin, but in 3.1.* > it's a plugin) There is a reference in there. Should I remove it? - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jul 11 23:40:43 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:16 2006 Subject: Error's when running spamassassin --lint Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland wrote: >>Sounds like you have 3.0.4 SA, but you've managed to get an >>init.pre that goes >>with a 3.1.0 prerelease. check /etc/mail/spamassassin/*.pre >>for references to >>the DCC plugin. >> >>(in SA 3.0.* DCC is a built in, not a plugin, but in 3.1.* >>it's a plugin) > > > There is a reference in there. Should I remove it? If you are running 3.0.4, you should only have init.pre, and it should only have the same settings as are in the stock file (unless you added a 3rd party plugin such as wrongmx, then you'll need the loadplugin commands for that.) The stock 3.0.* init.pre is on the website: http://spamassassin.apache.org/full/3.0.x/dist/rules/init.pre If you're not sure if you have any plugins, this site at least lists most of the ones that exist and you can check for those in your config: http://wiki.apache.org/spamassassin/CustomPlugins ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jul 12 07:07:46 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:16 2006 Subject: Virus mail slipped through under special Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, I've implemented the advice but without luck. :( I did the followings: 1. edit /etc/mail/freebsd.mc 2. modified the line define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') --> define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy,nobodyreturn') 3. then m4 /usr/src/contrib/sendmail/cf/m4/cf.m4 freebsd.mc > sendmail.cf 4. then /usr/local/etc/rc.d/mta.sh stop and start I still receive the bounced mail and slipped through. I don't know why sendmail still bounce with the body/attachment with the "nobodyreturn" set. Am I doing something wrong? Cheers Raylund Raylund Lai wrote: > Hi Drew, > > Thanks for the good advice. :) I'll try this later. But I want to > find out what is wrong in my configuration as MailScanner should > detect the virus no matter it's a bounced mail or not. I don't want a > hidden hole in my server setting. ;) > > Cheers > Raylund > > Drew Marshall wrote: > >> On Mon, July 11, 2005 9:33, Martin Hepworth said: >> >> >>> Raylund Lai wrote: >>> >>> >>>> The condition is that: >>>> 1. Virus mail sending to a non-existing account of us but spoofed >>>> from an existing account of us. e.g. From: support@kankanwoo.com; To: >>>> james@kankanwoo.com where "support" is a valid account but not >>>> "james". >>>> 2. The virus mail was not sending to our gateway directly at the >>>> time >>>> of sending because: (i) our internet link was broken; or (ii) it >>>> deliberately sent to our backup MX. >>>> 3. Our backup MX services received the virus mail and queued for >>>> later delivery. >>>> 4. The backup MX services delivered the virus mail to our gateway. >>>> 5. Our gateway rejected the email by milter-ahead. :) >>>> 6. The backup MX services received our "550 5.7.1 ..." message and >>>> then sent out an "Undelivered Mail Return to Sender" mail. i.e. sent >>>> this notification with the virus mail embedded to >>>> support@kankanwoo.com >>>> 7. Our gateway received this notification with embedded virus. But >>>> MailScanner "found clean" and relayed to our mail server. :( >>>> 8. The virus mail was luckily quarantined by our virus scanner >>>> (McAfee) at the mail server. >>>> >>>> >>> >> >> Have you got a rules set for not scanning 'support' e-mail? That would >> cause this. >> >> >> >>> Raylund >>> >>> we see quite a bit of this kind of 'bounce' as well, but for me both >>> ClamAV and Sophos still pick up the virus laden content as well. >>> (Running FreeBSD 4.10 and MS 4.43). >>> >> >> >> The other thing to do is configure your MTA not to bounce mail with the >> virus attached (Which seems sensible not to pass the virus on). >> Instructions can be found here http://virbl.bit.nl/faq.php under 'My >> mailserver is listed, but it is impossible that it is infected with a >> virus.' (9th item down). >> >> Drew >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jul 12 09:12:47 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:16 2006 Subject: Virus mail slipped through under special Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, July 12, 2005 7:07, Raylund Lai said: > Hi Drew, > > I've implemented the advice but without luck. :( > I still receive the bounced mail and slipped through. I don't know why > sendmail still bounce with the body/attachment with the "nobodyreturn" > set. Am I doing something wrong? Looking at your previous message to Martin, you are doing nothing wrong but this line is the clue: This is the Postfix program at host maryjane.easydns.com It's not your MTA that's giving the bounce with the virus attached (but what you have done is not wasted, so don't worry!). So that then brings the problem back to MailScanner. What have you got set in your %rules-dir%? And also against virus scanning options in MailScanner.conf? Just to discount anything with MailScanner generally, feel free to forward me a copy of the bounce notice (Off list obviously!) and I'll check it gets picked up. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Tue Jul 12 09:27:53 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:30:16 2006 Subject: Another lint error Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My lint test results include about 20 lines of this: Argument "NJABL" isn't numeric in addition (+) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244 followed by about 36 lines of this: Argument "SORBS" isn't numeric in addition (+) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244 SA 3.04, everything seems to function properly. Line 244 looks like this: $self->{scoreset}->[$index]->{$rule} = $score + 0.0; Any ideas anyone ? Thanks, Tracy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Jul 12 10:41:46 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:16 2006 Subject: Mail queue issue? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All of a sudden today MailScanner stopped processing messages, it still recieved them but no processing, i did a restart a few hours later and the first thing in the log was as follows. I did upgrade from 4.38 to 4.43 last friday, prior to this was runnning smooth as. All ms.conf settings are defaults. Any ideas on whats causing this? Jul 12 19:33:27 car-mbus-sw1 postfix/postsuper[28280]: warning: bogus file name: hold/tnef-21855-1.doc Jul 12 19:33:27 car-mbus-sw1 postfix/postsuper[28280]: warning: bogus file name: hold/tnef-21855-2.doc Jul 12 19:33:27 car-mbus-sw1 postfix/postfix-script: warning: damaged message: corrupt/2698C501BB The hold dir has some files in there that shouldnt be there and i didnt put them there. [root@car-mbus-sw1 ~]# ls -ahl /var/spool/postfix/hold/ total 1.2M drwx------ 18 postfix root 4.0K Jul 12 13:09 . drwxr-xr-x 16 root root 4.0K Feb 28 17:19 .. drwx------ 2 postfix postfix 12K Jul 12 19:32 0 drwx------ 2 postfix postfix 12K Jul 12 19:35 1 drwx------ 2 postfix postfix 12K Jul 12 19:28 2 drwx------ 2 postfix postfix 12K Jul 12 19:32 3 drwx------ 2 postfix postfix 12K Jul 12 19:35 4 drwx------ 2 postfix postfix 12K Jul 12 19:32 5 drwx------ 2 postfix postfix 12K Jul 12 19:33 6 drwx------ 2 postfix postfix 12K Jul 12 19:34 7 drwx------ 2 postfix postfix 12K Jul 12 19:34 8 drwx------ 2 postfix postfix 12K Jul 12 19:33 9 drwx------ 2 postfix postfix 12K Jul 12 19:28 A drwx------ 2 postfix postfix 12K Jul 12 19:31 B drwx------ 2 postfix postfix 12K Jul 12 19:32 C drwx------ 2 postfix postfix 12K Jul 12 19:29 D drwx------ 2 postfix postfix 12K Jul 12 19:26 E drwx------ 2 postfix postfix 4.0K Jul 12 19:35 F -rw-rw---- 1 postfix postfix 12K Jul 12 04:25 tnef-21644-1.doc -rw-rw---- 1 postfix postfix 458K Jul 12 04:25 tnef-21644-2.doc -rw-rw---- 1 postfix postfix 12K Jul 12 04:31 tnef-21855-1.doc -rw-rw---- 1 postfix postfix 458K Jul 12 04:31 tnef-21855-2.doc [root@car-mbus-sw1 ~]# MailScanner -v Linux car-mbus-sw1 2.6.9-11.ELsmp #1 SMP Fri May 20 18:26:27 EDT 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.43.8 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Tue Jul 12 10:52:47 2005 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:16 2006 Subject: Another lint error Message-ID: On Tue, 2005-07-12 at 03:27 -0500, Tracy Greggs wrote: > My lint test results include about 20 lines of this: > > Argument "NJABL" isn't numeric in addition (+) at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244 > > followed by about 36 lines of this: > > Argument "SORBS" isn't numeric in addition (+) at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244 check your cf files for lines containing NJABL or SORBS. I'd guess you have a malformed score rule somewhere ================================================================= KMR Group, KMR Software and BMRB have moved offices. Our new address is: Ealing Gateway 26-30 Uxbridge Road Ealing London W5 2BP t: 020 8433 4000 f: 020 8433 4001 All direct line numbers remain unchanged _________________________________________________________________ BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 12 10:56:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:16 2006 Subject: Mail queue issue? Message-ID: You will need to delete those tnef files, not sure how they got there. As for the corrupt warning, try upgrading to the latest beta. This should have solved the problem. On 12 Jul 2005, at 10:41, Pete Russell wrote: > All of a sudden today MailScanner stopped processing messages, it > still recieved them but no processing, i did a restart a few hours > later and the first thing in the log was as follows. I did upgrade > from 4.38 to 4.43 last friday, prior to this was runnning smooth as. > > All ms.conf settings are defaults. Any ideas on whats causing this? > > Jul 12 19:33:27 car-mbus-sw1 postfix/postsuper[28280]: warning: > bogus file name: hold/tnef-21855-1.doc > Jul 12 19:33:27 car-mbus-sw1 postfix/postsuper[28280]: warning: > bogus file name: hold/tnef-21855-2.doc > Jul 12 19:33:27 car-mbus-sw1 postfix/postfix-script: warning: > damaged message: corrupt/2698C501BB > > The hold dir has some files in there that shouldnt be there and i > didnt put them there. > > [root@car-mbus-sw1 ~]# ls -ahl /var/spool/postfix/hold/ > total 1.2M > drwx------ 18 postfix root 4.0K Jul 12 13:09 . > drwxr-xr-x 16 root root 4.0K Feb 28 17:19 .. > drwx------ 2 postfix postfix 12K Jul 12 19:32 0 > drwx------ 2 postfix postfix 12K Jul 12 19:35 1 > drwx------ 2 postfix postfix 12K Jul 12 19:28 2 > drwx------ 2 postfix postfix 12K Jul 12 19:32 3 > drwx------ 2 postfix postfix 12K Jul 12 19:35 4 > drwx------ 2 postfix postfix 12K Jul 12 19:32 5 > drwx------ 2 postfix postfix 12K Jul 12 19:33 6 > drwx------ 2 postfix postfix 12K Jul 12 19:34 7 > drwx------ 2 postfix postfix 12K Jul 12 19:34 8 > drwx------ 2 postfix postfix 12K Jul 12 19:33 9 > drwx------ 2 postfix postfix 12K Jul 12 19:28 A > drwx------ 2 postfix postfix 12K Jul 12 19:31 B > drwx------ 2 postfix postfix 12K Jul 12 19:32 C > drwx------ 2 postfix postfix 12K Jul 12 19:29 D > drwx------ 2 postfix postfix 12K Jul 12 19:26 E > drwx------ 2 postfix postfix 4.0K Jul 12 19:35 F > -rw-rw---- 1 postfix postfix 12K Jul 12 04:25 tnef-21644-1.doc > -rw-rw---- 1 postfix postfix 458K Jul 12 04:25 tnef-21644-2.doc > -rw-rw---- 1 postfix postfix 12K Jul 12 04:31 tnef-21855-1.doc > -rw-rw---- 1 postfix postfix 458K Jul 12 04:31 tnef-21855-2.doc > > [root@car-mbus-sw1 ~]# MailScanner -v > > Linux car-mbus-sw1 2.6.9-11.ELsmp #1 SMP Fri May 20 18:26:27 EDT > 2005 i686 i686 i386 GNU/Linux > This is Red Hat Enterprise Linux AS release 4 (Nahant) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.43.8 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 12 12:00:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:16 2006 Subject: Beta 4.44.2 Message-ID: If you are using an external program with the custom spam scanner, I have rewritten the support for it, and I have provided a sample C program that does the communication in the way that MailScanner wants it. The C source is included in the MailScanner/CustomFunctions/ GenericSpamScanner.pm file. If anyone can confirm that this new code works for you, it would be handy. Eglis --- This should be the code you wanted last night. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Jul 12 12:18:10 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:30:16 2006 Subject: OT: RH9 Kernel Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you guys used any Fedora Legacy updates on RH9? Any problems? Thanks Rob Poe wrote: >Check the Fedora Legacy Project's updates.. > > > > > >>>>rgreen@TRAYERPRODUCTS.COM 7/11/2005 9:49:03 AM >>> >>>> >>>> >Hello, > >Off topic. Just thought maybe someone here can point me in the right >direction. I wish to update the kernel on my RH9 machines. I have the >latest kernel installed that was released by Red Hat before the product >end of life. Is it possible to build and install a generic kernel from >kernel.org without any major headaches? Any links to references on this >would be great. Also any tips would be welcome. > >Thanks, >Rod > > > -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryanw at FALSEHOPE.COM Tue Jul 12 12:22:40 2005 From: ryanw at FALSEHOPE.COM (Ryan Weaver) Date: Thu Jan 12 21:30:16 2006 Subject: OT: RH9 Kernel Message-ID: I've used them via yum (along with dag repository) without problem since they took over the RedHat 9 updates. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green > Sent: Tuesday, July 12, 2005 6:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: RH9 Kernel > > Have you guys used any Fedora Legacy updates on RH9? Any > problems? Thanks > > Rob Poe wrote: > > >Check the Fedora Legacy Project's updates.. > > > > > > > > > > > >>>>rgreen@TRAYERPRODUCTS.COM 7/11/2005 9:49:03 AM >>> > >>>> > >>>> > >Hello, > > > >Off topic. Just thought maybe someone here can point me in the right > >direction. I wish to update the kernel on my RH9 machines. I > have the > >latest kernel installed that was released by Red Hat before > the product > >end of life. Is it possible to build and install a generic > kernel from > >kernel.org without any major headaches? Any links to > references on this > >would be great. Also any tips would be welcome. > > > >Thanks, > >Rod > > > > > > > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > rgreen@trayerproducts.com > 607-734-8124 Ext. 343 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 12 12:36:31 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:16 2006 Subject: Another lint error Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy Greggs wrote on Tue, 12 Jul 2005 03:27:53 -0500: > Any ideas anyone ? You are really better off asking such specific questions on the sa-talk list. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Tue Jul 12 12:26:55 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:16 2006 Subject: (High) Spam Actions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi MailScanner -V extract: Linux xxxxx.com 2.4.27-0.3um #1 Thu Sep 2 11:39:16 GMT 2004 i686 i686 i386 GNU/Linux This is Fedora Core release 2 (Tettnang) This is Perl version 5.008003 (5.8.3) This is MailScanner version 4.42.9 I am following through the examples in CustomConfig.pm and trying to use the "InternalAction" examples to replace the (High) Spam Actions. I have written some replace modules (included in the CustomConfig.pm) and the InitXXX and EndXXX are working fine and are being called as appropriate. However when the call to the actual function XXX is called MailScanner bombs out and a new child is spawned (endless loop scenario!) code: 1. sub XXX { 2. my($message) = @_; 3. MailScanner::Log::InfoLog("returning deliver for %s", $message->{fromdomain}); 4. return 'deliver'; 5. } I have tried commenting out lines 2 and 3 but this doesn't seem to make any difference. Any ideas? cheers Matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 12 14:00:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:16 2006 Subject: (High) Spam Actions Message-ID: Check the syntax with perl -c for starters. Also put MailScanner into Debug mode and run 1 batch through it. On 12 Jul 2005, at 12:26, Matt Hampton wrote: > Hi > > MailScanner -V extract: > Linux xxxxx.com 2.4.27-0.3um #1 Thu Sep 2 11:39:16 GMT 2004 i686 > i686 i386 GNU/Linux > > This is Fedora Core release 2 (Tettnang) > This is Perl version 5.008003 (5.8.3) > This is MailScanner version 4.42.9 > > > I am following through the examples in CustomConfig.pm and trying > to use the "InternalAction" examples to replace the (High) Spam > Actions. > > I have written some replace modules (included in the > CustomConfig.pm) and the InitXXX and EndXXX are working fine and > are being called as appropriate. However when the call to the > actual function XXX is called MailScanner bombs out and a new child > is spawned (endless loop scenario!) > > code: > > 1. sub XXX { > 2. my($message) = @_; > 3. MailScanner::Log::InfoLog("returning deliver for %s", > $message->{fromdomain}); > 4. return 'deliver'; > 5. } > > I have tried commenting out lines 2 and 3 but this doesn't seem to > make any difference. > > Any ideas? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Jul 12 14:04:54 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:30:16 2006 Subject: OT: RH9 Kernel Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've never used yum. Could you please point me to some info on how to set it up to update from fedora legacy? Thanks! Ryan Weaver wrote: >I've used them via yum (along with dag repository) without problem since >they took over the RedHat 9 updates. > > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green >>Sent: Tuesday, July 12, 2005 6:18 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: OT: RH9 Kernel >> >>Have you guys used any Fedora Legacy updates on RH9? Any >>problems? Thanks >> >>Rob Poe wrote: >> >> >> >>>Check the Fedora Legacy Project's updates.. >>> >>> >>> >>> >>> >>> >>> >>>>>>rgreen@TRAYERPRODUCTS.COM 7/11/2005 9:49:03 AM >>> >>>>>> >>>>>> >>>>>> >>>>>> >>>Hello, >>> >>>Off topic. Just thought maybe someone here can point me in the right >>>direction. I wish to update the kernel on my RH9 machines. I >>> >>> >>have the >> >> >>>latest kernel installed that was released by Red Hat before >>> >>> >>the product >> >> >>>end of life. Is it possible to build and install a generic >>> >>> >>kernel from >> >> >>>kernel.org without any major headaches? Any links to >>> >>> >>references on this >> >> >>>would be great. Also any tips would be welcome. >>> >>>Thanks, >>>Rod >>> >>> >>> >>> >>> >>-- >>Rodney Green >>Network/Security Administrator >>Trayer Products, Inc. >>rgreen@trayerproducts.com >>607-734-8124 Ext. 343 >> >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Jul 12 14:09:58 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:16 2006 Subject: OT: RH9 Kernel Message-ID: http://www.fedoralegacy.org/docs/yum-rh9.php ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green > Sent: 12 July 2005 14:05 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: RH9 Kernel > > I've never used yum. Could you please point me to some info > on how to set it up to update from fedora legacy? Thanks! > > Ryan Weaver wrote: > > >I've used them via yum (along with dag repository) without problem > >since they took over the RedHat 9 updates. > > > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list > >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green > >>Sent: Tuesday, July 12, 2005 6:18 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: OT: RH9 Kernel > >> > >>Have you guys used any Fedora Legacy updates on RH9? Any > problems? > >>Thanks > >> > >>Rob Poe wrote: > >> > >> > >> > >>>Check the Fedora Legacy Project's updates.. > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>>>>>rgreen@TRAYERPRODUCTS.COM 7/11/2005 9:49:03 AM >>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>Hello, > >>> > >>>Off topic. Just thought maybe someone here can point me in > the right > >>>direction. I wish to update the kernel on my RH9 machines. I > >>> > >>> > >>have the > >> > >> > >>>latest kernel installed that was released by Red Hat before > >>> > >>> > >>the product > >> > >> > >>>end of life. Is it possible to build and install a generic > >>> > >>> > >>kernel from > >> > >> > >>>kernel.org without any major headaches? Any links to > >>> > >>> > >>references on this > >> > >> > >>>would be great. Also any tips would be welcome. > >>> > >>>Thanks, > >>>Rod > >>> > >>> > >>> > >>> > >>> > >>-- > >>Rodney Green > >>Network/Security Administrator > >>Trayer Products, Inc. > >>rgreen@trayerproducts.com > >>607-734-8124 Ext. 343 > >> > >> > >>-- > >>This message has been scanned for viruses and dangerous content by > >>MailScanner, and is believed to be clean. > >> > >>------------------------ MailScanner list > ------------------------ To > >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > >> > > > >------------------------ MailScanner list > ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > rgreen@trayerproducts.com > 607-734-8124 Ext. 343 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 12 14:18:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:16 2006 Subject: OT: RH9 Kernel Message-ID: How about you read the documentation on the fedoralegacy website? http://www.fedoralegacy.org/docs/yum-rh9.php On 12 Jul 2005, at 14:04, Rodney Green wrote: > I've never used yum. Could you please point me to some info on how > to set it up to update from fedora legacy? Thanks! > > Ryan Weaver wrote: > > >> I've used them via yum (along with dag repository) without problem >> since >> they took over the RedHat 9 updates. >> >> >> >> >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rodney Green >>> Sent: Tuesday, July 12, 2005 6:18 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: OT: RH9 Kernel >>> >>> Have you guys used any Fedora Legacy updates on RH9? Any >>> problems? Thanks >>> >>> Rob Poe wrote: >>> >>> >>> >>>> Check the Fedora Legacy Project's updates.. >>>> >>>> >>>> >>>> >>>> >>>> >>>>>>> rgreen@TRAYERPRODUCTS.COM 7/11/2005 9:49:03 AM >>> >>>>>>> >>>>>>> >>>>>>> >>>> Hello, >>>> >>>> Off topic. Just thought maybe someone here can point me in the >>>> right direction. I wish to update the kernel on my RH9 machines. I >>>> >>> have the >>> >>>> latest kernel installed that was released by Red Hat before >>>> >>> the product >>> >>>> end of life. Is it possible to build and install a generic >>>> >>> kernel from >>> >>>> kernel.org without any major headaches? Any links to >>>> >>> references on this >>> >>>> would be great. Also any tips would be welcome. >>>> >>>> Thanks, >>>> Rod >>>> >>>> >>>> >>>> >>> -- >>> Rodney Green >>> Network/Security Administrator >>> Trayer Products, Inc. >>> rgreen@trayerproducts.com >>> 607-734-8124 Ext. 343 >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > Rodney Green > Network/Security Administrator > Trayer Products, Inc. > rgreen@trayerproducts.com > 607-734-8124 Ext. 343 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Tue Jul 12 14:30:15 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:16 2006 Subject: (High) Spam Actions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Check the syntax with perl -c for starters. Passes fine - other warnings from other section of code but mine is clean ;-) > Also put MailScanner into Debug mode and run 1 batch through it. OK - getting the following message: "Undefined subroutine &MailScanner::CustomConfig::InternalActions; called at /usr/lib/MailScanner/MailScanner/Config.pm line 121." This appears to be a scoping issue then. This is confusing as the InitInternalActions and EndInternalActions are being found - as are all three SQLLogging functions that I pasted into the file and all 6 are one above the other. See grep output to show that I am not going mad! $ grep InternalActions /etc/MailScanner/MailScanner.conf Spam Actions = &InternalActions; High Scoring Spam Actions = &InternalActions; Non Spam Actions = &InternalActions; $ grep InternalActions * (/usr/lib/MailScanner/MailScanner) CustomConfig.pm:sub InitInternalActions { CustomConfig.pm:sub EndInternalActions { CustomConfig.pm:sub InternalActions { Any further thoughts? matt > > On 12 Jul 2005, at 12:26, Matt Hampton wrote: > >> Hi >> >> MailScanner -V extract: >> Linux xxxxx.com 2.4.27-0.3um #1 Thu Sep 2 11:39:16 GMT 2004 i686 i686 >> i386 GNU/Linux >> >> This is Fedora Core release 2 (Tettnang) >> This is Perl version 5.008003 (5.8.3) >> This is MailScanner version 4.42.9 >> >> >> I am following through the examples in CustomConfig.pm and trying to >> use the "InternalAction" examples to replace the (High) Spam Actions. >> >> I have written some replace modules (included in the CustomConfig.pm) >> and the InitXXX and EndXXX are working fine and are being called as >> appropriate. However when the call to the actual function XXX is >> called MailScanner bombs out and a new child is spawned (endless loop >> scenario!) >> >> code: >> >> 1. sub XXX { >> 2. my($message) = @_; >> 3. MailScanner::Log::InfoLog("returning deliver for %s", >> $message->{fromdomain}); >> 4. return 'deliver'; >> 5. } >> >> I have tried commenting out lines 2 and 3 but this doesn't seem to >> make any difference. >> >> Any ideas? > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Tue Jul 12 14:59:29 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:30:16 2006 Subject: OT: RH9 Kernel Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] thanks Julian Field wrote: > How about you read the documentation on the fedoralegacy website? > http://www.fedoralegacy.org/docs/yum-rh9.php > > On 12 Jul 2005, at 14:04, Rodney Green wrote: > >> I've never used yum. Could you please point me to some info on how >> to set it up to update from fedora legacy? Thanks! >> >> Ryan Weaver wrote: >> >> >>> I've used them via yum (along with dag repository) without problem >>> since >>> they took over the RedHat 9 updates. >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> On Behalf Of Rodney Green >>>> Sent: Tuesday, July 12, 2005 6:18 AM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: OT: RH9 Kernel >>>> >>>> Have you guys used any Fedora Legacy updates on RH9? Any >>>> problems? Thanks >>>> >>>> Rob Poe wrote: >>>> >>>> >>>> >>>>> Check the Fedora Legacy Project's updates.. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>>> rgreen@TRAYERPRODUCTS.COM 7/11/2005 9:49:03 AM >>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>> Hello, >>>>> >>>>> Off topic. Just thought maybe someone here can point me in the >>>>> right direction. I wish to update the kernel on my RH9 machines. I >>>>> >>>> have the >>>> >>>>> latest kernel installed that was released by Red Hat before >>>>> >>>> the product >>>> >>>>> end of life. Is it possible to build and install a generic >>>>> >>>> kernel from >>>> >>>>> kernel.org without any major headaches? Any links to >>>>> >>>> references on this >>>> >>>>> would be great. Also any tips would be welcome. >>>>> >>>>> Thanks, >>>>> Rod >>>>> >>>>> >>>>> >>>>> >>>> -- >>>> Rodney Green >>>> Network/Security Administrator >>>> Trayer Products, Inc. >>>> rgreen@trayerproducts.com >>>> 607-734-8124 Ext. 343 >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> Rodney Green >> Network/Security Administrator >> Trayer Products, Inc. >> rgreen@trayerproducts.com >> 607-734-8124 Ext. 343 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jul 12 15:03:37 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:16 2006 Subject: OT Cron and GUI Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, July 11, 2005 10:37 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT Cron and GUI > > On 11 Jul 2005, at 16:33, Billy A. Pumphrey wrote: > > > Will someone tell me how I can: > > Test my crons by running cron.daily? > > cd /etc/cron.daily > Run each of the scripts in there (e.g. ./clean.quarantine) > > > Turn off the GUI on my linux box? > > Edit /etc/inittab and > change the line that says > id:5:initdefault: > so that it says > id:3:initdefault: > > and reboot your box. Theoretically you can do it without rebooting > with the command > telinit 3 > but I don't usually trust that. > > -- Thank you Billy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Tue Jul 12 16:47:26 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:16 2006 Subject: Error's when running spamassassin --lint Message-ID: > If you are running 3.0.4, you should only have init.pre, and > it should only have > the same settings as are in the stock file (unless you added > a 3rd party plugin > such as wrongmx, then you'll need the loadplugin commands for that.) > > The stock 3.0.* init.pre is on the website: > > http://spamassassin.apache.org/full/3.0.x/dist/rules/init.pre Thanks for that. I ended up commenting those lines out, and now there's only one error left: Failed to run DNS_FROM_AHBL_RHSBL RBL SpamAssassin test, skipping: (Can't call method "bgsend" on an undefined value at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 112. ) Any ideas what that may be, or how to correct it? - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Jul 12 17:02:21 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:16 2006 Subject: Another lint error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tracy Greggs wrote: > My lint test results include about 20 lines of this: > > Argument "NJABL" isn't numeric in addition (+) at > /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244 Looks like you've got some screwed up score lines in your config file. check your files. Score lines should be in one of the following format: score NAME number score NAME number number number number Grep around in your config files for NJABL and look for a messed up score line. grep NJABL /usr/share/spamassassin/*.cf grep NJABL /etc/mail/spamassassin/*.cf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Tue Jul 12 18:08:40 2005 From: KLekas at FOXRIVER.COM (Lekas, Kosta) Date: Thu Jan 12 21:30:16 2006 Subject: nondelivery problems Message-ID: How do I prevent postfix from generating and trying to send non-delivery reports to non-existent recipients at valid domains? I think this usually happens when some spammer tries to send mail to an invalid recipient at my domain. The spammer uses a fakeAddress@existingDomain.com. I fear I will get blacklisted if this continues. Kosta Lekas ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jul 12 18:54:08 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:16 2006 Subject: Virus mail slipped through under special Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, Yes, you're right. It's not my mta. I do some testing and found out that the milter-ahead terminated the connection right after the rcpt to negotiation if the mail account doesn't exist; no data is received by my mta. I was also testing MailScanner in debug mode and feeding the virus email manually (via telnet). MailScanner let the virus mail through and the console return MailScanner error: ----- begin MailScanner output ----- mxgw# /usr/local/etc/rc.d/mailscanner.sh start Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock format error: can't find EOCD signature at /usr/local/libexec/MailScanner/MailScanner line 598 Stopping now as you are debugging me. ----- end MailScanner output ----- I tried to send the virus mail as attachment of eml file out to my hotmail account, but my mail server virusscan quarantined it. I also tried to send it directly to the mail gateway and my hotmail did receive it without problem. That is MailScanner didn't intercept it as virus mail. The error message is the same as above. At least I've narrowed down the problem now. Do you still want me to send it to you (as attachment eml)? Or Julian wants it too? btw, I've switched my gateway with a new box running latest FreeBSD 5.4 and MailScanner 4.43.8. I'm using the old box as testing now. Cheers Raylund Drew Marshall wrote: >On Tue, July 12, 2005 7:07, Raylund Lai said: > > >>Hi Drew, >> >>I've implemented the advice but without luck. :( >>I still receive the bounced mail and slipped through. I don't know why >>sendmail still bounce with the body/attachment with the "nobodyreturn" >>set. Am I doing something wrong? >> >> > >Looking at your previous message to Martin, you are doing nothing wrong >but this line is the clue: > >This is the Postfix program at host maryjane.easydns.com > >It's not your MTA that's giving the bounce with the virus attached (but >what you have done is not wasted, so don't worry!). > >So that then brings the problem back to MailScanner. What have you got set >in your %rules-dir%? And also against virus scanning options in >MailScanner.conf? Just to discount anything with MailScanner generally, >feel free to forward me a copy of the bounce notice (Off list obviously!) >and I'll check it gets picked up. > >Drew > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Tue Jul 12 19:05:59 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:30:16 2006 Subject: Question about relay and costs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > >Hoping someone can offer advice on an issue I^Òm having. > > > >I have a server with the latest version of MailScanner, and DNS > configured > >for the email domain with a cost of 10 pointing to this server. > > > >I have another server that is not running MailScanner (yet) in > >another location. It simply relays mail to the MailScanner server > >using Sendmail with a cost of 20. > > > >What's strange first off, is that tons of mail still passes through > >the server with cost of 20, even though the primary MailScanner > >server with cost of 10 never goes down. Anybody know how to prevent this? > > > > > The spammers don't follow the rules. In order to avoid your > best-configured mail servers, they deliberately target the mail > servers with the highest cost. So the genuine mail will be going to > 10, and all the spam will go to 20. Your best bet is to even up the > mail load going to each one. The best way to do that is to set them > both to the same cost, use a virtual hostname (e.g. mx.your.domain) > and have 2 A records for that hostname, which are the IP addresses of your mail servers. > Also, you will need to change the IP address of your original 20 > server, as it will have been hard-coded into a lot of spammers' target > lists by now. > > Take a look at the Wiki entry I wrote about this a while ago: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:d > ns This is very interesting, I will configure this way. One question I have about two servers configured with MailScanner, though? What about the configurations of the two servers? For example, the bayes db, white and black lists, storage of quarantines, etc. Right now I have a program that allows users to add to a white/black list by forwarding received emails. I also have created a web based quarantine review and release app. I wonder if it would make sense to replicate bayes, white/black lists via rsync every 5 minutes or so? Move messages to one of the servers every so often? Has anybody dealt with this scenario? A neat addition to MailScanner would be a replication feature so you could have MailScanner servers in different geographical locations for the same domain. > >The other question is what I might be able to do with the > >non-MailScanner server so that when the mail does get relayed back to > >the MailScanner server, it has the original IP of the sender, rather > >than the relay server's IP. I believe this is causing SpamAssassin > >not to tag email with SpamCop or XBL list scores. > > > > > You will have to do the MailScanner "Spam List" checks on the first > server it hits. However, SpamAssassin checks all the IP addresses in > the headers, so will provide far more useful results. You are using > SpamAssassin, aren't you? :-) Yes, I am using SpamAssassin. Maybe I'm overlooking something, but when I look at the headers of a message that went through the higher-cost relay first, the first line states it's from the IP of my relay. Isn't that the IP that is looked up in the black hole lists? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jul 12 19:20:46 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:16 2006 Subject: Question about relay and costs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: > > This is very interesting, I will configure this way. > > One question I have about two servers configured with MailScanner, though? > What about the configurations of the two servers? For example, the bayes > db, white and black lists, storage of quarantines, etc. Right now I have a > program that allows users to add to a white/black list by forwarding > received emails. I also have created a web based quarantine review and > release app. sharing across servers!! Bayes: use Bayes_SQL (this will be the recommended method SA 3.1.0 onwards) Blacklists / Whitelists / Quarantine: Have you seen mailwatch (http://mailwatch.sf.net), the new version takes care of lists (black/ white and server independent quarantine management via xml-rpc) > > A neat addition to MailScanner would be a replication feature so you could > have MailScanner servers in different geographical locations for the same > domain. > This already exist via LDAP, you could store MailScanner.conf attributes in LDAP and access it locally (and replicate via slurpd), you'll need to check the list archives for how this can be done OR if don't want to touch LDAP (and have daemon dependency) have a look at cfengine.org (though it might be a steeeeep learning curve) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Tue Jul 12 19:12:40 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:16 2006 Subject: GenericSpamScanner Message-ID: Hi Question: If I don't get it wrong, the new feature: Use Custom Spam Scanner and the GenericSpamScanner works adding the score to the other scores, like SA (if it's been used). I didn't have the time to look at the sources (yet) but Can I use it to turn off "Use SpamAssassin" for some messages? So could I make a GenericSpamScanner that decides if it calls SA or not? Like, the score is the GenericSpamScanner score, don't call SA, go to the actions desition Saludos -- Leonardo Helman Pert Consultores Argentina ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From list at CJSENG.COM Tue Jul 12 19:29:36 2005 From: list at CJSENG.COM (MailScanner) Date: Thu Jan 12 21:30:16 2006 Subject: Simple ReadMe Document? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Does anyone know of a simple Readme Doc for users? I was looking for something I could send new e-mail users that would explain the do's and don'ts for using MailScanner/ClamAV/SpamAssasin systems. I can find bits and pieces but no single "easy to understand" documantation. Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 12 20:05:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:16 2006 Subject: GenericSpamScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No. Leonardo Helman wrote: >Hi >Question: > >If I don't get it wrong, the new feature: Use Custom Spam Scanner >and the GenericSpamScanner works adding the score to the other >scores, like SA (if it's been used). > > >I didn't have the time to look at the sources (yet) > >but > >Can I use it to turn off "Use SpamAssassin" for some messages? > >So could I make a GenericSpamScanner that decides if it calls >SA or not? > > >Like, the score is the GenericSpamScanner score, don't call SA, >go to the actions desition > > >Saludos >-- >Leonardo Helman >Pert Consultores >Argentina > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jul 12 20:12:32 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:16 2006 Subject: nondelivery problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lekas, Kosta wrote: How do I prevent postfix from generating and trying to send non-delivery reports to non-existent recipients at valid domains? Look at the wikihttp://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfi :how_to:reject_non_existent_users will tell you how to reject unknown users at SMTP stage rather than at delivery (Which is what is happening now). I think this usually happens when some spammer tries to send mail to an invalid recipient at my domain. The spammer uses a fakeAddress@existingDomain.com. I fear I will get blacklisted if this continues. And use huge amounts of pointless bandwidth, cpu and other resources and you will struggle to keep up if you get hit with a true 'directory' attack. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jul 12 20:17:17 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:16 2006 Subject: Virus mail slipped through under special Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raylund Lai wrote: > I was also testing MailScanner in debug mode and feeding the virus > email manually (via telnet). MailScanner let the virus mail through > and the console return MailScanner error: > > ----- begin MailScanner output ----- > mxgw# /usr/local/etc/rc.d/mailscanner.sh start > Starting MailScanner... > In Debugging mode, not forking... > SA bayes lock is /root/.spamassassin/bayes.lock > Bayes lock is at /root/.spamassassin/bayes.lock > format error: can't find EOCD signature > at /usr/local/libexec/MailScanner/MailScanner line 598 > Stopping now as you are debugging me. > ----- end MailScanner output ----- Which AV scanner(s) are you using and have you checked the corresponding entries in /usr/local/etc/MailScanner/virus.scanners.conf? > > I tried to send the virus mail as attachment of eml file out to my > hotmail account, but my mail server virusscan quarantined it. I also > tried to send it directly to the mail gateway and my hotmail did > receive it without problem. That is MailScanner didn't intercept it > as virus mail. The error message is the same as above. > > At least I've narrowed down the problem now. Do you still want me to > send it to you (as attachment eml)? Or Julian wants it too? It's up to you (I suspect it's not going to prove much other than my system is working and your isn't, which isn't really helpful ;-) ) > > btw, I've switched my gateway with a new box running latest FreeBSD > 5.4 and MailScanner 4.43.8. I'm using the old box as testing now. I assume you have installed them all from the ports tree? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jul 12 20:12:55 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:17 2006 Subject: Simple ReadMe Document? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner wrote: > Hi, > > Does anyone know of a simple Readme Doc for users? > > I was looking for something I could send new e-mail users that would explain > the do's and don'ts for using MailScanner/ClamAV/SpamAssasin systems. > I can find bits and pieces but no single "easy to understand" documantation. > For users, it is very hard to have a simple Readme since every setup is different. I store high spam and others deliver it. I 'attachment deliver' regular spam, others just deliver. Some give access to the quarantine to all users, some to restricted # of users, some not all. You see how, with MailScanner's flexibility, it is hard to have a standard way to educate users? Better have a web page, because your doc will eventually change. Regards, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Tue Jul 12 20:26:18 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:17 2006 Subject: (High) Spam Actions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Hampton wrote: > $ grep InternalActions /etc/MailScanner/MailScanner.conf > Spam Actions = &InternalActions; > High Scoring Spam Actions = &InternalActions; > Non Spam Actions = &InternalActions; Got it - the parser for the config file treats things slightly oddly. When calling the InitInternalActions and EndInternalActions it ignores the ";" on the end. However when calling the function itself it leaves the ";" in place. So user error ;-) Hangs head in shame and quickly exits the room....... matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jul 12 20:31:54 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:17 2006 Subject: Virus mail slipped through under special Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, I'm using BitDefender, ClamAV (clamavmodule) and f-prot. All are built from the port tree. The AV are working fine (they do catch virus mail) except this kind of mail. I'm going to send you the mail for you to have a look. Anyway, what is the error message saying? Cheers Raylund Drew Marshall wrote: > Raylund Lai wrote: > >> I was also testing MailScanner in debug mode and feeding the virus >> email manually (via telnet). MailScanner let the virus mail through >> and the console return MailScanner error: >> >> ----- begin MailScanner output ----- >> mxgw# /usr/local/etc/rc.d/mailscanner.sh start >> Starting MailScanner... >> In Debugging mode, not forking... >> SA bayes lock is /root/.spamassassin/bayes.lock >> Bayes lock is at /root/.spamassassin/bayes.lock >> format error: can't find EOCD signature >> at /usr/local/libexec/MailScanner/MailScanner line 598 >> Stopping now as you are debugging me. >> ----- end MailScanner output ----- > > > Which AV scanner(s) are you using and have you checked the > corresponding entries in /usr/local/etc/MailScanner/virus.scanners.conf? > >> >> I tried to send the virus mail as attachment of eml file out to my >> hotmail account, but my mail server virusscan quarantined it. I also >> tried to send it directly to the mail gateway and my hotmail did >> receive it without problem. That is MailScanner didn't intercept it >> as virus mail. The error message is the same as above. >> >> At least I've narrowed down the problem now. Do you still want me to >> send it to you (as attachment eml)? Or Julian wants it too? > > > It's up to you (I suspect it's not going to prove much other than my > system is working and your isn't, which isn't really helpful ;-) ) > >> >> btw, I've switched my gateway with a new box running latest FreeBSD >> 5.4 and MailScanner 4.43.8. I'm using the old box as testing now. > > > I assume you have installed them all from the ports tree? > > Drew > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Tue Jul 12 20:37:37 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:30:17 2006 Subject: mailscanner + spamassassin vs assp Message-ID: What is the difference between mailscanner an assp?? http://assp.sourceforge.net/ I like to make a good chose. Easy config + good results. Has anyoe has some idea's?? Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Tue Jul 12 20:56:36 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:17 2006 Subject: DCC and RAZOR2 checks Message-ID: Hello all, i have disabled dcc and razor2 checks in the spam.assassin.prefs.conf use_dcc 0 use_pyzor 1 use_razor2 0 skip_rbl_checks 1 dns_available yes rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 MailScanner.conf settings for spam.assassin.prefs.conf %etc-dir% = /etc/MailScanner SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf But even then i am seeing dcc (DCC_CHECK) and razor2 (RAZOR2_CHECK) score in the messages that got scanned. I recently upgraded to spamassassin 3.0.4. Any ideas why the pref file setting are not contorlling the DCC and razor ? Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DCurtis at SBSCHOOLS.NET Tue Jul 12 21:42:03 2005 From: DCurtis at SBSCHOOLS.NET (David Curtis) Date: Thu Jan 12 21:30:17 2006 Subject: mailscanner + spamassassin vs assp Message-ID: I tried many, many spam fighting software programs and have never been more impressed with a product as MailScanner. It took me a while to get every thing the way I wanted because I am new to linux. I tried ASSP and it is good but I don't think nearly as good as MailScanner. I had also found it to be pretty light weight and not as configurable. Maybe I missed some features but I did not see options to add to ASSP like external virus scanners. I have never subscribed to the ASSP mailing list but I can tell you that the mailscanner mailing list is worth its wait in gold. I have been running mailscanner for many months now and it is rock solid. I have become so comfortable with it that I have started to install it in some of my customers networks. Just my 2cents. >>> kte@NEXIS.BE 7/12/2005 3:37:37 PM >>> What is the difference between mailscanner an assp?? http://assp.sourceforge.net/ I like to make a good chose. Easy config + good results. Has anyoe has some idea's?? Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jul 12 22:25:58 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:17 2006 Subject: OT Changing the locahost.localdomain value Message-ID: When I get emails from my MailScanner machine they are from: postmaster@localhost.localdomain for example. How can I change this to what I want it to? If I type host it returns: WoodenMS.woodmaclaw.local which is what I want it to be. Thank you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Tue Jul 12 22:31:14 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:30:17 2006 Subject: OT Changing the locahost.localdomain value Message-ID: Hi! > When I get emails from my MailScanner machine they are from: > postmaster@localhost.localdomain for example. > > How can I change this to what I want it to? > > If I type host it returns: WoodenMS.woodmaclaw.local which is what I > want it to be. Most likely you need to fix your /etc/hosts or your sendmail.cf Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at caspercollege.edu Tue Jul 12 22:55:26 2005 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Jan 12 21:30:17 2006 Subject: Keyword Content filtering W/O SA? Message-ID: MCP requires SA correct? I can't install SA because it requires a newer version of perl than what is installed on my MS boxes and I'm not sure I need SA anyway. Are there alternatives? Is it possible to setup a content rule file to delete spam messages based on keywords? It doesn't seem that MailScanner will look at the message header or content and delete based on a ruleset. How about something other than SA? Julian, can MS be modified to use a simple ruleset for content filtering? Dan Dan Straka Academic Systems Specialist Casper College (307) 268-2399 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Tue Jul 12 22:45:02 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:17 2006 Subject: System variables in MailScanner.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We are currently in the process of migrating our mail gateways to a common operating system and configuration. Currently they are split between CentOS and FreeBSD. We found an interesting little "feature" during the most recent upgrade to MS 4.43.8. The config file refers to "$HOSTNAME" which on our CentOS testing box worked perfectly. So we got around to pushing the config out to all the production machines. Problem - only the CentOS-based machines are reporting their hostname, and the FreeBSD boxes aren't. 2 minutes of playing revealed we needed "$HOST" on FreeBSD, and "$HOTNAME" on Linux. Bah - back to separate configs :( Just thought this little gem might help others. As we're not going to be keeping the FreeBSD boxes, I'm not particularly heart-broken. They are also fairly old (fBSD 4.6.1) which may have something to do with the "$HOST" vs "$HOSTNAME" thing too. Anyone else seen this? If this is a fBSD thing, it might be a handy exception to mention in the config file comments. Cheers, James -- How do I get HOME? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jul 13 01:00:03 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:17 2006 Subject: System variables in MailScanner.conf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: >We are currently in the process of migrating our mail gateways to a common >operating system and configuration. Currently they are split between CentOS >and FreeBSD. We found an interesting little "feature" during the most recent >upgrade to MS 4.43.8. > >The config file refers to "$HOSTNAME" which on our CentOS testing box worked >perfectly. So we got around to pushing the config out to all the production >machines. Problem - only the CentOS-based machines are reporting their >hostname, and the FreeBSD boxes aren't. 2 minutes of playing revealed we >needed "$HOST" on FreeBSD, and "$HOTNAME" on Linux. Bah - back to separate >configs :( > >Just thought this little gem might help others. As we're not going to be >keeping the FreeBSD boxes, I'm not particularly heart-broken. They are also >fairly old (fBSD 4.6.1) which may have something to do with the "$HOST" vs >"$HOSTNAME" thing too. Anyone else seen this? If this is a fBSD thing, it >might be a handy exception to mention in the config file comments. > > Looks like it's a FreeBSD thing as my FreeBSD boxes (5.3 & 5.4) all like $HOST and 'Undefined Variable' $HOSTNAME Just out of interest, why the switch to CentOS over fBSD? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mll at SEA.ALASKAMARITIME.COM Wed Jul 13 00:46:29 2005 From: mll at SEA.ALASKAMARITIME.COM (Meryll Larkin) Date: Thu Jan 12 21:30:17 2006 Subject: installation trouble RH7.2 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 7/12/05 Thanks for reading. Suggestions appreciated. If you are going to tell me to read documentation, please be specific about which documentation where. I tried unsuccessfully to find some applicable docs myself before sending this. I will read. The server I am attempting to install MailScanner on has: RedHat v 7.2 perl, v5.6.0 built for i386-linux sendmail This is already a working mail relay server on the WAN but not the primary mailserver so it does not have Spamassasin, etc.... the WAN mail server does. I've previously installed MailScanner on 4 other servers with no problems (following same directions), but I installed earlier versions of MailScanner. I am using MailScanner solely for the function of being able to route outgoing email server-side. I first attempted to install the newest stable MailScanner version: MailScanner-4.43.8-1.rpm.tar.gz I got the following error during install: Can't locate object method "cmd_head3" via package "Pod::Man" at /usr/lib/perl5/ 5.6.0/Pod/Man.pm line 463, line 30. make: *** [manifypods] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.48087 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.48087 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm. Maybe it did not build correctly? Well, turns out Man.pm does not have a sub cmd_head3 in the Man.pm that comes with Perl 5.6. For that, I would need Perl 5.8. I thought of upgrading Perl but after searching the Web and seeing all the trouble others had trying to upgrade Perl on RH7.2, I thought maybe I would just uninstall MailScanner new version and install MailScanner known good old version. Unfortunately, that did not work. At this point it looks like the MailScanner install is not completely undone by rpm -e mailscanner-4.43.8-1 The error I get when I try to start the service, looks like this: MailScanner: Can't locate Net/CIDR.pm in @INC ( @INC contains: (list of paths including the one that CIDR.pm is on which is /usr/lib/site_perl/5.6.0/Net/CIDR.pm) at /usr/lib/MailScanner/MailScanner/Config.pm line 34. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Config.pm line 34. Compilation failed in require at /usr/sbin/MailScanner line 64. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. The error I got when I tried installing an earlier version after I thought I had removed the newest version looks like this: Failed Test Status Wstat Total Fail Failed List of failed ------------------------------------------------------------------------------- t/Body.t 2 512 ?? ?? % ?? t/Decoder.t 2 512 ?? ?? % ?? t/Entity.t 2 512 ?? ?? % ?? t/Gauntlet.t 2 512 ?? ?? % ?? t/Head.t 2 512 ?? ?? % ?? t/Misc.t 2 512 ?? ?? % ?? t/Parser.t 2 512 ?? ?? % ?? t/Ref.t 2 512 ?? ?? % ?? Failed 8/10 test scripts, 20.00% okay. 0/20 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 29 error: Bad exit status from /var/tmp/rpm-tmp.61130 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.61130 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-MIME-tools-5.411-pl4.3.noarch.rpm. Maybe it did not build correctly? BEGIN failed--compilation aborted at blib/lib/Convert/TNEF.pm line 26. Compilation failed in require at t/test.t line 11. BEGIN failed--compilation aborted at t/test.t line 11. t/test..............dubious Test returned status 2 (wstat 512, 0x200) DIED. FAILED tests 1-12 Failed 12/12 tests, 0.00% okay Failed Test Status Wstat Total Fail Failed List of failed ------------------------------------------------------------------------------- t/test.t 2 512 12 12 100.00% 1-12 Failed 1/1 test scripts, 0.00% okay. 12/12 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.89332 (%build) Meryll Larkin System Administrator ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Wed Jul 13 01:41:54 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:30:17 2006 Subject: System variables in MailScanner.conf Message-ID: > Looks like it's a FreeBSD thing as my FreeBSD boxes (5.3 & 5.4) all like > $HOST and 'Undefined Variable' $HOSTNAME Maybe HOSTNAME is set by the shell, works in bash. A grep for HOSTNAME returns among others these: /etc/profile: HOSTNAME=`/bin/hostname`; export HOSTNAME So you I guess you would have to put in /etc/csh.login or in ~/.cshrc setenv HOSTNAME `/bin/hostname` -- Med vennlig hilsen Lars Kristiansen A D V E N T U R A S Tlf: 22 20 59 90 Fax: 22 20 59 91 lars@adventuras.no http://www.adventuras.no ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jul 13 02:54:50 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:17 2006 Subject: DCC and RAZOR2 checks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Maybe a silly question but did you doa reload or restart after making the changes? Venkata Achanta wrote: > Hello all, > > i have disabled dcc and razor2 checks in the spam.assassin.prefs.conf > > use_dcc 0 > use_pyzor 1 > use_razor2 0 > skip_rbl_checks 1 > dns_available yes > rbl_timeout 20 > razor_timeout 10 > pyzor_timeout 10 > > MailScanner.conf settings for spam.assassin.prefs.conf > > %etc-dir% = /etc/MailScanner > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > But even then i am seeing dcc (DCC_CHECK) and razor2 (RAZOR2_CHECK) score > in the messages that got scanned. > > I recently upgraded to spamassassin 3.0.4. Any ideas why the pref file > setting are not contorlling the DCC and razor ? > > > Thanks much, > Venkata Achanta > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Wed Jul 13 03:36:25 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:17 2006 Subject: System variables in MailScanner.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, 13 Jul 2005 10:00 am, Drew Marshall wrote: > Just out of interest, why the switch to CentOS over fBSD? It's a political thing mostly. We do a lot of work for two multi-national Linux vendors and so have pretty open access to licenses and support. So the decision was made to standardise on a single *nix, considering we're using CentOS for testing and evaluation...I'm sure you can fill in the blanks ;) Personally I prefer the whole SysV thing (al la Linux/Solaris/etc) and binary packaging systems (compiling everything from source is a pain IMHO). I can manage fBSD, but I've never really "liked" it. But that's totally subjective - I'm not trying to start a holy war. From vachanta at GMAIL.COM Wed Jul 13 05:42:09 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:17 2006 Subject: DCC and RAZOR2 checks Message-ID: yes sir ;-), i did restart MS. Also i did a shut down -r now,but no luck..... i would ask the same question if this didnt happen to me. No question is silly ......Thanks for the response Anything else i should be checking? On Wed, 13 Jul 2005 11:54:50 +1000, Peter Russell wrote: >Maybe a silly question but did you doa reload or restart after making >the changes? > >Venkata Achanta wrote: >> Hello all, >> >> i have disabled dcc and razor2 checks in the spam.assassin.prefs.conf >> >> use_dcc 0 >> use_pyzor 1 >> use_razor2 0 >> skip_rbl_checks 1 >> dns_available yes >> rbl_timeout 20 >> razor_timeout 10 >> pyzor_timeout 10 >> >> MailScanner.conf settings for spam.assassin.prefs.conf >> >> %etc-dir% = /etc/MailScanner >> SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf >> >> But even then i am seeing dcc (DCC_CHECK) and razor2 (RAZOR2_CHECK) score >> in the messages that got scanned. >> >> I recently upgraded to spamassassin 3.0.4. Any ideas why the pref file >> setting are not contorlling the DCC and razor ? >> >> >> Thanks much, >> Venkata Achanta >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! >========================================================================= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-list at OKLA.COM Wed Jul 13 07:00:59 2005 From: mailscanner-list at OKLA.COM (Tracy Greggs) Date: Thu Jan 12 21:30:17 2006 Subject: Another lint error Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks. Found in in my spam.assassin.prefs.conf. Funky search and replace I did apparently. Sleep helps too :) Tracy ----- Original Message ----- From: "Matt Kettler" To: Sent: Tuesday, July 12, 2005 11:02 AM Subject: Re: Another lint error > Tracy Greggs wrote: >> My lint test results include about 20 lines of this: >> >> Argument "NJABL" isn't numeric in addition (+) at >> /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Conf.pm line 244 > > Looks like you've got some screwed up score lines in your config file. > > check your files. Score lines should be in one of the following format: > > score NAME number > > score NAME number number number number > > > Grep around in your config files for NJABL and look for a messed up score > line. > > grep NJABL /usr/share/spamassassin/*.cf > grep NJABL /etc/mail/spamassassin/*.cf > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Manfred.Gsell at ECOFINANCE.COM Wed Jul 13 08:16:07 2005 From: Manfred.Gsell at ECOFINANCE.COM (Manfred Gsell) Date: Thu Jan 12 21:30:17 2006 Subject: Truncated subject with MailScanner 4.43.8-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, When i send a message with Subject: Im Sekretariat liegen wieder K+Ö Gutscheine für eine Tasse Kaffee auf, lg Ina. Mail-Source: Subject: Im Sekretariat liegen wieder K+=?ISO-8859-1?Q?=D6_Gutscheine_?= =?ISO-8859-1?Q?f=FCr_eine_Tasse_Kaffee_auf=2C_lg_Ina=2E?= Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit The recipient gets: Im Sekretariat liegen wieder K+X Gutscheine Mail-Source: Subject: Im Sekretariat liegen wieder K+X Gutscheine Any idea what happens to the rest of the subject ? If I send this messages without "Mailscanner" , i get the whole Subject. tia, Manfred Gsell. -- ecofinance Finanzsoftware & Consulting GmbH Graz / Vienna / Essen / London Grieskai 10, 8020 Graz, Austria Phone: (++43) 316 908030 Fax: (++43) 316 908030-24 http://www.ecofinance.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 08:41:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:17 2006 Subject: System variables in MailScanner.conf Message-ID: If using the wrong one gives you an empty string (it should do) then what's wrong with Hostname = ${HOSTNAME}${HOST} and one of them will always fire. On 12 Jul 2005, at 22:45, James Gray wrote: > We are currently in the process of migrating our mail gateways to a > common > operating system and configuration. Currently they are split > between CentOS > and FreeBSD. We found an interesting little "feature" during the > most recent > upgrade to MS 4.43.8. > > The config file refers to "$HOSTNAME" which on our CentOS testing > box worked > perfectly. So we got around to pushing the config out to all the > production > machines. Problem - only the CentOS-based machines are reporting > their > hostname, and the FreeBSD boxes aren't. 2 minutes of playing > revealed we > needed "$HOST" on FreeBSD, and "$HOTNAME" on Linux. Bah - back to > separate > configs :( > > Just thought this little gem might help others. As we're not going > to be > keeping the FreeBSD boxes, I'm not particularly heart-broken. They > are also > fairly old (fBSD 4.6.1) which may have something to do with the > "$HOST" vs > "$HOSTNAME" thing too. Anyone else seen this? If this is a fBSD > thing, it > might be a handy exception to mention in the config file comments. > > Cheers, > > James > -- > How do I get HOME? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 08:43:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:17 2006 Subject: Truncated subject with MailScanner 4.43.8-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The RFC specifies that the continuation lines (2nd line and following lines of Subject:) must start with whitespace. Whatever is writing your queue files is doing it wrong. On 13 Jul 2005, at 08:16, Manfred Gsell wrote: > Hello, > > > When i send a message with Subject: > Im Sekretariat liegen wieder K+Ö Gutscheine für eine Tasse Kaffee > auf, lg Ina. > Mail-Source: > > Subject: Im Sekretariat liegen wieder K+=?ISO-8859-1?Q? > =D6_Gutscheine_?= > =?ISO-8859-1?Q?f=FCr_eine_Tasse_Kaffee_auf=2C_lg_Ina=2E?= > Content-Type: text/plain; charset=us-ascii; format=flowed > Content-Transfer-Encoding: 7bit > > > The recipient gets: > Im Sekretariat liegen wieder K+X Gutscheine > Mail-Source: > > Subject: Im Sekretariat liegen wieder K+X Gutscheine > > > > Any idea what happens to the rest of the subject ? If I send this > messages without "Mailscanner" , i get the whole Subject. > > > tia, Manfred Gsell. > > -- > > ecofinance Finanzsoftware & Consulting GmbH > Graz / Vienna / Essen / London > Grieskai 10, 8020 Graz, Austria > Phone: (++43) 316 908030 > Fax: (++43) 316 908030-24 > http://www.ecofinance.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Wed Jul 13 08:38:39 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:17 2006 Subject: [update] virus mail slipped through Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, After some research and testing. Here is my conclusion. By the hint of MailScanner error message, "format error: can't find EOCD signature", I found that is related to corrupted archive (may be produced by Archive::Zip). Then I feed the virus mail (in .eml format) to this web site http://www.virustotal.com/flash/index_en.html which will scan the uploaded file by a bunch of current virus scanners. Here is the interesting result. Antivirus Version Update Result AntiVir 6.31.0.9 07.13.2005 no virus found AVG 718 07.12.2005 no virus found Avira 6.31.0.9 07.13.2005 no virus found BitDefender 7.0 07.13.2005 no virus found ClamAV devel-20050501 07.13.2005 no virus found DrWeb 4.32b 07.13.2005 no virus found eTrust-Iris 7.1.194.0 07.12.2005 no virus found eTrust-Vet 11.9.1.0 07.13.2005 Win32.Mytob.FI!ZIP Fortinet 2.36.0.0 07.13.2005 suspicious F-Prot 3.16c 07.12.2005 no virus found Ikarus 2.32 07.12.2005 no virus found Kaspersky 4.0.2.24 07.13.2005 no virus found McAfee 4533 07.12.2005 Generic Malware.a!zip NOD32v2 1.1167 07.13.2005 archive damaged Norman 5.70.10 07.12.2005 no virus found Panda 8.02.00 07.12.2005 no virus found Sybari 7.5.1314 07.13.2005 no virus found Symantec 8.0 07.12.2005 no virus found TheHacker 5.8.2.070 07.13.2005 no virus found VBA32 3.10.4 07.12.2005 no virus found Although I use different versions of BitDefender, ClamAV and f-prot on MailScanner, I think they share the same signatures. That's why my gateway let go of this virus mail. Further testing, I detached the virus and uploaded to the same web site. Here comes a more interesting result. Antivirus Version Update Result AntiVir 6.31.0.9 07.13.2005 Worm/Mytob.GK AVG 718 07.12.2005 no virus found Avira 6.31.0.9 07.13.2005 Worm/Mytob.GK BitDefender 7.0 07.13.2005 no virus found ClamAV devel-20050501 07.13.2005 no virus found DrWeb 4.32b 07.13.2005 no virus found eTrust-Iris 7.1.194.0 07.12.2005 no virus found eTrust-Vet 11.9.1.0 07.13.2005 Win32.Mytob.FI!ZIP Fortinet 2.36.0.0 07.13.2005 suspicious F-Prot 3.16c 07.12.2005 no virus found Ikarus 2.32 07.12.2005 no virus found Kaspersky 4.0.2.24 07.13.2005 no virus found McAfee 4533 07.12.2005 Generic Malware.a!zip NOD32v2 1.1167 07.13.2005 archive damaged Norman 5.70.10 07.12.2005 no virus found Panda 8.02.00 07.12.2005 no virus found Sybari 7.5.1314 07.13.2005 no virus found Symantec 8.0 07.12.2005 no virus found TheHacker 5.8.2.070 07.13.2005 W32/Generic!zip-dobleextension VBA32 3.10.4 07.12.2005 no virus found More virus scanners have detected the zip file as virus. This may due to some virus scanners could not decode MIME in the previous uploaded as a whole mail file. But, still, the 3 virus scanners I used on the gateway won't detect it. In both results, I noticed that NOD32v2 did say "archive damaged". McAfee and TheHacker said "generic". Hence, my conclusion is that somehow the bounced virus mail attachment was damaged. Thus MailScanner could not extract the zipped file for scanning or actually the 3 virus scanners could not detect it. I still don't understand one thing. It's why all the bounced virus mail were corrupted but the non-bounced mail (the same sender has sent the same mail to a valid account) are not. My gateway intercepted them. Anyway, I'm happy to know that my system still in good shape without hole. :) btw, Drew, did you received my email? Do your MailScanner intercept it? Cheers Raylund ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jul 13 09:03:33 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:17 2006 Subject: [update] virus mail slipped through Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, July 13, 2005 8:38, Raylund Lai said: > btw, Drew, did you received my email? Do your MailScanner intercept it? Yes, I received it and replied. Your attachment (The zip file) was corrupt an therefore not a virus (Although probably was once). I would suspect that as your secondary mx is running Postfix, they have left the default bounce message length setting in place, which in turn has truncated the attachment and rendered it useless. Although it will have retained the original file attributes, it hasn't retained the file's contents. It came through my gateway without problem but I couldn't unpack the attachment, hence why none of my AV detected it. Drew PS Glad it's storted! -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Manfred.Gsell at ECOFINANCE.COM Wed Jul 13 09:08:23 2005 From: Manfred.Gsell at ECOFINANCE.COM (Manfred Gsell) Date: Thu Jan 12 21:30:17 2006 Subject: Truncated subject with MailScanner 4.43.8-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, there is a whitespace at the begin of the 2nd line. It seems to be lost while copy and paste... Julian Field schrieb: > The RFC specifies that the continuation lines (2nd line and following > lines of Subject:) must start with whitespace. > Whatever is writing your queue files is doing it wrong. > > On 13 Jul 2005, at 08:16, Manfred Gsell wrote: > >> Hello, >> >> >> When i send a message with Subject: >> Im Sekretariat liegen wieder K+Ö Gutscheine für eine Tasse Kaffee >> auf, lg Ina. >> Mail-Source: >> >> Subject: Im Sekretariat liegen wieder K+=?ISO-8859-1?Q? >> =D6_Gutscheine_?= >> =?ISO-8859-1?Q?f=FCr_eine_Tasse_Kaffee_auf=2C_lg_Ina=2E?= >> Content-Type: text/plain; charset=us-ascii; format=flowed >> Content-Transfer-Encoding: 7bit >> >> >> The recipient gets: >> Im Sekretariat liegen wieder K+X Gutscheine >> Mail-Source: >> >> Subject: Im Sekretariat liegen wieder K+X Gutscheine >> >> >> >> Any idea what happens to the rest of the subject ? If I send this >> messages without "Mailscanner" , i get the whole Subject. >> >> >> tia, Manfred Gsell. >> >> -- >> >> ecofinance Finanzsoftware & Consulting GmbH >> Graz / Vienna / Essen / London >> Grieskai 10, 8020 Graz, Austria >> Phone: (++43) 316 908030 >> Fax: (++43) 316 908030-24 >> http://www.ecofinance.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > -- ecofinance Finanzsoftware & Consulting GmbH Graz / Vienna / Essen / London Grieskai 10, 8020 Graz, Austria Phone: (++43) 316 908030 Fax: (++43) 316 908030-24 http://www.ecofinance.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Wed Jul 13 09:10:53 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:17 2006 Subject: [update] virus mail slipped through Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, Thanks for your help. :) You're right that my backup MX may truncated the bounced message. I can have a good sleep now. ;) Cheers Raylund Drew Marshall wrote: >On Wed, July 13, 2005 8:38, Raylund Lai said: > > >>btw, Drew, did you received my email? Do your MailScanner intercept it? >> >> > >Yes, I received it and replied. Your attachment (The zip file) was corrupt >an therefore not a virus (Although probably was once). I would suspect >that as your secondary mx is running Postfix, they have left the default >bounce message length setting in place, which in turn has truncated the >attachment and rendered it useless. Although it will have retained the >original file attributes, it hasn't retained the file's contents. > >It came through my gateway without problem but I couldn't unpack the >attachment, hence why none of my AV detected it. > >Drew > >PS Glad it's storted! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Wed Jul 13 09:18:47 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:30:17 2006 Subject: mail is not send after upgrading postfix + mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, i m using postfix + mailscanner + clamav. after upgrading postfix and mailscanner mails are not sent. when i want to try send mail it is deferred 1st, chkin and then requeued. after requeued it was not send. here is my postfix and mailscanner version info- # apt-show-versions -p postfix postfix/testing uptodate 2.2.3-3 # apt-show-versions -p mailscanner mailscanner/testing uptodate 4.41.3-2 after requeued, in mail.log there is- MailScanner[17756]: Requeue: C03F8D6BC3.6F395 to 3ACF67F404 what can i do now to fix it, pls advice. thanks meshbah __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Jul 13 09:35:02 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:17 2006 Subject: mail is not send after upgrading postfix + Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, July 13, 2005 9:18, Meshbah Uddin Ahmed said: > Hi, > i m using postfix + mailscanner + clamav. after > upgrading postfix and mailscanner mails are not sent. > when i want to try send mail it is deferred 1st, chkin > and then requeued. after requeued it was not send. > > here is my postfix and mailscanner version info- > > # apt-show-versions -p postfix > postfix/testing uptodate 2.2.3-3 > # apt-show-versions -p mailscanner > mailscanner/testing uptodate 4.41.3-2 > > after requeued, in mail.log there is- > > MailScanner[17756]: Requeue: C03F8D6BC3.6F395 to > 3ACF67F404 You will have to give me a bit more to go on. However, things to check first: Make sure there are no other files in the Postfix queue files, e.g. Razor log files. Check which Postfix/ MailScanner set up you are using, 1 or two instance (Hold queue or defer) then check the wiki instructions for hashed queue files see the 'section mail not being delivered' from here http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation#problems_or_errors Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Wed Jul 13 09:31:09 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:17 2006 Subject: SMGateway / IFrame Message-ID: Hi Im running SMGateway and started out having the “Allow IFrame Tags” option set to the default “disarm” value. A customer complained that a newsletter did not get to him but instead he got this mail: ********* snip ******** At Wed Jul 13 09:28:49 2005 the content filters said: MailScanner: Found dangerous IFrame tag in HTML message *********** I changed the setting to “yes” but this still happens. Am I looking at the wrong setting? Regards Jan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jul 13 12:02:51 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:17 2006 Subject: SMGateway / IFrame Message-ID: Jan Agermose scribbled on 13 July 2005 9:31: > I changed the setting to "yes" but this still happens. Am I looking > at the wrong setting? Silly question, but did you do a reload after changing your settings? Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jul 13 12:42:26 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:17 2006 Subject: OT: Aeron chairs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you have the chair yet, can we expect a review? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Wed Jul 13 12:59:58 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:17 2006 Subject: Catching mytob output. Message-ID: Hi, I'm getting a load of stuff through which looks like it's the standard garbage from Mytob "you've been sending spam" "your account records are out of date" that kind of thing. For whatever reason, they seem to have attached zipfiles of 98 bytes in length - which if those are viruses, all power to compact code, but they won't unzip (and I'm too scared to try opening them on a doze box!). Neither Clam nor Sophos complain at them. Anyone know of a good way to have MS filter them? Perhaps there is an SA ruleset or similar? Thanks Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 13:31:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:17 2006 Subject: OT: Aeron chairs Message-ID: I decided against the Aeron, and went for a Humanscale "Freedom" chair instead. Due at the very end of this month. On 13 Jul 2005, at 12:42, Pete Russell wrote: > Do you have the chair yet, can we expect a review? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Jul 13 13:49:31 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:17 2006 Subject: SMGateway / IFrame Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jan Agermose > Sent: Wednesday, July 13, 2005 4:31 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SMGateway / IFrame > > Hi > > > > Im running SMGateway and started out having the "Allow IFrame Tags" option > set to the default "disarm" value. A customer complained that a newsletter > did not get to him but instead he got this mail: > > Jan, Please email me off list regarding this problems. We'll see if we can assist. Generally SMGateway problems should be reported to: http://www.fsl.com/feedback/feedback.php Thanks, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 13 13:55:50 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:17 2006 Subject: howto stop 1 users outgong mail from being scanned & headers changed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Dan Carl wrote: > >> I have a user named "mailer" that I use to send bulk emails. >> I don't want Mailscanner to scan or change headers on any of its >> outgoing >> mail. >> I made a virus.scanning.rules listed below. >> From: mailer@mydomain.com no >> FromOrTo: default yes >> >> and a signing rule as follows >> From: mailer@mydomain.com no >> FromOrTo: default yes >> >> When I send emails they are still sent via Mailscanner >> >> > > Correct MS will still process them...you also prob want to skip the > spam scanning, iframe tests etc etc > > And you'll also want to prepare for when a virus/worm/luser places "from:mailer@mydomain.com" as his origin address and uses your server to send out mail. Even if you have SMTP auth or some other method of making sure people outside don't use you as a relay, it's better for cases like these to add "and From:127.0.0.1" or "and From:192.168.0.x" to be sure. And besides, you want messages not to be "touched" by MailScanner, so why not set an additional MTA process on a different port to take care of this? In any case, I hope this "bulk email" you talk about is not spam. I've started to notice local spammers and local ISP-friendly spammers are starting to use MailScanner, "amavisd", SpamAssassin's milter, and other antispam tools. Ironic. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Wed Jul 13 14:33:56 2005 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:30:17 2006 Subject: System variables in MailScanner.conf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > We are currently in the process of migrating our mail gateways to a common > operating system and configuration. Currently they are split between CentOS > and FreeBSD. We found an interesting little "feature" during the most recent > upgrade to MS 4.43.8. > > The config file refers to "$HOSTNAME" which on our CentOS testing box worked > perfectly. So we got around to pushing the config out to all the production > machines. Problem - only the CentOS-based machines are reporting their > hostname, and the FreeBSD boxes aren't. 2 minutes of playing revealed we > needed "$HOST" on FreeBSD, and "$HOTNAME" on Linux. Bah - back to separate > configs :( That is a pretty small item to force a system wide change of OS IMO. You could change the source yourself before you push it out. > > Just thought this little gem might help others. As we're not going to be > keeping the FreeBSD boxes, I'm not particularly heart-broken. They are also > fairly old (fBSD 4.6.1) which may have something to do with the "$HOST" vs > "$HOSTNAME" thing too. Anyone else seen this? If this is a fBSD thing, it > might be a handy exception to mention in the config file comments. FBSD 4.6.1 old? What is old? If I had a FBSD 3.5 box still working and running under a secure config I would not hesitate to keep it online. I currently have one of my mailscanner boxes running FreeBSD 4.8 and one running FBSD 5.3. The 4.8 box handles just as much traffic, just as well. DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spiv007 at gmail.com Wed Jul 13 14:45:33 2005 From: spiv007 at gmail.com (badmoon) Date: Thu Jan 12 21:30:17 2006 Subject: rbl list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I using an rbl list but one of my users is on dsl and relay their email box to our server and the rbl list boxes it. how can i add the ip address to a list so i does not get block by rbl? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Wed Jul 13 14:52:43 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:17 2006 Subject: rbl list Message-ID: Depends on a few things but if you're using Sendmail and Bind, try this http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/325.html Tony. badmoon Sent by: MailScanner mailing list 07/13/2005 11:45 PM Please respond to badmoon To MAILSCANNER@JISCMAIL.AC.UK cc Subject rbl list I using an rbl list but one of my users is on dsl and relay their email box to our server and the rbl list boxes it. how can i add the ip address to a list so i does not get block by rbl? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 14:51:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:17 2006 Subject: rbl list Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Add a ruleset so that mail from him/her is not checked against that RBL. There have been many examples of rulesets published to this list, and contained in the wiki at wiki.mailscanner.info. On 13 Jul 2005, at 14:45, badmoon wrote: > I using an rbl list but one of my users is on dsl and relay their > email box to our server and the rbl list boxes it. how can i add the > ip address to a list so i does not get block by rbl? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtUcaRH2WUcUFbZUEQLX2gCg3xz8BdiMawLXsaV/GTgi+qSrhvEAoLTE OtK8u5EuOsMrEGeLSBJDl0vW =tFoB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chen at HHMI.UMBC.EDU Wed Jul 13 15:03:58 2005 From: chen at HHMI.UMBC.EDU (Yu Chen) Date: Thu Jan 12 21:30:17 2006 Subject: System variables in MailScanner.conf Message-ID: > James Gray wrote: > >> We are currently in the process of migrating our mail gateways to a common >> operating system and configuration. Currently they are split between >> CentOS and FreeBSD. We found an interesting little "feature" during the >> most recent upgrade to MS 4.43.8. >> >> The config file refers to "$HOSTNAME" which on our CentOS testing box >> worked perfectly. So we got around to pushing the config out to all the >> production machines. Problem - only the CentOS-based machines are >> reporting their hostname, and the FreeBSD boxes aren't. 2 minutes of >> playing revealed we needed "$HOST" on FreeBSD, and "$HOTNAME" on Linux. >> Bah - back to separate configs :( >> >> Just thought this little gem might help others. As we're not going to be >> keeping the FreeBSD boxes, I'm not particularly heart-broken. They are >> also fairly old (fBSD 4.6.1) which may have something to do with the >> "$HOST" vs "$HOSTNAME" thing too. Anyone else seen this? If this is a >> fBSD thing, it might be a handy exception to mention in the config file >> comments. >> > Looks like it's a FreeBSD thing as my FreeBSD boxes (5.3 & 5.4) all like > $HOST and 'Undefined Variable' $HOSTNAME > Hah, interesting, my FreeBSD box(4.5) recognize $HOSTNAME not $HOST. > Just out of interest, why the switch to CentOS over fBSD? > > Drew > > > =========================================== Yu Chen Howard Hughes Medical Institute Chemistry Building, Rm 182 University of Maryland at Baltimore County 1000 Hilltop Circle Baltimore, MD 21250 phone: (410)455-6347 (primary) (410)455-2718 (secondary) fax: (410)455-1174 email: chen@hhmi.umbc.edu =========================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chen at HHMI.UMBC.EDU Wed Jul 13 15:08:18 2005 From: chen at HHMI.UMBC.EDU (Yu Chen) Date: Thu Jan 12 21:30:18 2006 Subject: System variables in MailScanner.conf Message-ID: >> Looks like it's a FreeBSD thing as my FreeBSD boxes (5.3 & 5.4) all like >> $HOST and 'Undefined Variable' $HOSTNAME > Actually, just took a look at 'man bash', it says "HOSTNAME" automatically set to the name of the current host. :-) Chen > Maybe HOSTNAME is set by the shell, works in bash. > A grep for HOSTNAME returns among others these: > /etc/profile: > HOSTNAME=`/bin/hostname`; export HOSTNAME > > So you I guess you would have to put in > /etc/csh.login or in ~/.cshrc > setenv HOSTNAME `/bin/hostname` > > > -- > Med vennlig hilsen > Lars Kristiansen > > A D V E N T U R A S > Tlf: 22 20 59 90 > Fax: 22 20 59 91 > lars@adventuras.no > http://www.adventuras.no > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > =========================================== Yu Chen Howard Hughes Medical Institute Chemistry Building, Rm 182 University of Maryland at Baltimore County 1000 Hilltop Circle Baltimore, MD 21250 phone: (410)455-6347 (primary) (410)455-2718 (secondary) fax: (410)455-1174 email: chen@hhmi.umbc.edu =========================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From HancockS at MORGANCO.COM Wed Jul 13 15:40:31 2005 From: HancockS at MORGANCO.COM (Hancock, Scott) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: Greetings, I'm trying to figure out a way to reject all mail signed with my domain. I know the only IP addresses that should be allowed to use @mydomain.com in the sender so all others can be rejected. Exim 4.52 - an ACL operates on the envelope sender. Not what I want right? SA 3.0 - will look at the header. Do I write a custom rule? MS 4.41 - With a custom rule in place do I whitelist my IP's here? SPF - I haven't looked into this yet. Should I start here? Sorry if this is a FAQ. I did look but might be using the wrong keywords. Thanks for any pointers. Scott Hancock ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 13 15:38:55 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:18 2006 Subject: DCC and RAZOR2 checks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Venkata Achanta wrote: > yes sir ;-), i did restart MS. Also i did a shut down -r now,but no > luck..... > > i would ask the same question if this didnt happen to me. No question is > silly ......Thanks for the response > > Anything else i should be checking? Have you done a --lint test? Please avoid top posting... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Wed Jul 13 16:03:59 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:30:18 2006 Subject: System variables in MailScanner.conf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>> Looks like it's a FreeBSD thing as my FreeBSD boxes (5.3 & 5.4) all >>> like >>> $HOST and 'Undefined Variable' $HOSTNAME >> > > Actually, just took a look at 'man bash', it says "HOSTNAME" automatically > set to the name of the current host. :-) > > Chen And something similar is mentioned for "HOST" in 'man tcsh'. csh (actually tcsh) is default root shell in freebsd if that was not clear. And by the way, if HOSTNAME is set in /root/.cshrc, "echo ${HOST}${HOSTNAME}" will return hostname twice, at least in terminal. If not set it will only return this error message: "HOSTNAME: Undefined variable." instead of any output at all. Not tested if output is different if not called from a terminal, though. -- Hilsen from Lars > >> Maybe HOSTNAME is set by the shell, works in bash. >> A grep for HOSTNAME returns among others these: >> /etc/profile: >> HOSTNAME=`/bin/hostname`; export HOSTNAME >> >> So you I guess you would have to put in >> /etc/csh.login or in ~/.cshrc >> setenv HOSTNAME `/bin/hostname` >> >> >> -- >> Med vennlig hilsen >> Lars Kristiansen >> >> A D V E N T U R A S >> Tlf: 22 20 59 90 >> Fax: 22 20 59 91 >> lars@adventuras.no >> http://www.adventuras.no >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > =========================================== > Yu Chen > Howard Hughes Medical Institute > Chemistry Building, Rm 182 > University of Maryland at Baltimore County > 1000 Hilltop Circle > Baltimore, MD 21250 > > phone: (410)455-6347 (primary) > (410)455-2718 (secondary) > fax: (410)455-1174 > email: chen@hhmi.umbc.edu > =========================================== > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 16:17:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:18 2006 Subject: System variables in MailScanner.conf Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 13 Jul 2005, at 16:03, Lars Kristiansen wrote: >>>> Looks like it's a FreeBSD thing as my FreeBSD boxes (5.3 & 5.4) all >>>> like >>>> $HOST and 'Undefined Variable' $HOSTNAME >>>> >>> >>> >> >> Actually, just took a look at 'man bash', it says "HOSTNAME" >> automatically >> set to the name of the current host. :-) >> >> Chen >> > > And something similar is mentioned for "HOST" in 'man tcsh'. > csh (actually tcsh) is default root shell in freebsd if that was > not clear. > > And by the way, if HOSTNAME is set in /root/.cshrc, > "echo ${HOST}${HOSTNAME}" will return hostname twice, at least in > terminal. > If not set it will only return this error message: > "HOSTNAME: Undefined variable." instead of any output at all. > Not tested if output is different if not called from a terminal, > though. > > -- > Hilsen from Lars > > > >> >> >>> Maybe HOSTNAME is set by the shell, works in bash. >>> A grep for HOSTNAME returns among others these: >>> /etc/profile: >>> HOSTNAME=`/bin/hostname`; export HOSTNAME >>> >>> So you I guess you would have to put in >>> /etc/csh.login or in ~/.cshrc >>> setenv HOSTNAME `/bin/hostname` In MailScanner, it will be started from a /bin/sh at boot time, I believe. And since it looks them up in %ENV there isn't any scope for error messages, just empty values for keys that don't exist. So $ {HOSTNAME}${HOST} should be reasonably safe to use. Give it a try and see what happens on your systems. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtUwpRH2WUcUFbZUEQJrlACgoQkNuvzEBPY9brd+YyS7crBuVUUAoInU LHq9B1cd8jkMmRIhu5GTRNoP =sM/2 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Wed Jul 13 16:25:21 2005 From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com) Date: Thu Jan 12 21:30:18 2006 Subject: installation trouble RH7.2 Message-ID: At 07:46 PM 7/12/2005, you wrote: >7/12/05 > >Thanks for reading. Suggestions appreciated. If you are going to tell me >to read documentation, please be specific about which documentation >where. I tried unsuccessfully to find some applicable docs myself before >sending this. I will read. > >The server I am attempting to install MailScanner on has: >RedHat v 7.2 >perl, v5.6.0 built for i386-linux >sendmail Hello Meryll, I saw no replies. Did you receive instructions off list? Why RedHat 7.2? Pretty old. Have you looked at Whitebox or CentOS? As for your errors.. most certainly the old Perl version you are running, installed default with RedHat 7.2. Cheers, Glenn Parsons ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From danc at BLUESTARSHOWS.COM Wed Jul 13 16:34:12 2005 From: danc at BLUESTARSHOWS.COM (Dan Carl) Date: Thu Jan 12 21:30:18 2006 Subject: howto stop 1 users outgong mail from being scanned & headers Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Dan Carl wrote: > > > >> I have a user named "mailer" that I use to send bulk emails. > >> I don't want Mailscanner to scan or change headers on any of its > >> outgoing > >> mail. > >> I made a virus.scanning.rules listed below. > >> From: mailer@mydomain.com no > >> FromOrTo: default yes > >> > >> and a signing rule as follows > >> From: mailer@mydomain.com no > >> FromOrTo: default yes > >> > >> When I send emails they are still sent via Mailscanner > >> > >> > > > And besides, you want messages not to be "touched" by MailScanner, so > why not set an additional MTA process on a different port to take care > of this? This sounds like the best solution. Could you elaborate on how to do this. Tried google and did some experimenting without success. example: DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=25025,Addr=127.0.0.1, Name=MTA-2')dnl MTA is sendmail. > In any case, I hope this "bulk email" you talk about is not spam. I've > started to notice local spammers and local ISP-friendly spammers are > starting to use MailScanner, "amavisd", SpamAssassin's milter, and other > antispam tools. Ironic. I email coupons to past attendees, we happen to have 1000's of them. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jul 13 16:42:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Hancock, Scott wrote: > >>SA 3.0 - will look at the header. Do I write a custom rule? > > > You could, it would have to be a group of 3 rules, 1 checks the received to see > if it's your domain, 1 checks the from to see if it is your domain, and a meta > rule that fires if the from matches but received doesn't. For reference, a simple rule to this effect would look something like this: header _L_FROM_EVI From =~/\@.{0,15}evi-inc\.com/ header _L_RCVD_EVI Received =~/\.evi-inc\.com\b/ meta L_FORGED_EVI (_L_FROM_EVI && ! _L_RCVD_EVI) But the received check probably needs considerable refinement. (ie: look for that to be the "from" part of a Received: header, as it will probably FN due to matching the "by" part of the header) However, that's a start for you.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jul 13 16:32:24 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hancock, Scott wrote: > Greetings, > > I'm trying to figure out a way to reject all mail signed with my domain. > I know the only IP addresses that should be allowed to use @mydomain.com > in the sender so all others can be rejected. > > Exim 4.52 - an ACL operates on the envelope sender. Not what I want > right? Right, although you could get some value from checking the envelope sender. It wouldn't be a comprehensive solution, but it would be a start. (A lot of forged messages have the envelope sender matching the From: header, such as most of the viruses that forge mail from "webmaster@mydomain.com") > > SA 3.0 - will look at the header. Do I write a custom rule? You could, it would have to be a group of 3 rules, 1 checks the received to see if it's your domain, 1 checks the from to see if it is your domain, and a meta rule that fires if the from matches but received doesn't. > > MS 4.41 - With a custom rule in place do I whitelist my IP's here? > > SPF - I haven't looked into this yet. Should I start here? SPF would work very well for this. Forgery detection is really what SPF is designed to do. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jul 13 17:13:14 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:18 2006 Subject: OT: Aeron chairs Message-ID: > I decided against the Aeron, and went for a Humanscale "Freedom" > chair instead. Due at the very end of this month. How much was it? Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 13 18:03:38 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:18 2006 Subject: howto stop 1 users outgong mail from being scanned & headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Carl wrote: >>>Dan Carl wrote: >>> >>> >>> >>>>I have a user named "mailer" that I use to send bulk emails. >>>>I don't want Mailscanner to scan or change headers on any of its >>>>outgoing >>>>mail. >>>>I made a virus.scanning.rules listed below. >>>>From: mailer@mydomain.com no >>>>FromOrTo: default yes >>>> >>>>and a signing rule as follows >>>>From: mailer@mydomain.com no >>>>FromOrTo: default yes >>>> >>>>When I send emails they are still sent via Mailscanner >>>> >>>> >>>> >>>> >>And besides, you want messages not to be "touched" by MailScanner, so >>why not set an additional MTA process on a different port to take care >>of this? >> >> >This sounds like the best solution. >Could you elaborate on how to do this. >Tried google and did some experimenting without success. >example: >DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl >DAEMON_OPTIONS(`Port=25025,Addr=127.0.0.1, Name=MTA-2')dnl > >MTA is sendmail. > > > >>In any case, I hope this "bulk email" you talk about is not spam. I've >>started to notice local spammers and local ISP-friendly spammers are >>starting to use MailScanner, "amavisd", SpamAssassin's milter, and other >>antispam tools. Ironic. >> >> >I email coupons to past attendees, we happen to have 1000's of them. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Remember how you "turn off sendmail" when you "turn on MailScanner" so that mailscanner "calls" sendmail? Well, you'd turn on sendmail by itself, apart from MailScanner - but with a twist. You can go with one of two options: 1. Add "-ODaemonPortOptions=Port=25025,Addr=127.0.0.1,Name=MTA-2" to the sendmail program called by /etc/rc.d/init.d/sendmail or, 2. Create a new sendmail.mc called sendmail.local.mc, for example, add "DAEMON_OPTIONS(`Port=25025,Addr=127.0.0.1, Name=MTA-2')dnl" to it. Compile it using m4 < /etc/mail/sendmail.local.mc > /etc/mail/sendmail.local.cf, and add -C /etc/mail/sendmail.local.cf to whatever parameters sendmail starts with in /etc/rc.d/init.d/sendmail. This also fixes the "my messages come out garbled when sent from apache" problem nobody seems to have figured out yet. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From HancockS at MORGANCO.COM Wed Jul 13 18:56:52 2005 From: HancockS at MORGANCO.COM (Hancock, Scott) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: Matt, >> SPF - I haven't looked into this yet. Should I start here? > SPF would work very well for this. Forgery detection is really what SPF is designed to do. It looks like I should learn more about SPF before going the custom rule route. Thanks for the help. Scott ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jul 13 19:27:01 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hancock, Scott wrote: > Matt, > > >>>SPF - I haven't looked into this yet. Should I start here? > > >>SPF would work very well for this. Forgery detection is really what > > SPF is designed to do. > > It looks like I should learn more about SPF before going the custom rule > route. Actually you should first look into the Custom Ruleset. While SPF is a nice thought it does not work at all. I have seen enough messages that have been marked as valid Spam and had a SPF_PASS header in them. - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFC1Vz1PMoaMn4kKR4RAn5LAJ4xpnkE0v65VN4IdDu3S7TwhcbaRQCdG0Vp dQQLybJhnR9ku2eneVj9Syg= =/hmN -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 19:56:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David H. wrote: >Hancock, Scott wrote: > > >>Matt, >> >> >> >>>>SPF - I haven't looked into this yet. Should I start here? >>>> >>>> >> >> >>>SPF would work very well for this. Forgery detection is really what >>> >>> >>SPF is designed to do. >> >>It looks like I should learn more about SPF before going the custom rule >>route. >> >> > >Actually you should first look into the Custom Ruleset. While SPF is a nice >thought it does not work at all. I have seen enough messages that have been >marked as valid Spam and had a SPF_PASS header in them. > > I have seen claims that the only people who have really adopted SPF so far are the spammers themselves. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtVj9RH2WUcUFbZUEQLYeQCgzH4oXemRSFrbrChe08FWHHlpCp8AoKYh IbieNIm6y5U4cAEt5LrJlf7R =jYje -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jul 13 19:57:57 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David H. wrote: > > > Actually you should first look into the Custom Ruleset. While SPF is a nice > thought it does not work at all. I have seen enough messages that have been > marked as valid Spam and had a SPF_PASS header in them. Er, so what? SPF can pass for spam, that's perfectly normal. It's even expected. That's why SPF_PASS only has a -0.001 point score. SPF IS NOT a spam detection technology. If anyone else tells you different they're full of *explicative*. SPF is a forgery detection technology. Period. Do not expect it to pass for all nonspam and fail for all spam. That's not what SPF is for, or what it does, or what it could possibly ever become based on it's specs. While SPF isn't a reliable spam detection technology, it is a good forgery detector. And the fact that a message is forged is a good sign something is wrong. Thus SPF failure is useful in spam filter, while spf passing is merely informative about the source, but doesn't tell you anything about it's spamminess. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 13 19:58:57 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:18 2006 Subject: OT Changing the locahost.localdomain value Message-ID: > > Hi! > > > When I get emails from my MailScanner machine they are from: > > postmaster@localhost.localdomain for example. > > > > How can I change this to what I want it to? > > > > If I type host it returns: WoodenMS.woodmaclaw.local which is what I > > want it to be. > > Most likely you need to fix your /etc/hosts or your sendmail.cf > > Bye, > Raymond. > I edited the /etc/hosts file and got it. Thank you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jul 13 20:06:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > I have seen claims that the only people who have really adopted SPF so > far are the spammers themselves. > So far both spammers and those who understand SPF have adopted it. I have, AOL has, even jiscmail.ac.uk has adopted it.. (dig txt jiscmail.ac.uk) Lots of nonspammers have SPF records in use. Those who don't understand SPF claim it's useless because they expect it to be an anti-spam technology and realize that spammers can easily create their own SPF records... But that whole argument is invalid as SPF isn't an anti-spam technology per-se. Passing SPF isn't a good indicator of nonspam. It's forgable, and we all know it. It's failing SPF that's useful, as it will eventualy force spammers and worms to stop forging their domains, making them easier to track. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 13 20:07:54 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:18 2006 Subject: OT Configuring DCC and Razor Message-ID: I am trying to get these to work. They might be working but I want to see if I need to fix these errors in the spamassassin lint test or ignore them. I have read the documentation that comes with them, however I cannot make complete sense of them with knowing what I need to do. Versions: Razor = 2.75 DCC = 1.3.5 So the latest versions. 1) Razor Here are my lint entries: Razor-Log: Computed razorhome from env: /var/www/.razor Razor-Log: No razorhome found, using all defaults 0.00042 Razor-Log: No razor-agent.conf found, using defaults. (I have a conf file in /root/.razor/razor-agent.conf) Jul 13 13:51:04.427940 check[26890]: [ 7] Can't read file servers.discovery.lst, looking relative to 0.0004 Jul 13 13:51:04.428288 check[26890]: [ 5] Can't read file /servers.discovery.lst: No such file or directory 0.00033 Jul 13 13:51:04.428610 check[26890]: [ 7] Can't read file servers.nomination.lst, looking relative to 0.00032 Jul 13 13:51:04.428899 check[26890]: [ 5] Can't read file /servers.nomination.lst: No such file or directory 0.0003 Jul 13 13:51:04.429197 check[26890]: [ 7] Can't read file servers.catalogue.lst, looking relative to 0.00029 Jul 13 13:51:04.429482 check[26890]: [ 5] Can't read file /servers.catalogue.lst: No such file or directory 2) DCC debug: DCC is available: /usr/local/bin/dccproc debug: DCC: got response: /var/dcc/map is not private debug: DCC -> check failed: no X-DCC returned (did you create a map file?): /var/dcc/map is not private Thank you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 13 20:15:53 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:18 2006 Subject: OT Configuring DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: > I am trying to get these to work. They might be working but I want to > see if I need to fix these errors in the spamassassin lint test or > ignore them. I have read the documentation that comes with them, > however I cannot make complete sense of them with knowing what I need to > do. > > Versions: > Razor = 2.75 > DCC = 1.3.5 > > So the latest versions. > > 1) Razor > Here are my lint entries: > > Razor-Log: Computed razorhome from env: /var/www/.razor > Razor-Log: No razorhome found, using all defaults 0.00042 > Razor-Log: No razor-agent.conf found, using defaults. > (I have a conf file in /root/.razor/razor-agent.conf) > > > Jul 13 13:51:04.427940 check[26890]: [ 7] Can't read file > servers.discovery.lst, looking relative to 0.0004 > Jul 13 13:51:04.428288 check[26890]: [ 5] Can't read file > /servers.discovery.lst: No such file or directory 0.00033 > Jul 13 13:51:04.428610 check[26890]: [ 7] Can't read file > servers.nomination.lst, looking relative to 0.00032 > Jul 13 13:51:04.428899 check[26890]: [ 5] Can't read file > /servers.nomination.lst: No such file or directory 0.0003 > Jul 13 13:51:04.429197 check[26890]: [ 7] Can't read file > servers.catalogue.lst, looking relative to 0.00029 > Jul 13 13:51:04.429482 check[26890]: [ 5] Can't read file > /servers.catalogue.lst: No such file or directory > > 2) DCC > debug: DCC is available: /usr/local/bin/dccproc > debug: DCC: got response: /var/dcc/map is not private > debug: DCC -> check failed: no X-DCC returned (did you create a map > file?): /var/dcc/map is not private > > > Thank you > Are you running the lint test through MailWatch? Try the command-line instead (different user). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 20:29:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Kettler wrote: >Julian Field wrote: > > > >>I have seen claims that the only people who have really adopted SPF so >>far are the spammers themselves. >> >> >> > >So far both spammers and those who understand SPF have adopted it. I have, AOL >has, even jiscmail.ac.uk has adopted it.. (dig txt jiscmail.ac.uk) > >Lots of nonspammers have SPF records in use. > > Those who don't understand SPF claim it's useless because they expect it to be >an anti-spam technology and realize that spammers can easily create their own >SPF records... But that whole argument is invalid as SPF isn't an anti-spam >technology per-se. > >Passing SPF isn't a good indicator of nonspam. It's forgable, and we all know >it. It's failing SPF that's useful, as it will eventualy force spammers and >worms to stop forging their domains, making them easier to track. > > Agreed. I have users in my department who post messages claiming to be from their ecs.soton.ac.uk account, using SMTP servers all over the place, as we have had people using mail long before SMTP AUTH came along. Getting them to all use authenticated SMTP and our SMTP servers isn't really practical, especially with the emergence of networks who trap all outgoing SMTP connections and divert them to their own servers. The result is that we can't publish a useful SPF record. At least I don't think we can. Is there a way of publishing an SPF record that says nothing useful? :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtVrnRH2WUcUFbZUEQL15wCgnZ4DFnxqszdQVt7RYKYwNwiJtDsAoM/e 8pYkh60huH+QH5zY7lLRAY89 =slju -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 13 20:31:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:18 2006 Subject: OT Configuring DCC and Razor Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Billy A. Pumphrey wrote: >I am trying to get these to work. They might be working but I want to >see if I need to fix these errors in the spamassassin lint test or >ignore them. I have read the documentation that comes with them, >however I cannot make complete sense of them with knowing what I need to >do. > >Versions: >Razor = 2.75 >DCC = 1.3.5 > >So the latest versions. > >1) Razor >Here are my lint entries: > >Razor-Log: Computed razorhome from env: /var/www/.razor >Razor-Log: No razorhome found, using all defaults 0.00042 >Razor-Log: No razor-agent.conf found, using defaults. > (I have a conf file in /root/.razor/razor-agent.conf) > > >Jul 13 13:51:04.427940 check[26890]: [ 7] Can't read file >servers.discovery.lst, looking relative to 0.0004 >Jul 13 13:51:04.428288 check[26890]: [ 5] Can't read file >/servers.discovery.lst: No such file or directory 0.00033 >Jul 13 13:51:04.428610 check[26890]: [ 7] Can't read file >servers.nomination.lst, looking relative to 0.00032 >Jul 13 13:51:04.428899 check[26890]: [ 5] Can't read file >/servers.nomination.lst: No such file or directory 0.0003 >Jul 13 13:51:04.429197 check[26890]: [ 7] Can't read file >servers.catalogue.lst, looking relative to 0.00029 >Jul 13 13:51:04.429482 check[26890]: [ 5] Can't read file >/servers.catalogue.lst: No such file or directory > > You are not running MailScanner as root, so it won't be using /root/.razor. It's running as whatever user has /var/www as its home, and you could put the .razor directory in there (and make it writeable by that user). >2) DCC >debug: DCC is available: /usr/local/bin/dccproc >debug: DCC: got response: /var/dcc/map is not private >debug: DCC -> check failed: no X-DCC returned (did you create a map >file?): /var/dcc/map is not private > > Check the permissions on /var/dcc. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtVsFxH2WUcUFbZUEQLU+QCfWwX7JAQzsdJbhbnmeueiSsn9JAMAoNPC CzzRfGK4mI9m3RJQW+FxT8kE =yz3F -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 13 20:57:07 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Matt Kettler wrote: > > >>>Julian Field wrote: >>> >>> >>> >>> >>>>I have seen claims that the only people who have really adopted SPF so >>>>far are the spammers themselves. >>>> >>>> >>>> >>> >>>So far both spammers and those who understand SPF have adopted it. I have, AOL >>>has, even jiscmail.ac.uk has adopted it.. (dig txt jiscmail.ac.uk) >>> >>>Lots of nonspammers have SPF records in use. >>> >>>Those who don't understand SPF claim it's useless because they expect it to be >>>an anti-spam technology and realize that spammers can easily create their own >>>SPF records... But that whole argument is invalid as SPF isn't an anti-spam >>>technology per-se. >>> >>>Passing SPF isn't a good indicator of nonspam. It's forgable, and we all know >>>it. It's failing SPF that's useful, as it will eventualy force spammers and >>>worms to stop forging their domains, making them easier to track. >>> >>> > > Agreed. I have users in my department who post messages claiming to be > from their ecs.soton.ac.uk account, using SMTP servers all over the > place, as we have had people using mail long before SMTP AUTH came > along. Getting them to all use authenticated SMTP and our SMTP servers > isn't really practical, especially with the emergence of networks who > trap all outgoing SMTP connections and divert them to their own servers. > > The result is that we can't publish a useful SPF record. At least I > don't think we can. > Is there a way of publishing an SPF record that says nothing useful? :-) > Actually, yes... if you use a tilde (~) instead of a dash (-), it only generates softfails... It is almost like saying nothing useful... http://spf.pobox.com/mechanisms.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wintermutecx at gmail.com Wed Jul 13 21:14:27 2005 From: wintermutecx at gmail.com (Dave) Date: Thu Jan 12 21:30:18 2006 Subject: majordomo, double scan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I set up mailscanner on a server that mostly does majordomo mailing lists, each message is double scanned. I tried putting in a white list for owner-listname@. Does the white list disable scanning of the entire message? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 13 21:33:47 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:18 2006 Subject: OT Configuring DCC and Razor Message-ID: > Billy A. Pumphrey wrote: > > >I am trying to get these to work. They might be working but I want to > >see if I need to fix these errors in the spamassassin lint test or > >ignore them. I have read the documentation that comes with them, > >however I cannot make complete sense of them with knowing what I need to > >do. > > > >Versions: > >Razor = 2.75 > >DCC = 1.3.5 > > > >So the latest versions. > > > >1) Razor > >Here are my lint entries: > > > >Razor-Log: Computed razorhome from env: /var/www/.razor > >Razor-Log: No razorhome found, using all defaults 0.00042 > >Razor-Log: No razor-agent.conf found, using defaults. > > (I have a conf file in /root/.razor/razor-agent.conf) > > > > > >Jul 13 13:51:04.427940 check[26890]: [ 7] Can't read file > >servers.discovery.lst, looking relative to 0.0004 > >Jul 13 13:51:04.428288 check[26890]: [ 5] Can't read file > >/servers.discovery.lst: No such file or directory 0.00033 > >Jul 13 13:51:04.428610 check[26890]: [ 7] Can't read file > >servers.nomination.lst, looking relative to 0.00032 > >Jul 13 13:51:04.428899 check[26890]: [ 5] Can't read file > >/servers.nomination.lst: No such file or directory 0.0003 > >Jul 13 13:51:04.429197 check[26890]: [ 7] Can't read file > >servers.catalogue.lst, looking relative to 0.00029 > >Jul 13 13:51:04.429482 check[26890]: [ 5] Can't read file > >/servers.catalogue.lst: No such file or directory > > > > > You are not running MailScanner as root, so it won't be using > /root/.razor. It's running as whatever user has /var/www as its home, > and you could put the .razor directory in there (and make it writeable > by that user). > > >2) DCC > >debug: DCC is available: /usr/local/bin/dccproc > >debug: DCC: got response: /var/dcc/map is not private > >debug: DCC -> check failed: no X-DCC returned (did you create a map > >file?): /var/dcc/map is not private > > > > > > Check the permissions on /var/dcc. > > - -- I had changed the permissions of the map file to 777. The permissions for the /var/dcc is: drwxr-xr-x root root Should it be: drwxrwxr-x ? The only permission that I know thus far is 777 and I try to avoid using it or I would try drwxrwxr-x. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 13 21:27:28 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:18 2006 Subject: majordomo, double scan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave wrote: > I set up mailscanner on a server that mostly does majordomo mailing > lists, each message is double scanned. I tried putting in a white list > for owner-listname@. Does the white list disable scanning of the > entire message? > White list still scans for everything, but then it doesn't care about the score. You may want to create a ruleset for 'Use SpamAssassin' instead. Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From danc at BLUESTARSHOWS.COM Wed Jul 13 21:46:33 2005 From: danc at BLUESTARSHOWS.COM (Dan Carl) Date: Thu Jan 12 21:30:18 2006 Subject: howto stop 1 users outgong mail from being scanned & headers "SOLVED" Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Works great, thanks for your help Alex. ----- Original Message ----- From: "Alex Neuman van der Hans" To: Sent: Wednesday, July 13, 2005 12:03 PM Subject: Re: howto stop 1 users outgong mail from being scanned & headers > Dan Carl wrote: > > >>>Dan Carl wrote: > >>> > >>> > >>> > >>>>I have a user named "mailer" that I use to send bulk emails. > >>>>I don't want Mailscanner to scan or change headers on any of its > >>>>outgoing > >>>>mail. > >>>>I made a virus.scanning.rules listed below. > >>>>From: mailer@mydomain.com no > >>>>FromOrTo: default yes > >>>> > >>>>and a signing rule as follows > >>>>From: mailer@mydomain.com no > >>>>FromOrTo: default yes > >>>> > >>>>When I send emails they are still sent via Mailscanner > >>>> > >>>> > >>>> > >>>> > >>And besides, you want messages not to be "touched" by MailScanner, so > >>why not set an additional MTA process on a different port to take care > >>of this? > >> > >> > >This sounds like the best solution. > >Could you elaborate on how to do this. > >Tried google and did some experimenting without success. > >example: > >DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > >DAEMON_OPTIONS(`Port=25025,Addr=127.0.0.1, Name=MTA-2')dnl > > > >MTA is sendmail. > > > > > > > >>In any case, I hope this "bulk email" you talk about is not spam. I've > >>started to notice local spammers and local ISP-friendly spammers are > >>starting to use MailScanner, "amavisd", SpamAssassin's milter, and other > >>antispam tools. Ironic. > >> > >> > >I email coupons to past attendees, we happen to have 1000's of them. > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > Remember how you "turn off sendmail" when you "turn on MailScanner" so > that mailscanner "calls" sendmail? > > Well, you'd turn on sendmail by itself, apart from MailScanner - but > with a twist. You can go with one of two options: > > 1. Add "-ODaemonPortOptions=Port=25025,Addr=127.0.0.1,Name=MTA-2" to the > sendmail program called by /etc/rc.d/init.d/sendmail or, > 2. Create a new sendmail.mc called sendmail.local.mc, for example, add > "DAEMON_OPTIONS(`Port=25025,Addr=127.0.0.1, Name=MTA-2')dnl" to it. > Compile it using m4 < /etc/mail/sendmail.local.mc > > /etc/mail/sendmail.local.cf, and add -C /etc/mail/sendmail.local.cf to > whatever parameters sendmail starts with in /etc/rc.d/init.d/sendmail. > > This also fixes the "my messages come out garbled when sent from apache" > problem nobody seems to have figured out yet. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jul 13 21:25:24 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 7/13/2005 11:56 AM: > David H. wrote: > > >>>Hancock, Scott wrote: >>> >>> >>> >>>>Matt, >>>> >>>> >>>> >>>> >>>>>>SPF - I haven't looked into this yet. Should I start here? >>>>>> >>>>>> >>>> >>>> >>>> >>>> >>>>>SPF would work very well for this. Forgery detection is really what >>>>> >>>>> >>>> >>>>SPF is designed to do. >>>> >>>>It looks like I should learn more about SPF before going the custom rule >>>>route. >>>> >>>> >>> >>>Actually you should first look into the Custom Ruleset. While SPF is a nice >>>thought it does not work at all. I have seen enough messages that have been >>>marked as valid Spam and had a SPF_PASS header in them. >>> >>> > > I have seen claims that the only people who have really adopted SPF so > far are the spammers themselves. > I did just so my bosses could interact with AOL mail addresses! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Wed Jul 13 21:43:58 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:30:18 2006 Subject: mailscanner + spamassassin vs assp Message-ID: I saw it blocks allready virusses at MTA level (clamav). And you can forward misjuged ham and spam mail to ham and spam mailadresses. Koen David Curtis Sent by: MailScanner mailing list 12/07/2005 22:42 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: mailscanner + spamassassin vs assp I tried many, many spam fighting software programs and have never been more impressed with a product as MailScanner. It took me a while to get every thing the way I wanted because I am new to linux. I tried ASSP and it is good but I don't think nearly as good as MailScanner. I had also found it to be pretty light weight and not as configurable. Maybe I missed some features but I did not see options to add to ASSP like external virus scanners. I have never subscribed to the ASSP mailing list but I can tell you that the mailscanner mailing list is worth its wait in gold. I have been running mailscanner for many months now and it is rock solid. I have become so comfortable with it that I have started to install it in some of my customers networks. Just my 2cents. >>> kte@NEXIS.BE 7/12/2005 3:37:37 PM >>> What is the difference between mailscanner an assp?? http://assp.sourceforge.net/ I like to make a good chose. Easy config + good results. Has anyoe has some idea's?? Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Wed Jul 13 22:22:29 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:18 2006 Subject: OT Configuring DCC and Razor Message-ID: > > Billy A. Pumphrey wrote: > > I am trying to get these to work. They might be working but I want to > > see if I need to fix these errors in the spamassassin lint test or > > ignore them. I have read the documentation that comes with them, > > however I cannot make complete sense of them with knowing what I need to > > do. > > > > Versions: > > Razor = 2.75 > > DCC = 1.3.5 > > > > So the latest versions. > > > > 1) Razor > > Here are my lint entries: > > > > Razor-Log: Computed razorhome from env: /var/www/.razor > > Razor-Log: No razorhome found, using all defaults 0.00042 > > Razor-Log: No razor-agent.conf found, using defaults. > > (I have a conf file in /root/.razor/razor-agent.conf) > > > > > > Jul 13 13:51:04.427940 check[26890]: [ 7] Can't read file > > servers.discovery.lst, looking relative to 0.0004 > > Jul 13 13:51:04.428288 check[26890]: [ 5] Can't read file > > /servers.discovery.lst: No such file or directory 0.00033 > > Jul 13 13:51:04.428610 check[26890]: [ 7] Can't read file > > servers.nomination.lst, looking relative to 0.00032 > > Jul 13 13:51:04.428899 check[26890]: [ 5] Can't read file > > /servers.nomination.lst: No such file or directory 0.0003 > > Jul 13 13:51:04.429197 check[26890]: [ 7] Can't read file > > servers.catalogue.lst, looking relative to 0.00029 > > Jul 13 13:51:04.429482 check[26890]: [ 5] Can't read file > > /servers.catalogue.lst: No such file or directory > > > > 2) DCC > > debug: DCC is available: /usr/local/bin/dccproc > > debug: DCC: got response: /var/dcc/map is not private > > debug: DCC -> check failed: no X-DCC returned (did you create a map > > file?): /var/dcc/map is not private > > > > > > Thank you > > > > Are you running the lint test through MailWatch? > > Try the command-line instead (different user). > Yes, this is the lint through mailwatch. I ran the command: spamassassin --prefs-file=/etc/MailScanner/spam.as sassin.prefs.conf -D --lint Razor = Seemed to clear up the errors. Does this mean that razor is good to go? DCC = errors still there. Razor: debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: read_file: 17 items read from /root/.razor/razor-agent.conf Jul 13 16:15:44.852046 check[5125]: [ 2] [bootup] Logging initiated LogDebugLeve l=9 to stdout Jul 13 16:15:44.853450 check[5125]: [ 5] computed razorhome=/root/.razor, conf=/ root/.razor/razor-agent.conf, ident=/root/.razor/identity-ru9pIXpT9E Jul 13 16:15:44.854196 check[5125]: [ 8] Client supported_engines: 4 8 Jul 13 16:15:44.855465 check[5125]: [ 8] prep_mail done: mail 1 headers=93, mim e0=1376 Jul 13 16:15:44.856524 check[5125]: [ 5] read_file: 1 items read from /root/.raz or/servers.discovery.lst Jul 13 16:15:44.857617 check[5125]: [ 5] read_file: 2 items read from /root/.raz or/servers.nomination.lst Jul 13 16:15:44.858569 check[5125]: [ 5] read_file: 1 items read from /root/.raz or/servers.catalogue.lst Jul 13 16:15:44.859915 check[5125]: [ 9] Assigning defaults to joy.cloudmark.com Jul 13 16:15:44.872675 check[5125]: [ 9] Assigning defaults to folly.cloudmark.c om Jul 13 16:15:44.873564 check[5125]: [ 9] Assigning defaults to shock.cloudmark.c om Jul 13 16:15:44.876743 check[5125]: [ 5] read_file: 15 items read from /root/.ra zor/server.shock.cloudmark.com.conf Jul 13 16:15:44.879008 check[5125]: [ 5] read_file: 15 items read from /root/.ra zor/server.shock.cloudmark.com.conf Jul 13 16:15:44.881286 check[5125]: [ 5] read_file: 15 items read from /root/.ra zor/server.joy.cloudmark.com.conf Jul 13 16:15:44.883503 check[5125]: [ 5] read_file: 15 items read from /root/.ra zor/server.joy.cloudmark.com.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mll at SEA.ALASKAMARITIME.COM Wed Jul 13 22:43:58 2005 From: mll at SEA.ALASKAMARITIME.COM (Meryll Larkin) Date: Thu Jan 12 21:30:18 2006 Subject: uninstall question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 7/13/05 Hi, I didn't get any answers to my first inquiry, so I'm trying something simpler. I want to UNINSTALL MailScanner. I installed MailScanner-4.43.8-1.rpm.tar.gz (the latest version). The install didn't fully work. I think my problem might be beyond the scope of this list (maybe the Perl installation). In any case, when I attempted to UNINSTALL MailScanner: rpm -e mailscanner-4.43.8-1 It did NOT undo every change made by my attempt to install MailScanner. I need to rollback those changes. Any suggestions? TIA Meryll Larkin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Wed Jul 13 22:51:58 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:30:18 2006 Subject: MCP and Rulesets Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Using MS-4.43-7 Just starting to work with MCP and it is not clear if MCP supports rulesets. The comment claims they (MCP) are the equivalent of the spam options, but there is no comment as to IF MCP supports rulesets. IS anyone using rulesets with MCP, if so, which options # The rest of these options are clones of the equivalent spam options MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 Julian, perhaps you could add some comments in the MCP section as to what doews support rulesets. thanks Brad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Wed Jul 13 22:57:32 2005 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: On Wed, 2005-07-13 at 15:57 -0400, Ugo Bellavance wrote: > Julian Field wrote: > > The result is that we can't publish a useful SPF record. At least I > > don't think we can. > > Is there a way of publishing an SPF record that says nothing useful? :-) > > > > Actually, yes... if you use a tilde (~) instead of a dash (-), it only > generates softfails... It is almost like saying nothing useful... In fact there are four different levels, if you really wish to make no statement you should use ?all. Where you discourage users from sending through other servers use ~all. Where you are confident that all mail originates from your servers -all. Where you wish to indicate that mail may originate from anywhere +all. If you can't tie your users down to using your servers then you should probably publish a ?all or +all. I've done this for a couple of the domains I look after (the others are using -all because I can). I think its probably a good idea to do this as MSN and hotmail are saying they will block mail from domains without an SPF record from November. My understanding is that it is the presence or absence of an SPF record that will determine if mail is blocked, reading between the lines a permissive SPF record is acceptable. I agree that SPF will do little for spam (especially as so much spam and viruses now originate from zombie machines). However where it could be useful (depending on adoption) is in preventing joe-jobs and other forged mail (such as from worms). I guess this isn't as important to ISP's (or even public sector) but as an administrator in a corporate environment anything I can do to help protect our business from damage to our reputation potentially caused by forged mail is welcome. Also anything that reduces the number of calls I get along the lines of "Hello, I've just had a call from my client saying I sent them a virus" is welcome ;) ================================================================= KMR Group, KMR Software and BMRB have moved offices. Our new address is: Ealing Gateway 26-30 Uxbridge Road Ealing London W5 2BP t: 020 8433 4000 f: 020 8433 4001 All direct line numbers remain unchanged _________________________________________________________________ BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Wed Jul 13 23:00:19 2005 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:18 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: On Wed, 2005-07-13 at 22:57 +0100, Kevin Spicer wrote: > If you can't tie your users down to using your servers then you should > probably publish a ?all or +all. I've done this for a couple of the > domains I look after (the others are using -all because I can). I think > its probably a good idea to do this as MSN and hotmail are saying they > will block mail from domains without an SPF record from November. My > understanding is that it is the presence or absence of an SPF record > that will determine if mail is blocked, reading between the lines a > permissive SPF record is acceptable. Replying to myself because I forgot to say that I found this site... http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx ... rather easier to use than the spf record configurator on pobox's site. It also does spf v2 records for senderID. ================================================================= KMR Group, KMR Software and BMRB have moved offices. Our new address is: Ealing Gateway 26-30 Uxbridge Road Ealing London W5 2BP t: 020 8433 4000 f: 020 8433 4001 All direct line numbers remain unchanged _________________________________________________________________ BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 13 23:42:00 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:18 2006 Subject: howto stop 1 users outgong mail from being scanned & headers "SOLVED" Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dan Carl wrote: >Works great, thanks for your help Alex. > >----- Original Message ----- >From: "Alex Neuman van der Hans" >To: >Sent: Wednesday, July 13, 2005 12:03 PM >Subject: Re: howto stop 1 users outgong mail from being scanned & headers > > > > >>Dan Carl wrote: >> >> >> >>>>>Dan Carl wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>I have a user named "mailer" that I use to send bulk emails. >>>>>>I don't want Mailscanner to scan or change headers on any of its >>>>>>outgoing >>>>>>mail. >>>>>>I made a virus.scanning.rules listed below. >>>>>>From: mailer@mydomain.com no >>>>>>FromOrTo: default yes >>>>>> >>>>>>and a signing rule as follows >>>>>>From: mailer@mydomain.com no >>>>>>FromOrTo: default yes >>>>>> >>>>>>When I send emails they are still sent via Mailscanner >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>And besides, you want messages not to be "touched" by MailScanner, so >>>>why not set an additional MTA process on a different port to take care >>>>of this? >>>> >>>> >>>> >>>> >>>This sounds like the best solution. >>>Could you elaborate on how to do this. >>>Tried google and did some experimenting without success. >>>example: >>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl >>>DAEMON_OPTIONS(`Port=25025,Addr=127.0.0.1, Name=MTA-2')dnl >>> >>>MTA is sendmail. >>> >>> >>> >>> >>> >>>>In any case, I hope this "bulk email" you talk about is not spam. I've >>>>started to notice local spammers and local ISP-friendly spammers are >>>>starting to use MailScanner, "amavisd", SpamAssassin's milter, and other >>>>antispam tools. Ironic. >>>> >>>> >>>> >>>> >>>I email coupons to past attendees, we happen to have 1000's of them. >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>Remember how you "turn off sendmail" when you "turn on MailScanner" so >>that mailscanner "calls" sendmail? >> >>Well, you'd turn on sendmail by itself, apart from MailScanner - but >>with a twist. You can go with one of two options: >> >>1. Add "-ODaemonPortOptions=Port=25025,Addr=127.0.0.1,Name=MTA-2" to the >>sendmail program called by /etc/rc.d/init.d/sendmail or, >>2. Create a new sendmail.mc called sendmail.local.mc, for example, add >>"DAEMON_OPTIONS(`Port=25025,Addr=127.0.0.1, Name=MTA-2')dnl" to it. >>Compile it using m4 < /etc/mail/sendmail.local.mc > >>/etc/mail/sendmail.local.cf, and add -C /etc/mail/sendmail.local.cf to >>whatever parameters sendmail starts with in /etc/rc.d/init.d/sendmail. >> >>This also fixes the "my messages come out garbled when sent from apache" >>problem nobody seems to have figured out yet. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Glad to help! I'll try to post this to the wiki... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Jul 14 00:10:16 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:18 2006 Subject: DCC and RAZOR2 checks Message-ID: >>Have you done a --lint test? spamassassin -D --lint --prefs- file=/etc/MailScanner/spam.assassin.prefs.conf debug: SpamAssassin version 3.0.4 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/neo/bin', keeping. debug: PATH included '/neo/ms', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: Final PATH set to: /neo/bin:/neo/ms:/sbin:/bin:/usr/sbin:/usr/bin debug: diag: module installed: DBI, version 1.38 debug: diag: module installed: DB_File, version 1.807 debug: diag: module installed: Digest::SHA1, version 2.07 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.05 debug: diag: module installed: Net::DNS, version 0.40 debug: diag: module installed: Net::LDAP, version 0.31 debug: diag: module installed: Razor2::Client::Agent, version 2.61 debug: diag: module installed: Storable, version 2.07 debug: diag: module installed: URI, version 1.28 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/._cfg0000_local.cf debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf debug: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf debug: config: read file /etc/mail/spamassassin/antidrug.cf debug: config: read file /etc/mail/spamassassin/backhair.cf debug: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf debug: config: read file /etc/mail/spamassassin/chickenpox.cf debug: config: read file /etc/mail/spamassassin/french_rules.cf debug: config: read file /etc/mail/spamassassin/german-bounce.cf debug: config: read file /etc/mail/spamassassin/german.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/mime_validate.cf debug: config: read file /etc/mail/spamassassin/nazi.cf debug: config: read file /etc/mail/spamassassin/subject.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH (0x8ed0350) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH (0x8ecc9cc) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8f20d5c) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8ed0350) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8ecc9cc) implements 'parse_config' debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8ed0350) implements 'parsed_metadata' debug: dns_available set to yes in config file, skipping test debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8ecc9cc)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8f20d5c)) debug: SPF: message was delivered entirely via trusted relays, not required debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8ecc9cc)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8f20d5c)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8f20d5c)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8f20d5c)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8f20d5c)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8f20d5c)) debug: running body-text per-line regexp tests; score so far=-2.801 debug: running uri tests; score so far=-2.801 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8ed0350)) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8ed0350) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-2.801 debug: running full-text regexp tests; score so far=-2.801 debug: Current PATH is: /affant/bin:/affant/asav:/sbin:/bin:/usr/sbin:/usr/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 23870: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 debug: leaving helper-app run mode debug: DCCifd is available: /var/dcc/dccifd debug: entering helper-app run mode debug: DCCifd: got response: X-DCC-MessageCare-Metrics: asav 1108; Body=1998 Fuz1=260113 Fuz2=260057 debug: leaving helper-app run mode debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8ed0350) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.801 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.053 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: is spam? score=-1.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NO_REAL_NAME,__SANE _MSGID,__UNUSABLE_MSGID ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 14 00:16:57 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:18 2006 Subject: mail is not send after upgrading postfix + mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No idea what the fix is, but upgrading both of these at the same is always going to be risky. I would suggest upgrading one, dealing with any of the issues and then a day or more later upgrading the other....its different with stuff like DCC etc because you can turn it off. Meshbah Uddin Ahmed wrote: > Hi, > i m using postfix + mailscanner + clamav. after > upgrading postfix and mailscanner mails are not sent. > when i want to try send mail it is deferred 1st, chkin > and then requeued. after requeued it was not send. > > here is my postfix and mailscanner version info- > > # apt-show-versions -p postfix > postfix/testing uptodate 2.2.3-3 > # apt-show-versions -p mailscanner > mailscanner/testing uptodate 4.41.3-2 > > after requeued, in mail.log there is- > > MailScanner[17756]: Requeue: C03F8D6BC3.6F395 to > 3ACF67F404 > > > what can i do now to fix it, pls advice. > > thanks > meshbah > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Jul 14 00:31:21 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:18 2006 Subject: uninstall question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meryll Larkin wrote on Wed, 13 Jul 2005 14:43:58 -0700: > MailScanner-4.43.8-1.rpm.tar.gz > rpm -e mailscanner-4.43.8-1 > It did NOT undo every change made by my attempt to install MailScanner. Well, that's probably because you did not install "rpm -ivh MailScanner-4.43.8-1.rpm" but used install.sh (as recommended). That also installs the other Perl rpms coming with the tarball. If you want to go to the stage before installation you have to get rid of each of these Perl rpms as well. Problem is you don't know which of these you had already on board (so MS didn't install them again) and which were installed by MS. So, be careful about removing *all* of them. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 14 00:30:13 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:18 2006 Subject: uninstall question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rather than undo you may want to reconfigure? Do you want your MTA to continue to recieve email and not be scanned by MailScanner Have you tried turning off all the scanning options in MS? Meryll Larkin wrote: > 7/13/05 > > Hi, > > I didn't get any answers to my first inquiry, so I'm trying something simpler. > > I want to UNINSTALL MailScanner. I installed MailScanner-4.43.8-1.rpm.tar.gz (the latest version). The install didn't fully work. I think my problem might be beyond the scope of this list (maybe the Perl installation). > > In any case, when I attempted to UNINSTALL MailScanner: > rpm -e mailscanner-4.43.8-1 > > It did NOT undo every change made by my attempt to install MailScanner. I need to rollback those changes. > > Any suggestions? > > TIA > > Meryll Larkin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Jul 14 00:31:21 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:18 2006 Subject: Keyword Content filtering W/O SA? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote on Tue, 12 Jul 2005 15:55:26 -0600: > I can't install SA because it requires a > newer version of perl than what is installed on my MS boxes and I'm > not sure I need SA anyway. You are probably talking about ActivePerl. There's no problem upgrading that Perl in a few minutes. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Jul 14 00:31:21 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:18 2006 Subject: MCP and Rulesets Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brad Beckenhauer wrote on Wed, 13 Jul 2005 16:51:58 -0500: > Just starting to work with MCP and it is not clear if MCP supports > rulesets. The comment claims they > (MCP) are the equivalent of the > spam > options, but there is no comment as to IF MCP supports rulesets. > IS anyone using rulesets with MCP, if > so, which options MCP is a second spamassassin run, AFAIK it supports everything SA supports, simply because it *is* SA. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mll at SEA.ALASKAMARITIME.COM Thu Jul 14 02:27:31 2005 From: mll at SEA.ALASKAMARITIME.COM (Meryll Larkin) Date: Thu Jan 12 21:30:18 2006 Subject: uninstall question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks but no. I do know that I don't want to reconfigure. Meryll Larkin -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Peter Russell Sent: Wednesday, July 13, 2005 4:30 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: uninstall question Rather than undo you may want to reconfigure? Do you want your MTA to continue to recieve email and not be scanned by MailScanner Have you tried turning off all the scanning options in MS? Meryll Larkin wrote: > 7/13/05 > > Hi, > > I didn't get any answers to my first inquiry, so I'm trying something simpler. > > I want to UNINSTALL MailScanner. I installed MailScanner-4.43.8-1.rpm.tar.gz (the latest version). The install didn't fully work. I think my problem might be beyond the scope of this list (maybe the Perl installation). > > In any case, when I attempted to UNINSTALL MailScanner: > rpm -e mailscanner-4.43.8-1 > > It did NOT undo every change made by my attempt to install MailScanner. I need to rollback those changes. > > Any suggestions? > > TIA > > Meryll Larkin > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mll at SEA.ALASKAMARITIME.COM Thu Jul 14 02:34:44 2005 From: mll at SEA.ALASKAMARITIME.COM (Meryll Larkin) Date: Thu Jan 12 21:30:19 2006 Subject: uninstall question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 7/13/05 Thanks Kai, Actually, I DO want to uninstall ALL of them (rpm -e --nodeps modulename). Do you know where I might find a list? The ones that I had "onboard" I can reinstall via the RedHat 7.2 CD plus rpm updates (I've already prepared a temp directory to do exactly that). Then I can start from scratch and install an older version of MailScanner. I think that, considering the state of my server, this has the best chance of working. Thanks for the tip about install.sh vs rpm install. You are right I read the docs and followed directions. My mistake. Maybe I should just read the install.sh ??? Maybe it will give me a list. TIA, Meryll Larkin -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Kai Schaetzl Sent: Wednesday, July 13, 2005 4:31 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: uninstall question Meryll Larkin wrote on Wed, 13 Jul 2005 14:43:58 -0700: > MailScanner-4.43.8-1.rpm.tar.gz > rpm -e mailscanner-4.43.8-1 > It did NOT undo every change made by my attempt to install MailScanner. Well, that's probably because you did not install "rpm -ivh MailScanner-4.43.8-1.rpm" but used install.sh (as recommended). That also installs the other Perl rpms coming with the tarball. If you want to go to the stage before installation you have to get rid of each of these Perl rpms as well. Problem is you don't know which of these you had already on board (so MS didn't install them again) and which were installed by MS. So, be careful about removing *all* of them. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Thu Jul 14 02:45:55 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:30:19 2006 Subject: MCP and Rulesets Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yea, I setup a rule set to test it and I have it working, At this point, I think it's just a matter of asking Julian to add the appropiate comments to the MCP section to let everyone know which options can be rulesets. These are the options I have tested for rulesets, and are working. MCP Required SpamAssassin Score = MCP High SpamAssassin Score = 10 thanks Brad >>> Kai Schaetzl 7/13/2005 6:31:21 PM >>> Brad Beckenhauer wrote on Wed, 13 Jul 2005 16:51:58 -0500: > Just starting to work with MCP and it is not clear if MCP supports > rulesets. The comment claims they > (MCP) are the equivalent of the > spam > options, but there is no comment as to IF MCP supports rulesets. > IS anyone using rulesets with MCP, if > so, which options MCP is a second spamassassin run, AFAIK it supports everything SA supports, simply because it *is* SA. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Jul 14 10:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:19 2006 Subject: uninstall question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meryll Larkin wrote on Wed, 13 Jul 2005 18:34:44 -0700: > Do you know where I might > find a list? As I said they are all in the tarball. You unpacked the tarball, right? So, there are all the names ... > Then I can start from scratch and install an older version of > MailScanner. Hm, Red Hat 7.2 is quite old, isn't it? If it's the Perl version of it you are having problems with you would need to go to quite old MS versions as well. You should think about upgrading. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From philk at TCP.NET.UK Thu Jul 14 10:55:10 2005 From: philk at TCP.NET.UK (Phil Kendall) Date: Thu Jan 12 21:30:19 2006 Subject: Perl-SAVI causing MailScanner to core dump Message-ID: Hi, Hopefully someone can help us out here. We are using MailScanner version 4.43.8 with SpamAssassin 3.04 and sophos 3.95. When using sophos as the virus scanner everything works fine. When using sophossavi MailScanner core dumps when attempting initialise the locks. (uing flock) This was detected by running MailScanner in debug mode. It appears that MailScanner was failing on the eval routine in the initialise sub: eval { require MailScanner::Fcntl; import MailScanner::Fcntl (@MailScanner::Fcntl::EXPORT, @MailScanner::Fcntl::EXPORT_OK); 1; }; MailScanner -v produces: Running on SunOS newbox 5.8 Generic_108529-05 i86pc i386 i86pc This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.43.8 Module versions are: 1.00 AnyDBM_File 1.09 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 1.24 HTML::Entities 3.27 HTML::Parser 2.24 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.58 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.09 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: missing DB_File 1.05 Digest 1.01 Digest::HMAC 2.31 Digest::MD5 2.06 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.42 Net::DNS missing Net::LDAP missing Parse::RecDescent 0.30 SAVI Segmentation Fault (core dumped) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KevinS at BMRB.CO.UK Thu Jul 14 10:59:24 2005 From: KevinS at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:30:19 2006 Subject: Reject or tag email signed with @mydomain.com Message-ID: From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance >>>Julian Field wrote: >>>>I have seen claims that the only people who have really adopted SPF >>>>so far are the spammers themselves. >>> >>>So far both spammers and those who understand SPF have adopted it. I >>>have, AOL has, even jiscmail.ac.uk has adopted it.. (dig txt >>>jiscmail.ac.uk) Out of curiositiy I've just taken a look at my SPF related SpamAssassin hits over the last two weeks. I'm seeing about 95% of sucessful SPF checks being classified as ham, which is pretty posotive. I'm also seeing about 95% of SPF failures being classified as spam. The only major expection is the SPF HELO rules which show about 30% of failures as ham. Heres a summary of my figures... ` %HAM %SPAM SPF_HELO_PASS SPF: HELO matches SPF record 96.9 3.1 SPF_PASS SPF: sender matches SPF record 97.7 2.3 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 4.4 95.6 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) 7.6 92.4 SPF_FAIL SPF: sender does not match SPF record (fail) 6.1 93.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) 30.8 69.2 ================================================================= KMR Group, KMR Software and BMRB have moved offices. Our new address is: Ealing Gateway 26-30 Uxbridge Road Ealing London W5 2BP t: 020 8433 4000 f: 020 8433 4001 All direct line numbers remain unchanged _________________________________________________________________ BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 14 12:19:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:19 2006 Subject: Perl-SAVI causing MailScanner to core dump Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Take out that bit of code, doesn't do anything useful anyway. On 14 Jul 2005, at 10:55, Phil Kendall wrote: > Hi, > > Hopefully someone can help us out here. > > We are using MailScanner version 4.43.8 with SpamAssassin 3.04 and > sophos 3.95. > > When using sophos as the virus scanner everything works fine. > > When using sophossavi MailScanner core dumps when attempting > initialise the locks. (uing flock) > > This was detected by running MailScanner in debug mode. It appears > that MailScanner was failing on the eval routine in the initialise > sub: > > eval { > require MailScanner::Fcntl; > import MailScanner::Fcntl (@MailScanner::Fcntl::EXPORT, > @MailScanner::Fcntl::EXPORT_OK); > 1; > }; > > > > MailScanner -v produces: > > Running on > SunOS newbox 5.8 Generic_108529-05 i86pc i386 i86pc This is Perl > version 5.008000 (5.8.0) > > This is MailScanner version 4.43.8 > Module versions are: > 1.00 AnyDBM_File > 1.09 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.04 Fcntl > 2.71 File::Basename > 2.05 File::Copy > 2.01 FileHandle > 1.05 File::Path > 1.24 HTML::Entities > 3.27 HTML::Parser > 2.24 HTML::TokeParser > 1.20 IO > 1.09 IO::File > 1.122 IO::Pipe > 1.58 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.09 Net::CIDR > 1.05 POSIX > 1.75 Socket > 0.03 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > missing DB_File > 1.05 Digest > 1.01 Digest::HMAC > 2.31 Digest::MD5 > 2.06 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000004 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.42 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > 0.30 SAVI > Segmentation Fault (core dumped) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtZKUhH2WUcUFbZUEQIvowCg5bMPTXB9M3jMZdQsrVRz7cCu2mAAoI9g h5qqdEVWNBRKqtV6978UVVNY =h1K8 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 14 13:47:28 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >>Billy A. Pumphrey wrote: >> >>>I am trying to get these to work. They might be working but I want > > to > >>>see if I need to fix these errors in the spamassassin lint test or >>>ignore them. I have read the documentation that comes with them, >>>however I cannot make complete sense of them with knowing what I > > need to > >>>do. >>> >>>Versions: >>>Razor = 2.75 >>>DCC = 1.3.5 >>> >>>So the latest versions. >>> >>>1) Razor >>>Here are my lint entries: >>> >>>Razor-Log: Computed razorhome from env: /var/www/.razor >>>Razor-Log: No razorhome found, using all defaults 0.00042 >>>Razor-Log: No razor-agent.conf found, using defaults. >>> (I have a conf file in /root/.razor/razor-agent.conf) >>> >>> >>>Jul 13 13:51:04.427940 check[26890]: [ 7] Can't read file >>>servers.discovery.lst, looking relative to 0.0004 >>>Jul 13 13:51:04.428288 check[26890]: [ 5] Can't read file >>>/servers.discovery.lst: No such file or directory 0.00033 >>>Jul 13 13:51:04.428610 check[26890]: [ 7] Can't read file >>>servers.nomination.lst, looking relative to 0.00032 >>>Jul 13 13:51:04.428899 check[26890]: [ 5] Can't read file >>>/servers.nomination.lst: No such file or directory 0.0003 >>>Jul 13 13:51:04.429197 check[26890]: [ 7] Can't read file >>>servers.catalogue.lst, looking relative to 0.00029 >>>Jul 13 13:51:04.429482 check[26890]: [ 5] Can't read file >>>/servers.catalogue.lst: No such file or directory >>> >>>2) DCC >>>debug: DCC is available: /usr/local/bin/dccproc >>>debug: DCC: got response: /var/dcc/map is not private >>>debug: DCC -> check failed: no X-DCC returned (did you create a map >>>file?): /var/dcc/map is not private >>> >>> >>>Thank you >>> >> >>Are you running the lint test through MailWatch? >> >>Try the command-line instead (different user). >> > > > Yes, this is the lint through mailwatch. > I ran the command: spamassassin --prefs-file=/etc/MailScanner/spam.as > sassin.prefs.conf -D --lint > > Razor = Seemed to clear up the errors. Does this mean that razor is > good to go? Yes > DCC = errors still there. Have you checked the permissions on /var/dcc and /var/dcc/map? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at CASPERCOLLEGE.EDU Thu Jul 14 13:09:28 2005 From: dstraka at CASPERCOLLEGE.EDU (Daniel Straka) Date: Thu Jan 12 21:30:19 2006 Subject: SpamAssassin Install Issue, Perl Upgrade Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry if this is off-topic. I can't install SpamAssassin on my MS boxes because when I run the following SA install command "perl Makefile.PL", this is what is output "Perl v5.6.1 required--this is only v5.6.0, stopped at Makefile.PL line 2." Can I get around this? If I have to upgrade perl, is it easy and foolproof? Can anyone send me the steps to upgrade? Off-list replys are OK. Thanks, Dan Straka Casper College (307)268-2399 ** Visit Casper College Online at www.caspercollege.edu ** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 14 15:07:00 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:19 2006 Subject: SpamAssassin Install Issue, Perl Upgrade Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: > Sorry if this is off-topic. I can't install SpamAssassin on my MS boxes > because when I run the following SA install command "perl Makefile.PL", > this is what is output "Perl v5.6.1 required--this is only v5.6.0, > stopped at Makefile.PL line 2." > Can I get around this? If I have to upgrade perl, is it easy and > foolproof? Can anyone send me the steps to upgrade? Off-list replys are OK. What OS are you running? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at caspercollege.edu Thu Jul 14 15:32:17 2005 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Jan 12 21:30:19 2006 Subject: SpamAssassin Install Issue, Perl Upgrade Message-ID: RH 7.2 Date sent: Thu, 14 Jul 2005 10:07:00 -0400 Send reply to: MailScanner mailing list From: Ugo Bellavance Subject: Re: SpamAssassin Install Issue, Perl Upgrade To: MAILSCANNER@JISCMAIL.AC.UK > Daniel Straka wrote: > > Sorry if this is off-topic. I can't install SpamAssassin on my MS > > boxes because when I run the following SA install command "perl > > Makefile.PL", this is what is output "Perl v5.6.1 required--this is > > only v5.6.0, stopped at Makefile.PL line 2." Can I get around this? > > If I have to upgrade perl, is it easy and foolproof? Can anyone send > > me the steps to upgrade? Off-list replys are OK. > > What OS are you running? > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Dan Straka Academic Systems Specialist Casper College (307) 268-2399 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 14 15:45:25 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:19 2006 Subject: SpamAssassin Install Issue, Perl Upgrade Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: > RH 7.2 Woah... might be a better idea to upgrade to a supported version? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu Jul 14 16:22:55 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: > Billy A. Pumphrey wrote: > >>Billy A. Pumphrey wrote: > >> > >>>I am trying to get these to work. They might be working but I want > > > > to > > > >>>see if I need to fix these errors in the spamassassin lint test or > >>>ignore them. I have read the documentation that comes with them, > >>>however I cannot make complete sense of them with knowing what I > > > > need to > > > >>>do. > >>> > >>>Versions: > >>>Razor = 2.75 > >>>DCC = 1.3.5 > >>> > >>>So the latest versions. > >>> > >>>2) DCC > >>>debug: DCC is available: /usr/local/bin/dccproc > >>>debug: DCC: got response: /var/dcc/map is not private > >>>debug: DCC -> check failed: no X-DCC returned (did you create a map > >>>file?): /var/dcc/map is not private > >>> > >>> > >>>Thank you > >>> > >> > >>Are you running the lint test through MailWatch? > >> > >>Try the command-line instead (different user). > >> > > > > > > Yes, this is the lint through mailwatch. > > I ran the command: spamassassin --prefs-file=/etc/MailScanner/spam.as > > sassin.prefs.conf -D --lint > > > > Razor = Seemed to clear up the errors. Does this mean that razor is > > good to go? > > Yes > > > DCC = errors still there. > > Have you checked the permissions on /var/dcc and /var/dcc/map? > Yes. However but it looks like the map file is suppose to be private: -rw-------- When I do a cdcc 'info' I get: [root@WoodenMS dir]# cdcc 'info' # 07/14/05 10:12:51 EST /root/dir/map # Re-resolve names after 11:06:11 # 364.44 ms threshold, 364.44 ms average 12 total, 4 working servers IPv6 off dcc.rhyolite.com,- anon # 80.69.8.186,- # not answering # 132.206.27.31,- # not answering # *137.118.60.88,- neonova ID 1127 # 100% of 2 requests ok 298.83 ms RTT 271 ms queue wait # 152.20.240.35,- # not answering # 153.19.44.252,- # not answering # 203.147.165.193,- # not answering # 204.152.184.184,- servers ID 1049 # 25% of 4 requests ok 2474.21 ms RTT 105 ms queue wait # 205.166.61.174,- ID 1074 # 50% of 2 requests ok 584.96 ms RTT 155 ms queue wait # 208.201.249.233,- # not answering # 212.69.217.26,- # not answering # 216.240.97.12,- dmv.com ID 1181 # 33% of 3 requests ok 1706.33 ms RTT 121 ms queue wait # 216.244.192.216,- # not answering Looks normal. The map file that is being used is /root/dir/map. If I do a cdcc 'homedir' I get Homdir=/root/dir So when I run these commands logged in as root it is using those files. On the spamassassin lint test through mailwatch it has: debug: DCC: got response: /var/dcc/map is not private So mailwatch is looking for the one in /var/dcc/map, which I change the permissions of this file to 777, and it doesn't like it. However, still a problem because I cannot get cdcc or DCC to make a new map file in /var/dcc/map. So basically I think that I need to: Get DCC to make its homepath /var/dcc/ Make the map file used to be /var/dcc/map Then mailwatch and dcc will be using the right ones. Questions outside of this. What is the user that mailwatch runs under? Or the lint test Should there be a goal to have everything run under the same user and use the same files in the same directory, or to be synced? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wintermutecx at gmail.com Thu Jul 14 18:53:22 2005 From: wintermutecx at gmail.com (Dave) Date: Thu Jan 12 21:30:19 2006 Subject: majordomo, double scan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7/13/05, Ugo Bellavance wrote: > Dave wrote: > > I set up mailscanner on a server that mostly does majordomo mailing > > lists, each message is double scanned. I tried putting in a white list > > for owner-listname@. Does the white list disable scanning of the > > entire message? > > > > White list still scans for everything, but then it doesn't care about > the score. > > You may want to create a ruleset for 'Use SpamAssassin' instead. Ahh thanks, that worked. No more double auto learn. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 14 18:46:12 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >>Billy A. Pumphrey wrote: >> >>>>Billy A. Pumphrey wrote: >>>> >>>> >>>>>I am trying to get these to work. They might be working but I want >>> >>>to >>> >>> >>>>>see if I need to fix these errors in the spamassassin lint test or >>>>>ignore them. I have read the documentation that comes with them, >>>>>however I cannot make complete sense of them with knowing what I >>> >>>need to >>> >>> >>>>>do. >>>>> >>>>>Versions: >>>>>Razor = 2.75 >>>>>DCC = 1.3.5 >>>>> >>>>>So the latest versions. >>>>> >>>>>2) DCC >>>>>debug: DCC is available: /usr/local/bin/dccproc >>>>>debug: DCC: got response: /var/dcc/map is not private >>>>>debug: DCC -> check failed: no X-DCC returned (did you create a map >>>>>file?): /var/dcc/map is not private >>>>> >>>>> >>>>>Thank you >>>>> >>>> >>>>Are you running the lint test through MailWatch? >>>> >>>>Try the command-line instead (different user). >>>> >>> >>> >>>Yes, this is the lint through mailwatch. >>>I ran the command: spamassassin > > --prefs-file=/etc/MailScanner/spam.as > >>>sassin.prefs.conf -D --lint >>> >>>Razor = Seemed to clear up the errors. Does this mean that razor is >>>good to go? >> >>Yes >> >> >>>DCC = errors still there. >> >>Have you checked the permissions on /var/dcc and /var/dcc/map? >> > > > Yes. However but it looks like the map file is suppose to be private: > -rw-------- > > When I do a cdcc 'info' I get: > > [root@WoodenMS dir]# cdcc 'info' > # 07/14/05 10:12:51 EST /root/dir/map > # Re-resolve names after 11:06:11 > # 364.44 ms threshold, 364.44 ms average 12 total, 4 working servers > IPv6 off > > dcc.rhyolite.com,- anon > # 80.69.8.186,- > # not answering > # 132.206.27.31,- > # not answering > # *137.118.60.88,- neonova ID > 1127 > # 100% of 2 requests ok 298.83 ms RTT 271 ms queue wait > # 152.20.240.35,- > # not answering > # 153.19.44.252,- > # not answering > # 203.147.165.193,- > # not answering > # 204.152.184.184,- servers ID > 1049 > # 25% of 4 requests ok 2474.21 ms RTT 105 ms queue wait > # 205.166.61.174,- ID > 1074 > # 50% of 2 requests ok 584.96 ms RTT 155 ms queue wait > # 208.201.249.233,- > # not answering > # 212.69.217.26,- > # not answering > # 216.240.97.12,- dmv.com ID > 1181 > # 33% of 3 requests ok 1706.33 ms RTT 121 ms queue wait > # 216.244.192.216,- > # not answering > > Looks normal. The map file that is being used is /root/dir/map. > > If I do a cdcc 'homedir' I get > Homdir=/root/dir > > So when I run these commands logged in as root it is using those files. > On the spamassassin lint test through mailwatch it has: > debug: DCC: got response: /var/dcc/map is not private > > So mailwatch is looking for the one in /var/dcc/map, which I change the > permissions of this file to 777, and it doesn't like it. However, still > a problem because I cannot get cdcc or DCC to make a new map file in > /var/dcc/map. > > > > > So basically I think that I need to: > Get DCC to make its homepath /var/dcc/ > Make the map file used to be /var/dcc/map > Then mailwatch and dcc will be using the right ones. > > I have those in my /etc/MailScanner/spam.assassin.prefs.conf > > > > Questions outside of this. > What is the user that mailwatch runs under? Your web server's user. apache in my case. nobody for the stock source apache install > Or the lint test > Should there be a goal to have everything run under the same user and > use the same files in the same directory, or to be synced? > I don't understand what you mean here. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu Jul 14 21:17:00 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: > Subject: Re: OT Configuring DCC and Razor > > >> > >>>DCC = errors still there. > >> > >>Have you checked the permissions on /var/dcc and /var/dcc/map? > >> > > > > > > Yes. However but it looks like the map file is suppose to be private: > > -rw-------- > > > Looks normal. The map file that is being used is /root/dir/map. > > > > If I do a cdcc 'homedir' I get > > Homdir=/root/dir > > > > So when I run these commands logged in as root it is using those files. > > On the spamassassin lint test through mailwatch it has: > > debug: DCC: got response: /var/dcc/map is not private > > > > So mailwatch is looking for the one in /var/dcc/map, which I change the > > permissions of this file to 777, and it doesn't like it. However, still > > a problem because I cannot get cdcc or DCC to make a new map file in > > /var/dcc/map. > > > > > > > > > > So basically I think that I need to: > > Get DCC to make its homepath /var/dcc/ > > Make the map file used to be /var/dcc/map > > Then mailwatch and dcc will be using the right ones. > > > > > > I have those in my /etc/MailScanner/spam.assassin.prefs.conf > I have dcc_path /usr/local/bin/dccproc in my /etc/MailScanner/spam.assassin.prefs.conf file. Do you have more than this? That is the only setting that I have available besides "# use_dcc" > > > > > > > > > Questions outside of this. > > What is the user that mailwatch runs under? > > Your web server's user. apache in my case. nobody for the stock source > apache install > > > Or the lint test > > Should there be a goal to have everything run under the same user and > > use the same files in the same directory, or to be synced? > > > > I don't understand what you mean here. > > -- > Ugo Probably a question that is going against the design of services: Example Mailwatch does a spamassassin lint check under the apache user (correct?). Which means that it gives different results or errors that if it is ran with the "correct" user, such as root. This could be misleading because I might think that my spamassassin has problems and it really doesn't. So the question is, should the best practice be to have everything that is installed to do with MailScanner use the same user? DCC - here the problem being: Mailwatch was using map file = /var/dcc/map DCC or cdcc was using map file = /root/dir/map This made the mailwatch spamassassin lint test return errors because there was no map file in /var/dcc/. To fix this I just copied the map file(s) from /root/dir/ to /var/dcc/ Mailscanner - under root I am guessing? My newb skills would have to research how to find this out. Mailwatch (guess that would be httpd, apache) Pyzor (if that has a home directory to do with a user) Things like that. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 14 21:31:42 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >>Subject: Re: OT Configuring DCC and Razor > > Probably a question that is going against the design of services: > Example > Mailwatch does a spamassassin lint check under the apache user > (correct?). Which means that it gives different results or errors that > if it is ran with the "correct" user, such as root. This could be > misleading because I might think that my spamassassin has problems and > it really doesn't. > > So the question is, should the best practice be to have everything that > is installed to do with MailScanner use the same user? > There is a problem... if you use Sendmail as MTA with mailscanner, then you must run MailScanner as root. MailWatch runs as the web server user. Do you want your web server to run as root? No (security). All the other plugins used with MailScanner will run as the user MailScanner is using. I'm aware of this mess and I only use the --lint test in MailWatch is to get the time reports with the colors. If you find a solution, plese let us know... Thanks, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu Jul 14 22:06:10 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: > Subject: Re: OT Configuring DCC and Razor > > Billy A. Pumphrey wrote: > >>Subject: Re: OT Configuring DCC and Razor > > > > Probably a question that is going against the design of services: > > Example > > Mailwatch does a spamassassin lint check under the apache user > > (correct?). Which means that it gives different results or errors that > > if it is ran with the "correct" user, such as root. This could be > > misleading because I might think that my spamassassin has problems and > > it really doesn't. > > > > So the question is, should the best practice be to have everything that > > is installed to do with MailScanner use the same user? > > > > There is a problem... if you use Sendmail as MTA with mailscanner, then > you must run MailScanner as root. MailWatch runs as the web server > user. Do you want your web server to run as root? No (security). > > All the other plugins used with MailScanner will run as the user > MailScanner is using. > > I'm aware of this mess and I only use the --lint test in MailWatch is to > get the time reports with the colors. > > If you find a solution, plese let us know... > > Thanks, > -- > Ugo > Thank you for your replies. I think that what I have learned is not to use the mailwatch lint for taking care of errors. Instead run it logged in as root at the command line. Spamassassin -D --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint I also learned a whole bunch of new stuff from figuring that out. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu Jul 14 22:15:29 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: I searched the archives and could not find them. Doesn't someone have files with ham and spam in them to train bayes? Thank you ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu Jul 14 22:18:14 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: On Thu, 2005-07-14 at 16:15 -0500, Billy A. Pumphrey wrote: > I searched the archives and could not find them. Doesn't someone have > files with ham and spam in them to train bayes? http://www.fsl.com/support ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Thu Jul 14 22:19:16 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can use the Bayes starter db from fsl http://www.fsl.com/support/. Cheers Raylund Billy A. Pumphrey wrote: >I searched the archives and could not find them. Doesn't someone have >files with ham and spam in them to train bayes? > >Thank you > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu Jul 14 22:24:17 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: > Subject: Re: I am looking for the ham and spam files > > You can use the Bayes starter db from fsl http://www.fsl.com/support/. > > Cheers > Raylund > > Billy A. Pumphrey wrote: > > >I searched the archives and could not find them. Doesn't someone have > >files with ham and spam in them to train bayes? > > > >Thank you > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > Thank you much ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jul 14 22:24:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:19 2006 Subject: uninstall question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meryll Larkin spake the following on 7/13/2005 6:34 PM: > 7/13/05 > > Thanks Kai, > > Actually, I DO want to uninstall ALL of them (rpm -e --nodeps modulename). Do you know where I might find a list? The ones that I had "onboard" I can reinstall via the RedHat 7.2 CD plus rpm updates (I've already prepared a temp directory to do exactly that). > > Then I can start from scratch and install an older version of MailScanner. > > I think that, considering the state of my server, this has the best chance of working. > > Thanks for the tip about install.sh vs rpm install. You are right I read the docs and followed directions. My mistake. Maybe I should just read the install.sh ??? Maybe it will give me a list. > I will say that having a Redhat 7.2 server on the internet WILL be a large security risk unless you have been manually adding security errata as they have become available. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Thu Jul 14 22:36:46 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: > Subject: Re: I am looking for the ham and spam files > > You can use the Bayes starter db from fsl http://www.fsl.com/support/. > > Cheers > Raylund > > Billy A. Pumphrey wrote: > > >I searched the archives and could not find them. Doesn't someone have > >files with ham and spam in them to train bayes? > > > >Thank you > > Well I was expecting something that made a little more sense to me, so that I could run the sa-learn --showdots --mbox --spam spam-file Then you get a mailbox full of messages you're sure are ham and teach Bayes about those: sa-learn --showdots --mbox --ham ham-file Commands from http://wiki.apache.org/spamassassin/BayesInSpamAssassin Which one is spam and which one is ham? Bayes_seen or bayes_toks? So it would be: Sa-learn --showdots --mbox --spam bayes_toks(or)bayes_seen ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 14 23:38:27 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have 3 RHEL4 servers, i wish to use some form of caching name service. as i understand it nscd is installed and thats it. Or can install the caching name service for BIND and then change the resolv conf to point to the local host first? According to the network guys the mailscanner servers are hammering his DNS server and he wants me to reduce the traffic (i wouldnt have thought it would be a big deal with only 6-10k messages per day?). Which method is most desirable? Or is there a better way? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu Jul 14 23:42:51 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: On Fri, 2005-07-15 at 08:38 +1000, Peter Russell wrote: > I have 3 RHEL4 servers, i wish to use some form of caching name service. > as i understand it nscd is installed and thats it. Or can install the > caching name service for BIND and then change the resolv conf to point > to the local host first? > > According to the network guys the mailscanner servers are hammering his > DNS server and he wants me to reduce the traffic (i wouldnt have thought > it would be a big deal with only 6-10k messages per day?). > > Which method is most desirable? Or is there a better way? Caching the DNSBLs I presume? If so you should look at rbldnsd. My howto may help (or hinder) you: http://www.mneylon.com/blog/archives/2004/11/13/dns-blacklists-setting-up-a-local-mirror/ Michele ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 14 23:45:27 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The command below take your content and read it and add the good bits to the ham table and the bad bits to the spam table of your bayes DB. The DB you downloaded from FSL is the product of someone (Steve?) having already learned the good and bad bits for you, hence no need to run the commands you list below, simply untar the FSL download into the correct location, check the permissions, check your paths in spam.assassin.prefs.conf match the location of your new bayes DB, do an sa --lint test and reload mailscanner. Good luck Pete > > > Well I was expecting something that made a little more sense to me, so > that I could run the > > sa-learn --showdots --mbox --spam spam-file > > Then you get a mailbox full of messages you're sure are ham and teach > Bayes about those: > > sa-learn --showdots --mbox --ham ham-file > > > Commands from http://wiki.apache.org/spamassassin/BayesInSpamAssassin > > Which one is spam and which one is ham? Bayes_seen or bayes_toks? > > So it would be: > Sa-learn --showdots --mbox --spam bayes_toks(or)bayes_seen ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jul 14 23:40:48 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey spake the following on 7/14/2005 2:36 PM: >>Subject: Re: I am looking for the ham and spam files >> >>You can use the Bayes starter db from fsl http://www.fsl.com/support/. >> >>Cheers >>Raylund >> >>Billy A. Pumphrey wrote: >> >> >>>I searched the archives and could not find them. Doesn't someone > > have > >>>files with ham and spam in them to train bayes? >>> >>>Thank you >>> > > > > Well I was expecting something that made a little more sense to me, so > that I could run the > > sa-learn --showdots --mbox --spam spam-file > > Then you get a mailbox full of messages you're sure are ham and teach > Bayes about those: > > sa-learn --showdots --mbox --ham ham-file > > > Commands from http://wiki.apache.org/spamassassin/BayesInSpamAssassin > > Which one is spam and which one is ham? Bayes_seen or bayes_toks? > > So it would be: > Sa-learn --showdots --mbox --spam bayes_toks(or)bayes_seen ? > You just stop MailScanner, place those files in your bayes directory, fix the permissions, and restart MailScanner. They are a pre-trained bayes database, ready for your system to start adjusting by your traffic. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 14 23:55:36 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks will look at that now. But not just rbls, but i guess every email is subjected to a number of DNS tests, eg PTR lookups? Thanks Pete Michele Neylon :: Blacknight wrote: > On Fri, 2005-07-15 at 08:38 +1000, Peter Russell wrote: > >>I have 3 RHEL4 servers, i wish to use some form of caching name service. >>as i understand it nscd is installed and thats it. Or can install the >>caching name service for BIND and then change the resolv conf to point >>to the local host first? >> >>According to the network guys the mailscanner servers are hammering his >>DNS server and he wants me to reduce the traffic (i wouldnt have thought >>it would be a big deal with only 6-10k messages per day?). >> >>Which method is most desirable? Or is there a better way? > > Caching the DNSBLs I presume? > If so you should look at rbldnsd. > > My howto may help (or hinder) you: > http://www.mneylon.com/blog/archives/2004/11/13/dns-blacklists-setting-up-a-local-mirror/ > > Michele > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Jul 15 00:01:37 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: On Fri, 2005-07-15 at 08:55 +1000, Peter Russell wrote: > Thanks will look at that now. But not just rbls, but i guess every email > is subjected to a number of DNS tests, eg PTR lookups? > Thanks Turn on logging on a DNS server and watch the logs for a few minutes :) - just don't forget to turn it off! In our experience the DNSBL caching can help speed up mail scanning which was our primary concern. We get a lot of DNS traffic anyway, so I wouldn't worry about that. M ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Fri Jul 15 00:07:59 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >> Subject: Re: I am looking for the ham and spam files > > Which one is spam and which one is ham? Bayes_seen or bayes_toks? > Actually neither... > So it would be: > Sa-learn --showdots --mbox --spam bayes_toks(or)bayes_seen ? > Not quite, sa-learn expects e-mails to learn *from* Since you're specifying --mbox format it would be: sa-learn --showdots --mbox --spam {path to a mailbox full of spams in mbox format} or sa-learn --showdots --mbox --ham {path to a mailbox full of hams in mbox format} In my case I created a spam user and mailbox to fetch un-caught spam from my exchange server and once I populate the spam user's mbox with these un-caught spams I run: sa-learn --showdots --mbox --spam /var/spool/mail/spam I noticed others have already addressed your other question about the starter DB (which worked very well for me BTW) and hope this clears up your sa-learn question. HTH Kind regards, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jul 15 00:08:26 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance spake the following on 7/14/2005 1:31 PM: > Billy A. Pumphrey wrote: > >>>Subject: Re: OT Configuring DCC and Razor >> >>Probably a question that is going against the design of services: >>Example >>Mailwatch does a spamassassin lint check under the apache user >>(correct?). Which means that it gives different results or errors that >>if it is ran with the "correct" user, such as root. This could be >>misleading because I might think that my spamassassin has problems and >>it really doesn't. >> >>So the question is, should the best practice be to have everything that >>is installed to do with MailScanner use the same user? >> > > > There is a problem... if you use Sendmail as MTA with mailscanner, then > you must run MailScanner as root. MailWatch runs as the web server > user. Do you want your web server to run as root? No (security). > > All the other plugins used with MailScanner will run as the user > MailScanner is using. > > I'm aware of this mess and I only use the --lint test in MailWatch is to > get the time reports with the colors. > > If you find a solution, plese let us know... > > Thanks, There is a solution, but I don't know how secure it is. Move .razor to /var/www and symlink back to /root. I tried it on one server, and both the commandline and MailWatch lint tests run ok. I will humbly wait for chastisement and see what happens. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mll at SEA.ALASKAMARITIME.COM Fri Jul 15 00:45:12 2005 From: mll at SEA.ALASKAMARITIME.COM (Meryll Larkin) Date: Thu Jan 12 21:30:19 2006 Subject: uninstall question Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 7/14/05 Thanks for your concern, both Kai and Scott, Nope, sorry. I'll lose my job if I "upgrade". Not my call. The server is not a Web server but it is a functional mail relay server and file server and may not be taken down during the "busy season". That would be November to November (no kidding). We're behind a strong firewall. (help, get me out of here). Anyway, with the help I've received I should be able to address it now and I'll write again if I come up with any more snags. Thanks. Scott says: I will say that having a Redhat 7.2 server on the internet WILL be a large security risk unless you have been manually adding security errata as they have become available. Kai says: Hm, Red Hat 7.2 is quite old, isn't it? If it's the Perl version of it you are having problems with you would need to go to quite old MS versions as well. You should think about upgrading. Meryll Larkin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jul 15 09:04:02 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, July 15, 2005 0:01, Michele Neylon :: Blacknight said: > On Fri, 2005-07-15 at 08:55 +1000, Peter Russell wrote: >> Thanks will look at that now. But not just rbls, but i guess every email >> is subjected to a number of DNS tests, eg PTR lookups? >> Thanks > > Turn on logging on a DNS server and watch the logs for a few minutes :) > - just don't forget to turn it off! > > In our experience the DNSBL caching can help speed up mail scanning > which was our primary concern. We get a lot of DNS traffic anyway, so I > wouldn't worry about that. Personally I use DNS Cache which is part of DJBDNS http://cr.yp.to/djbdns.html to do all my DNS caching work (I have found it faster than Bind but YMMV). If you are running all the RBL tests in SpamAssassin plus getting Postfix to do it's usual PTR lookups and any other SMTP time checks then you could well be generating upwards of half a dozen DNS queries per message. With enough volume of mail I could see the 'owner' of a near by DNS server becoming up set :-) Depending on quantity of mail processed you may well want to look at holding the RBL, SURBL etc zone files locally and running DNSBL to serve them so you don't make so many 'cross Internet' zone queries. This will also speed up your mail processing especially as loads of spam tests seem to be heading towards DNS style look ups. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From xplora at MEDIADESIGN.SCHOOL.NZ Fri Jul 15 10:27:52 2005 From: xplora at MEDIADESIGN.SCHOOL.NZ (Richard Smith) Date: Thu Jan 12 21:30:19 2006 Subject: howto stop 1 users outgong mail from being scanned & headers suggestion... Message-ID: >>> >>> 1. Add "-ODaemonPortOptions=Port=25025,Addr=127.0.0.1,Name=MTA-2" >>> to the >>> sendmail program called by /etc/rc.d/init.d/sendmail or Knowing how MailScanner works, I'm wondering if this could be added as an option in /etc/sysconfig/MailScanner for the "StartOutSendmail" queue running sendmail process, since that would reduce the actual number of sendmail processes running (as opposed to this threads suggestion of starting yet another sendmail process), with perhaps some commented out suggestions of various secure (ie SMTPs) options. (Another side benefit is only the 1 process would handle the message.) - Richard -- http://www.mediadesign.school.nz/ CAUTION: This communication is confidential and may be legally privileged. If you have received it in error you must not use, disclose, copy or retain it. Please immediately notify us by return email and then delete the email. This message has been scanned for viruses and dangerous content by MailScanner with McAfee UVScan, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Jul 15 11:45:37 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > On Fri, July 15, 2005 0:01, Michele Neylon :: Blacknight said: > >>On Fri, 2005-07-15 at 08:55 +1000, Peter Russell wrote: >> >>>Thanks will look at that now. But not just rbls, but i guess every email >>>is subjected to a number of DNS tests, eg PTR lookups? >>>Thanks >> >>Turn on logging on a DNS server and watch the logs for a few minutes :) >>- just don't forget to turn it off! >> >>In our experience the DNSBL caching can help speed up mail scanning >>which was our primary concern. We get a lot of DNS traffic anyway, so I >>wouldn't worry about that. > > > Personally I use DNS Cache which is part of DJBDNS > http://cr.yp.to/djbdns.html to do all my DNS caching work (I have found it > faster than Bind but YMMV). If you are running all the RBL tests in > SpamAssassin plus getting Postfix to do it's usual PTR lookups and any > other SMTP time checks then you could well be generating upwards of half a > dozen DNS queries per message. With enough volume of mail I could see the > 'owner' of a near by DNS server becoming up set :-) > Personally i use djbdns as well and here a link to setting it up.. http://wiki.mailscanner.info/doku.php?id=documentation:related_software:caching_nameserver:djbdns but some time back i came across these comparisons which have me re-thinking (me think??). http://www.shub-internet.org/brad/papers/dnscomparison/ can we extend this thread into a healthy discussion (and not another holy war) based on our personal experiences and benchmarks? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Jul 15 13:17:26 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > can we extend this thread into a healthy discussion (and not another > holy war) based on our personal experiences and benchmarks? > > - dhawal Hope so - i have no barrow to push, i just want efficiency and simplicity. Drew Marshall wrote: > > Depending on quantity of mail processed you may well want to look at > holding the RBL, SURBL etc zone files locally and running DNSBL to serve > them so you don't make so many 'cross Internet' zone queries. This will > also speed up your mail processing especially as loads of spam tests seem > to be heading towards DNS style look ups. > > Drew I only do around 6-10k per day, usualy closer to 6k. So not heaps. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Fri Jul 15 14:14:55 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: > > Billy A. Pumphrey wrote: > >> Subject: Re: I am looking for the ham and spam files > > > > > Which one is spam and which one is ham? Bayes_seen or bayes_toks? > > > > Actually neither... > > > So it would be: > > Sa-learn --showdots --mbox --spam bayes_toks(or)bayes_seen ? > > > > Not quite, sa-learn expects e-mails to learn *from* > > Since you're specifying --mbox format it would be: > > sa-learn --showdots --mbox --spam {path to a mailbox full of spams in mbox > format} > > or > > sa-learn --showdots --mbox --ham {path to a mailbox full of hams in mbox > format} > > In my case I created a spam user and mailbox to fetch un-caught spam from > my > exchange server and once I populate the spam user's mbox with these > un-caught spams I run: > > sa-learn --showdots --mbox --spam /var/spool/mail/spam > > I noticed others have already addressed your other question about the > starter DB (which worked very well for me BTW) and hope this clears up > your > sa-learn question. > > HTH > Kind regards, > Ken Yes, got the other question answered, thank you everyone :) You don't have to, but If you would not mind expanding on how you are using your spam mailbox. I have a exchange server also, and MailScanner is in between the internet and the exchange server. Like yours I would suspect. How are you taking the un-caught mail and putting it in the spam mailbox? Are you taking the ID of the message (by using mailwatch) and doing a cp command and moving the message to the spam mbox? Such as: Cp /var/spool/MailScanner/quarantine/20050713/j6CH7SSN017953 /home/user/mail/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 15 14:25:09 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:19 2006 Subject: OT Configuring DCC and Razor Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >>Subject: Re: OT Configuring DCC and Razor >> >>Billy A. Pumphrey wrote: >> >>>>Subject: Re: OT Configuring DCC and Razor >>> >>>Probably a question that is going against the design of services: >>>Example >>>Mailwatch does a spamassassin lint check under the apache user >>>(correct?). Which means that it gives different results or errors > > that > >>>if it is ran with the "correct" user, such as root. This could be >>>misleading because I might think that my spamassassin has problems > > and > >>>it really doesn't. >>> >>>So the question is, should the best practice be to have everything > > that > >>>is installed to do with MailScanner use the same user? >>> >> >>There is a problem... if you use Sendmail as MTA with mailscanner, > > then > >>you must run MailScanner as root. MailWatch runs as the web server >>user. Do you want your web server to run as root? No (security). >> >>All the other plugins used with MailScanner will run as the user >>MailScanner is using. >> >>I'm aware of this mess and I only use the --lint test in MailWatch is > > to > >>get the time reports with the colors. >> >>If you find a solution, plese let us know... >> >>Thanks, >>-- >>Ugo >> > > > Thank you for your replies. > > I think that what I have learned is not to use the mailwatch lint for > taking care of errors. Instead run it logged in as root at the command > line. Spamassassin -D > --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint There might be another solution. Or maybe it should be stated in MailWatch that errors may occur and the lint test should be done as the user running MailScanner. This has become more of a mailwatch issue, so I'll post it on the mailwatch list. > > I also learned a whole bunch of new stuff from figuring that out. > Glad to hear that :). -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Fri Jul 15 17:47:17 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:19 2006 Subject: I am looking for the ham and spam files Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Billy A. Pumphrey wrote: >> Billy A. Pumphrey wrote: >>>> Subject: Re: I am looking for the ham and spam files > > Yes, got the other question answered, thank you everyone :) > > You don't have to, but If you would not mind expanding on how you are > using your spam mailbox. I have a exchange server also, and > MailScanner is in between the internet and the exchange server. Like > yours I would suspect. How are you taking the un-caught mail and > putting it in the spam mailbox? > > Are you taking the ID of the message (by using mailwatch) and doing a > cp command and moving the message to the spam mbox? Such as: > Cp /var/spool/MailScanner/quarantine/20050713/j6CH7SSN017953 > /home/user/mail/ > I'm not completely sure how mbox format is put together so I couldn't tell you if the above would work. But it seems to me if it is in quarantine it has already been caught as spam (if that's your setup) and the only benefit of learning it at that point would be if the bayes score was abnormally low. I only learn from spams that were not caught by my gateway. In other words, they are already sitting in Exchange. So there are a couple tricks to get them back to the Linux e-mail filter box with the headers intact. A gentleman named Ray Gibson helped me out a ton getting my bayes learning set up from Exchange. I'll send you an e-mail exchange we had (off list since it's a little long) but for the list's benefit I will put a link to his tutorial page here: http://www.raygibson.net/kb/amavis/ Great stuff if you use Debian/Exim/Amavisd-new or if you're just building a machine for use as an e-mail filtering gateway. I use Mailscanner (of course ;)), sendmail, SA and ClamAV. But the concept is the same. 1.Create a user on your NT network and a mailbox in Exchange for this user. 2.Log on to the network as that user, create two folders in Outlook named spam and ham and give permissions to anyone authorized to move spam (or ham) into that mailbox. 3.Use fetchmail (or something similar) to fetch the mails from Exchange to your Linux e-mail filter box. 4.Use sa-learn on the resulting mbox. I don't normally learn hams any more as I've not had any false positives. The main thing to be concerned about when learning from mails after they've hit an Exchange server/Outlook is to drag and drop the un-caught spam into a folder for later fetching, otherwise the headers get mangled to the point of being useless for bayes learning. My intention is to put together a wiki page outlining the whole process but I just haven't had the time. You'd be surprised how often this subject comes up here on the list. Take a look at the above page and be expecting another email off list. Hopefully I'll get to the wiki in the next couple weeks. Kind regards, Ken Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From algorges at GMAIL.COM Fri Jul 15 17:44:18 2005 From: algorges at GMAIL.COM (ASA) Date: Thu Jan 12 21:30:19 2006 Subject: SophosSAVI Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am trying to compile SAVI-Perl-0.30 in my Centos4 x86_64 and when I give the make he lists me the following mistake cp SAVI.pm blib/lib/SAVI.pm AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > SAVI.xsc && mv SAVI.xsc SAVI.c Please specify prototyping behavior for SAVI.xs (see perlxs manual) gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m64 -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC "-I/usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/CORE" SAVI.c In file included from sav_if/compute.h:18, from sav_if/savitype.h:18, from sav_if/csavi2c.h:20, from sav_if/csavi3c.h:18, from SAVI.xs:20: sav_if/s_comput.h:662:4: #error Unsupported GNU C/C++ target hardware platform make: *** [SAVI.o] Error 1 What can make? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at CASPERCOLLEGE.EDU Fri Jul 15 17:02:40 2005 From: dstraka at CASPERCOLLEGE.EDU (Daniel Straka) Date: Thu Jan 12 21:30:19 2006 Subject: No subject Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Since you already have an option to scan the messages for potentially dangerous content, I think it would be very useful to have an option to scan the messages for offensive text based on a file which contains a list of offensive words and the message deleted if found. I understand it would not have the scoring capabilities that SA has, but honestly, any email arriving here with the word viagra in it would never be missed! Could this be a future enhancement? Dan Straka Casper College (307)268-2399 ** Visit Casper College Online at www.caspercollege.edu ** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 15 18:19:46 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:19 2006 Subject: No subject Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: > Julian, > > Since you already have an option to scan the messages for potentially > dangerous content, I think it would be very useful to have an option to > scan the messages for offensive text based on a file which contains a > list of offensive words and the message deleted if found. I understand > it would not have the scoring capabilities that SA has, but honestly, > any email arriving here with the word viagra in it would never be > missed! Could this be a future enhancement? > It's in there.. read up on MCP. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jul 15 18:33:19 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:19 2006 Subject: No subject Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Daniel Straka wrote: > >> Julian, >> >> Since you already have an option to scan the messages for potentially >> dangerous content, I think it would be very useful to have an option to >> scan the messages for offensive text based on a file which contains a >> list of offensive words and the message deleted if found. I understand >> it would not have the scoring capabilities that SA has, but honestly, >> any email arriving here with the word viagra in it would never be >> missed! Could this be a future enhancement? >> > > It's in there.. read up on MCP. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Filtering on words alone is asking for trouble (aka FP's): http://www.epinions.com/content_1610588292 From mkettler at EVI-INC.COM Fri Jul 15 18:45:35 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:19 2006 Subject: No subject Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans wrote: > Filtering on words alone is asking for trouble (aka FP's): > http://www.epinions.com/content_1610588292 Agreed. ALWAYS, ALWAYS, ALWAYS, carefully consider the possible contexts for your rule. ALWAYS include word-boundaries where-ever possible to constrain matches. marsexplorer doesn't match /\bsex\b/ but does match /sex/. see the "Writing better rules" section of: http://wiki.apache.org/spamassassin/WritingRules (Note: the suggestion of using a web search is very powerful indeed. Gives you a very quick idea of things that could possibly match a word/phrase of interest.) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 15 19:31:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:19 2006 Subject: SophosSAVI Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SAVI-Perl won't build successfully on x86_64. ASA wrote: > I am trying to compile SAVI-Perl-0.30 in my Centos4 x86_64 and when I > give the make he lists me the following mistake > > cp SAVI.pm blib/lib/SAVI.pm > AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) > /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap > /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > > SAVI.xsc && mv SAVI.xsc SAVI.c > Please specify prototyping behavior for SAVI.xs (see perlxs manual) > gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING > -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m64 > -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC > "-I/usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/CORE" SAVI.c > In file included from sav_if/compute.h:18, > from sav_if/savitype.h:18, > from sav_if/csavi2c.h:20, > from sav_if/csavi3c.h:18, > from SAVI.xs:20: > sav_if/s_comput.h:662:4: #error Unsupported GNU C/C++ target hardware > platform > make: *** [SAVI.o] Error 1 > > What can make? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtgBHBH2WUcUFbZUEQKcFwCgsmTbyopT0j5FTWDdQknMftAUQGoAoNFa RoSV1hwfsRLbJOcCj0FH0HiF =Y6ia -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From algorges at GMAIL.COM Fri Jul 15 19:59:15 2005 From: algorges at GMAIL.COM (ASA) Date: Thu Jan 12 21:30:19 2006 Subject: SophosSAVI Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Julian. what solution would you feel? Does a ready package exist compiled in 32bits for installing in the x86_64? ----- Original Message ----- From: "Julian Field" To: Sent: Friday, July 15, 2005 3:31 PM Subject: Re: SophosSAVI > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > SAVI-Perl won't build successfully on x86_64. > > ASA wrote: > >> I am trying to compile SAVI-Perl-0.30 in my Centos4 x86_64 and when I >> give the make he lists me the following mistake >> >> cp SAVI.pm blib/lib/SAVI.pm >> AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) >> /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap >> /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > >> SAVI.xsc && mv SAVI.xsc SAVI.c >> Please specify prototyping behavior for SAVI.xs (see perlxs manual) >> gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING >> -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE >> -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m64 >> -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC >> "-I/usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/CORE" SAVI.c >> In file included from sav_if/compute.h:18, >> from sav_if/savitype.h:18, >> from sav_if/csavi2c.h:20, >> from sav_if/csavi3c.h:18, >> from SAVI.xs:20: >> sav_if/s_comput.h:662:4: #error Unsupported GNU C/C++ target hardware >> platform >> make: *** [SAVI.o] Error 1 >> >> What can make? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQtgBHBH2WUcUFbZUEQKcFwCgsmTbyopT0j5FTWDdQknMftAUQGoAoNFa > RoSV1hwfsRLbJOcCj0FH0HiF > =Y6ia > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 15 20:48:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:19 2006 Subject: SophosSAVI Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not that I know of, no. I talked to the author about this and he didn't think there was anything he could do for x86_64 until Sophos put out a 64-bit version of their library. ASA wrote: > Hello Julian. what solution would you feel? > Does a ready package exist compiled in 32bits for installing in the > x86_64? > > > ----- Original Message ----- From: "Julian Field" > > To: > Sent: Friday, July 15, 2005 3:31 PM > Subject: Re: SophosSAVI > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> SAVI-Perl won't build successfully on x86_64. >> >> ASA wrote: >> >>> I am trying to compile SAVI-Perl-0.30 in my Centos4 x86_64 and when >>> I give the make he lists me the following mistake >>> >>> cp SAVI.pm blib/lib/SAVI.pm >>> AutoSplitting blib/lib/SAVI.pm (blib/lib/auto/SAVI) >>> /usr/bin/perl /usr/lib/perl5/5.8.5/ExtUtils/xsubpp -typemap >>> /usr/lib/perl5/5.8.5/ExtUtils/typemap -typemap typemap SAVI.xs > >>> SAVI.xsc && mv SAVI.xsc SAVI.c >>> Please specify prototyping behavior for SAVI.xs (see perlxs manual) >>> gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING >>> -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE >>> -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m64 >>> -DVERSION=\"0.30\" -DXS_VERSION=\"0.30\" -fPIC >>> "-I/usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/CORE" SAVI.c >>> In file included from sav_if/compute.h:18, >>> from sav_if/savitype.h:18, >>> from sav_if/csavi2c.h:20, >>> from sav_if/csavi3c.h:18, >>> from SAVI.xs:20: >>> sav_if/s_comput.h:662:4: #error Unsupported GNU C/C++ target >>> hardware platform >>> make: *** [SAVI.o] Error 1 >>> >>> What can make? >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.1 (Build 2185) >> >> iQA/AwUBQtgBHBH2WUcUFbZUEQKcFwCgsmTbyopT0j5FTWDdQknMftAUQGoAoNFa >> RoSV1hwfsRLbJOcCj0FH0HiF >> =Y6ia >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtgS+BH2WUcUFbZUEQI1hgCfWcq9u231PpkdF3GcvDHHSjrQNUkAnjRR H2x5Kltx2wUbNrZY38S2YHx+ =HQMf -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at caspercollege.edu Fri Jul 15 21:24:24 2005 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Jan 12 21:30:19 2006 Subject: MailScanner content scanning for keywords Message-ID: Julian, and list, I know you're all getting tired of my postings so I'll make this my last intrusion on this topic. I don't want to offend anyone on this list, but the comments sent back about my suggestion (see bottom) are a bit programmer-anal. How about just keeping it simple? A nice simple line file delimited by quotes or whatever character, like: " viagra " " vagara " " cialis " "sweeter tasting sperm" (this one offended many, damn spammers) " cum " " porn " " ejaculation " " orgasms " This is the kind of content that gets through to my users. None of this needs to arrive in a mailbox. I don't really care about assigning a "score" to spam like SpamAssassin does, I want to delete messages that contian words or phrases like this. These aren't going to match any other words or phrases since they have spaces before and after single words and it's simple. Mail admins don't have to write a line of "code" to enable a keyword rule. How about the email with a spoofed Reply-to field that spam.blacklist.rules can't touch...but...the from address is the one we really need to be blacklisting? This would work great! Thanks everybody!, Dan Julian, Since you already have an option to scan the messages for potentially dangerous content, I think it would be very useful to have an option to scan the messages for offensive text based on a file which contains a list of offensive words and the message deleted if found. I understand it would not have the scoring capabilities that SA has, but honestly, any email arriving here with the word viagra in it would never be missed! Could this be a future enhancement? Dan Straka Academic Systems Specialist Casper College (307) 268-2399 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Jul 15 21:42:34 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:19 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: > I don't want to offend anyone on this list, but the comments sent back > about my suggestion (see bottom) are a bit programmer-anal. How > about just keeping it simple? A nice simple line file delimited by quotes > or whatever character, like: Isn't this a job for the generic spam module? Have you checked it out? Have I missed why you can't install SA that does what you want so easily? -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Fri Jul 15 21:45:49 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:19 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hopefully you'd never get an email like this. From: Doctor SoAndSo To: The Employee/Staff/Faculty who inquired Subject: STOP! Please do not take the Viagra I sent you, as you will die. Sincerely, Doctor SoAndSo Or this... From: The Dean To: A perfect student Subject: Congratulations! You graduated Magna Cum Laude. Sincerely, The Dean Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 15 22:30:30 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:19 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: > Julian, and list, > > I know you're all getting tired of my postings so I'll make this my last > intrusion on this topic. > > I don't want to offend anyone on this list, but the comments sent back > about my suggestion (see bottom) are a bit programmer-anal. How > about just keeping it simple? A nice simple line file delimited by quotes > or whatever character, like: Disclaimer: I *am* a programmer. I have both bias and experience from years of SA rule writing and general programming. We're not being "programmer-anal" we're trying to be helpful. AFAIK, there are no off-the-shelf tools that work with mailscanner do the simple single-line text-file thing. It's too inflexible a tool to be useful for most people so it wouldn't exactly be a popular. It sounds good, and would be easy to start with, but it's a PITA in the long run due to it's lack of flexibility. So if you want a line-by-line string checker, you'll probably have to write your own tool. You might be able hack a script together using the generic spam scanner module, but at that point it's more 'code' than writing a couple trivial regexes for SA rules. After all that, you'd likely use it for a month to a year and have to junk it because it sucked. No, really, it would suck. This stuff is a LOT harder than you think. Trust me, I'm trying to help you. Spammers use thousands of variants of the word "Viagra", do you want to dictionary them all? 1 regex rule detects absurd numbers of of possible spellings: /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[a4ij1!|l\xCC-\xCF\xEC-\xEF][_\W]{0,3}[ila40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}[x yz]?[gj][_\W]{0,3}rr?[_\W]{0,3}[a40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i Not even counting increases due to mixed-case that's: 32768*2*32768*14*32768*18*32768*4*2*32768*2*32768**16*32768*2*32768 = 3.43*10^41 different strings it will match, all resembling "Viagra". I know I can't dictionary that many combinations. This is a -real world- problem, not a programmers dream. I wrote the above regex for SA. I've studied drug spam form years in evolving that rule. It's complex, but there really are an insane number of obfuscations used nowadays. WAY too many to catch with basic string matching. Besides, if you're a unix sysadmin, regexes really should not scare you. I'm not being programmer-centric here. They are not code, at all, and they are used in dozens of unix programs and even many windows programs (text searches in some apps). If you learn them you'll be able to use ordinary tools like "grep" better. They're not hard, just a little weird looking. A SA rule for a single-word body is pretty trivial. It's not as easy as a line-by-line text file, but it's what we have in-hand. It's also a lot more powerful and flexible as your skills with it grow. Here's some quick conversions of your examples: " viagra " body L_VIAGRA1 /\bviagra\b/i score L_VIAGRA1 5.0 " vagara " body L_VIAGRA2 /\bvagara\b/i score L_VIAGRA2 5.0 " cialis " body L_CIALIS /\bcialis\b/i score L_CIALIS 5.0 Note: I changed your spaces to \b's, which will match any "word boundary" including space, punctuation, and end-of-line. Much more useful, as they won't miss end-of-sentence cases like using spaces will. I also made them case-insensitive with the trailing i. And many of those examples are already built-in with SA 3.0.0 or higher to begin with (DRUGS_ERECTILE). You can just jack up the score if discussion of such drugs is inappropriate at your work (ie: no off-color-joke mails allowed). It's not hard. Really. If you don't want the admin hassles of a full-blown SA, just disable it and use MCP, which has the same syntax, but the same flexibility. This really is likely your simplest route to go, because it exits. AND it has flexibility to help you when you run into trouble with simple rules. And you likely will need it at some point. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sat Jul 16 00:27:58 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:19 2006 Subject: MailScanner content scanning for keywords Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: Friday, July 15, 2005 5:31 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner content scanning for keywords > > Daniel Straka wrote: > > Julian, and list, > > > > I know you're all getting tired of my postings so I'll make this my last > > intrusion on this topic. > > > > I don't want to offend anyone on this list, but the comments sent back > > about my suggestion (see bottom) are a bit programmer-anal. How > > about just keeping it simple? A nice simple line file delimited by > quotes > > or whatever character, like: > > Disclaimer: I *am* a programmer. I have both bias and experience from > years of > SA rule writing and general programming. > > We're not being "programmer-anal" we're trying to be helpful. > > AFAIK, there are no off-the-shelf tools that work with mailscanner do the > simple > single-line text-file thing. It's too inflexible a tool to be useful for > most > people so it wouldn't exactly be a popular. It sounds good, and would be > easy to > start with, but it's a PITA in the long run due to it's lack of > flexibility. > > So if you want a line-by-line string checker, you'll probably have to > write your > own tool. You might be able hack a script together using the generic spam > scanner module, but at that point it's more 'code' than writing a couple > trivial > regexes for SA rules. > > After all that, you'd likely use it for a month to a year and have to junk > it > because it sucked. No, really, it would suck. This stuff is a LOT harder > than > you think. Trust me, I'm trying to help you. > > > Spammers use thousands of variants of the word "Viagra", do you want to > dictionary them all? 1 regex rule detects absurd numbers of of possible > spellings: > > /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[a4ij1!|l\xCC-\xCF\xEC- > \xEF][_\W]{0,3}[ila40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}[x > yz]?[gj][_\W]{0,3}rr?[_\W]{0,3}[a40\xC0-\xC6\xE0- > \xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i > > Not even counting increases due to mixed-case that's: > 32768*2*32768*14*32768*18*32768*4*2*32768*2*32768**16*32768*2*32768 = > 3.43*10^41 > different strings it will match, all resembling "Viagra". > > I know I can't dictionary that many combinations. This is a -real world- > problem, not a programmers dream. I wrote the above regex for SA. I've > studied > drug spam form years in evolving that rule. It's complex, but there really > are > an insane number of obfuscations used nowadays. WAY too many to catch with > basic > string matching. > > > Besides, if you're a unix sysadmin, regexes really should not scare you. > I'm not > being programmer-centric here. They are not code, at all, and they are > used in > dozens of unix programs and even many windows programs (text searches in > some > apps). If you learn them you'll be able to use ordinary tools like "grep" > better. They're not hard, just a little weird looking. > > A SA rule for a single-word body is pretty trivial. It's not as easy as a > line-by-line text file, but it's what we have in-hand. It's also a lot > more > powerful and flexible as your skills with it grow. > > Here's some quick conversions of your examples: > " viagra " > body L_VIAGRA1 /\bviagra\b/i > score L_VIAGRA1 5.0 > > " vagara " > body L_VIAGRA2 /\bvagara\b/i > score L_VIAGRA2 5.0 > > " cialis " > body L_CIALIS /\bcialis\b/i > score L_CIALIS 5.0 > > Note: I changed your spaces to \b's, which will match any "word boundary" > including space, punctuation, and end-of-line. Much more useful, as they > won't > miss end-of-sentence cases like using spaces will. I also made them > case-insensitive with the trailing i. > > And many of those examples are already built-in with SA 3.0.0 or higher to > begin > with (DRUGS_ERECTILE). You can just jack up the score if discussion of > such > drugs is inappropriate at your work (ie: no off-color-joke mails allowed). > > > It's not hard. Really. If you don't want the admin hassles of a full-blown > SA, > just disable it and use MCP, which has the same syntax, but the same > flexibility. > > This really is likely your simplest route to go, because it exits. AND it > has > flexibility to help you when you run into trouble with simple rules. And > you > likely will need it at some point. > Thanks Matt for a very reasoned and simple explanation of the problem and why it's so difficult to solve in a simplistic fashion! On a different tack - we were recently asked to implement a solution for a client in England that used MCP to trap English (as in UK) profanity. We created an MCP rule set that used their extensive list of "profane" words as intelligently as possible. This was not simple as Matt has described. We also set up rules to: 1. Forward for review the messages trapped by these rules 2. Easily release these messages 3. Created an audit trail of who released what / when. The whole system is working well and the client appears to be happy with the results. Here's the problem; if we wanted to do the same thing for a company here in the US we'd have to start all over again with a new nasty word list. Seems that we Yanks have a very different set of Bl**dy nasty words. Just my 2p Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Sat Jul 16 01:21:20 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:19 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Matt Kettler >>Sent: Friday, July 15, 2005 5:31 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: MailScanner content scanning for keywords >> >>Daniel Straka wrote: >> >>>Julian, and list, >>> >>>I know you're all getting tired of my postings so I'll make this my last >>>intrusion on this topic. >>> >>>I don't want to offend anyone on this list, but the comments sent back >>>about my suggestion (see bottom) are a bit programmer-anal. How >>>about just keeping it simple? A nice simple line file delimited by >> >>quotes >> >>>or whatever character, like: >> >>Disclaimer: I *am* a programmer. I have both bias and experience from >>years of >>SA rule writing and general programming. >> >>We're not being "programmer-anal" we're trying to be helpful. >> >>AFAIK, there are no off-the-shelf tools that work with mailscanner do the >>simple >>single-line text-file thing. It's too inflexible a tool to be useful for >>most >>people so it wouldn't exactly be a popular. It sounds good, and would be >>easy to >>start with, but it's a PITA in the long run due to it's lack of >>flexibility. >> >>So if you want a line-by-line string checker, you'll probably have to >>write your >>own tool. You might be able hack a script together using the generic spam >>scanner module, but at that point it's more 'code' than writing a couple >>trivial >>regexes for SA rules. >> >>After all that, you'd likely use it for a month to a year and have to junk >>it >>because it sucked. No, really, it would suck. This stuff is a LOT harder >>than >>you think. Trust me, I'm trying to help you. >> >> >>Spammers use thousands of variants of the word "Viagra", do you want to >>dictionary them all? 1 regex rule detects absurd numbers of of possible >>spellings: >> >>/(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[a4ij1!|l\xCC-\xCF\xEC- >>\xEF][_\W]{0,3}[ila40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}[x >>yz]?[gj][_\W]{0,3}rr?[_\W]{0,3}[a40\xC0-\xC6\xE0- >>\xE6@][_\W]{0,3}x?[_\W]{0,3}(?:\b|\s)/i >> >>Not even counting increases due to mixed-case that's: >>32768*2*32768*14*32768*18*32768*4*2*32768*2*32768**16*32768*2*32768 = >>3.43*10^41 >>different strings it will match, all resembling "Viagra". >> >>I know I can't dictionary that many combinations. This is a -real world- >>problem, not a programmers dream. I wrote the above regex for SA. I've >>studied >>drug spam form years in evolving that rule. It's complex, but there really >>are >>an insane number of obfuscations used nowadays. WAY too many to catch with >>basic >>string matching. >> >> >>Besides, if you're a unix sysadmin, regexes really should not scare you. >>I'm not >>being programmer-centric here. They are not code, at all, and they are >>used in >>dozens of unix programs and even many windows programs (text searches in >>some >>apps). If you learn them you'll be able to use ordinary tools like "grep" >>better. They're not hard, just a little weird looking. >> >>A SA rule for a single-word body is pretty trivial. It's not as easy as a >>line-by-line text file, but it's what we have in-hand. It's also a lot >>more >>powerful and flexible as your skills with it grow. >> >>Here's some quick conversions of your examples: >>" viagra " >>body L_VIAGRA1 /\bviagra\b/i >>score L_VIAGRA1 5.0 >> >>" vagara " >>body L_VIAGRA2 /\bvagara\b/i >>score L_VIAGRA2 5.0 >> >>" cialis " >>body L_CIALIS /\bcialis\b/i >>score L_CIALIS 5.0 >> >>Note: I changed your spaces to \b's, which will match any "word boundary" >>including space, punctuation, and end-of-line. Much more useful, as they >>won't >>miss end-of-sentence cases like using spaces will. I also made them >>case-insensitive with the trailing i. >> >>And many of those examples are already built-in with SA 3.0.0 or higher to >>begin >>with (DRUGS_ERECTILE). You can just jack up the score if discussion of >>such >>drugs is inappropriate at your work (ie: no off-color-joke mails allowed). >> >> >>It's not hard. Really. If you don't want the admin hassles of a full-blown >>SA, >>just disable it and use MCP, which has the same syntax, but the same >>flexibility. >> >>This really is likely your simplest route to go, because it exits. AND it >>has >>flexibility to help you when you run into trouble with simple rules. And >>you >>likely will need it at some point. >> > > > Thanks Matt for a very reasoned and simple explanation of the problem and > why it's so difficult to solve in a simplistic fashion! > > On a different tack - we were recently asked to implement a solution for a > client in England that used MCP to trap English (as in UK) profanity. I hope that client has a clear, written agreement with all its customers that he may scan the body of the mail. Because otherwise he is violating privacy laws and you might tell them that :) - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFC2FL/PMoaMn4kKR4RAh9OAJ96ujDyX6RobZES21LRJ2Ukqm+kJACfQxF6 QFux5+QL12+ZWT6NjxWBwlQ= =kuj7 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Jul 16 02:07:01 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Personally i use djbdns as well and here a link to setting it up.. > http://wiki.mailscanner.info/doku.php?id=documentation:related_software:caching_nameserver:djbdns > > > but some time back i came across these comparisons which have me > re-thinking (me think??). > http://www.shub-internet.org/brad/papers/dnscomparison/ > > can we extend this thread into a healthy discussion (and not another > holy war) based on our personal experiences and benchmarks? Well I enabled Bind 9 on one of my machines just to see what difference it makes and in my very (un)scientific tests I got From DNS Cache: ; <<>> DiG 9.3.1 <<>> @192.168.1.30 www.cw.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9666 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.cw.com. IN A ;; ANSWER SECTION: www.cw.com. 7200 IN A 212.137.47.225 ;; Query time: 271 msec ;; SERVER: 192.168.1.30#53(192.168.1.30) ;; WHEN: Sat Jul 16 02:02:29 2005 ;; MSG SIZE rcvd: 44 And from the Bind9 Machine ; <<>> DiG 9.3.1 <<>> @192.168.1.31 www.cw.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62643 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 ;; QUESTION SECTION: ;www.cw.com. IN A ;; ANSWER SECTION: www.cw.com. 7200 IN A 212.137.47.225 ;; AUTHORITY SECTION: cw.com. 7200 IN NS ns0.uk.cw.net. cw.com. 7200 IN NS ns1.uk.cw.net. cw.com. 7200 IN NS ns2.uk.cw.net. cw.com. 7200 IN NS ns3.uk.cw.net. ;; ADDITIONAL SECTION: ns0.uk.cw.net. 172800 IN A 64.69.177.79 ns1.uk.cw.net. 172800 IN A 194.177.170.35 ns2.uk.cw.net. 172800 IN A 194.6.79.4 ;; Query time: 817 msec ;; SERVER: 192.168.1.31#53(192.168.1.31) ;; WHEN: Sat Jul 16 02:02:20 2005 ;; MSG SIZE rcvd: 173 Now I know the MSG SIZE is large with the Bind9 look up but there is no mistaking the 271ms against Bind's 817ms. Hardly scientific I know but that is why I have tended to favour DJBDNS. No Holy War here, if any one has ideas how to make Bind go faster I'm all ears :-) (For the record it's compiled with threads on a FreeBSD 5.3 box. Unthreaded look ups were in excess of 4000ms!). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Sat Jul 16 02:23:48 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:19 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sat, 16 Jul 2005 07:30 am, Matt Kettler wrote: > Spammers use thousands of variants of the word "Viagra", do you want to > dictionary them all? 1 regex rule detects absurd numbers of of possible > spellings: > > /(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[a4ij1!|l\xCC-\xCF\xEC-\xEF][_\W] >{0,3}[ila40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}[x > yz]?[gj][_\W]{0,3}rr?[_\W]{0,3}[a40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}x?[_\W]{ >0,3}(?:\b|\s)/i Good grief! That looks like a slightly extended version of the OBFU_VIAGRA rule I wrote about a year ago...I can tell coz it's still got the (?:\b|\s) rules which, syntactically can be replaced with [\b\s]. At least that's how it reads in my custom SA rules /now/ and works just the same (and is faster from my testing). Perl gurus: Am I correct? does (?:\b|\s) == [\b\s] ?? If not, what's the difference? AFAICT (?:...) matches something without creating the $x holder to refer to the match later, and [...] does the same thing except matches a set of individual characters. So if you have (?:a|b|c|d|...|z) isn't that exactly the same as [a-z]? Obviously something like "fuss(?:ing|ed|y)?" is a where you'd want the (?:...) syntax - but I'm referring to matching individual characters. Cheers, James -- It is better never to have been born. But who among us has such luck? One in a million, perhaps. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From james at grayonline.id.au Sat Jul 16 02:28:45 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:19 2006 Subject: No subject Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sat, 16 Jul 2005 03:45 am, Matt Kettler wrote: > (Note: the suggestion of using a web search is very powerful indeed. > Gives you a very quick idea of things that could possibly match a > word/phrase of interest.) I agree. I've also made a little perl script that allows you to enter a regex (cut-and-paste from SA rules etc) then it runs it against any dictionaries you have installed on your system (/usr/share/dict/... etc). I can make it available to the list if anyone is interested. I'm curious though - what web-based search engines allow arbitary regex (and perl regex) to be entered as a search phrase? Google/Yahoo/MSN/Ask Jeeves/etc don't AFAIK, but I was wondering if there was somewhere else that does? Cheers, James -- Muitas leis continuam em vigor desde os tempos mais antigos -- não por serem justas, mas por serem leis. -- Michel de Montaigne ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Sat Jul 16 02:43:08 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Now I know the MSG SIZE is large with the Bind9 look up but there is no > mistaking the 271ms against Bind's 817ms. > > Drew > Specifically with regards to mail gateways and aside from speed, do DJBDNS and BIND and NSCD apps do the same job? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Sat Jul 16 19:12:35 2005 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:30:19 2006 Subject: quarantine fragmented messages larger than Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, In these days of ever growing email message sizes, would it make sense to be able to specify a filesize for the fragmented message rules? Seems that some corp folks recommend using this feature to send large files. Even pc magazine suggests using it: http://www.pcworld.com/howto/article/0,aid,110649,00.asp :-( I'd like to be able to block fragmented messages from poorly configured clients, or potential malware, but allow larger fragmented messages. The assumption is that most virus payloads are not > 1mb. What inspired microsoft to make the default value for 'break messages apart larger than' 60k in OE? I guess the problem remains how to allow the last, smaller part of a message through, if it's other parts were accepted.... hmmm. Thanks for your thoughts on this, Ken Anderson Pacific.Net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Jul 16 22:55:47 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Drew Marshall wrote: > >> >> Now I know the MSG SIZE is large with the Bind9 look up but there is >> no mistaking the 271ms against Bind's 817ms. >> >> Hardly scientific I know but that is why I have tended to favour >> DJBDNS. No Holy War here, if any one has ideas how to make Bind go >> faster I'm all ears :-) (For the record it's compiled with threads >> on a FreeBSD 5.3 box. Unthreaded look ups were in excess of 4000ms!). > > > Here are some *independent* results (as un-scientific as it can get) > for 'dig cw.com' > > djbdns 1.05 > Pre-cache Query time: 225 msec > Post-cache Query time: 2 msec > > bind 9.2.0 > Pre-cache Query time: 234 msec > Post-cache Query time: 1 msec > > and here is dan's reply to knowles > http://cr.yp.to/djbdns/knowles.html > > i am so easily influenced, but post 2nd (or was it 3rd) thoughts i'll > put my doubts to an end and happily continue using dnscache. Well I have just put another box over to Bind so we will see. Pre this version of Bind (9.3.1) the look ups were slow enough that I would notice lag on web page loading. So far I haven't so may be there is reason for me to move... It does become more complex as my DNS servers are also authorative for various domains as well as caching and Bind does make that easier, only needing one IP address (I know there is a patch but I have never quite got there). Who knows? Only thing that is certain is I am more confused (Which doesn't take much) as to a preference. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sat Jul 16 17:31:24 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote on Fri, 15 Jul 2005 16:15:37 +0530: > can we extend this thread into a healthy discussion (and not another > holy war) based on our personal experiences and benchmarks? I used dnsmasq quite successful for some time on several of our machines. With one machine running it and the others using it as first dns. dnsmasq is very lightweight and used in many linux-based gateway/router "appliances" as the DHCP and dns caching server but not widely known to the public. http://thekelleys.org.uk/dnsmasq/doc.html It seemed to run better than nscd, but I don't have any benchmarks against it or other caching servers. One thing notable about nscd is that it has a tendency to suddenly vanish for unknown reasons, so it needs to be restarted from time to time (can be once a day, once a month, or never, quite unexpectedly). Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 16 15:53:57 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > > Now I know the MSG SIZE is large with the Bind9 look up but there is no > mistaking the 271ms against Bind's 817ms. > > Hardly scientific I know but that is why I have tended to favour DJBDNS. > No Holy War here, if any one has ideas how to make Bind go faster I'm > all ears :-) (For the record it's compiled with threads on a FreeBSD > 5.3 box. Unthreaded look ups were in excess of 4000ms!). Here are some *independent* results (as un-scientific as it can get) for 'dig cw.com' djbdns 1.05 Pre-cache Query time: 225 msec Post-cache Query time: 2 msec bind 9.2.0 Pre-cache Query time: 234 msec Post-cache Query time: 1 msec and here is dan's reply to knowles http://cr.yp.to/djbdns/knowles.html i am so easily influenced, but post 2nd (or was it 3rd) thoughts i'll put my doubts to an end and happily continue using dnscache. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Sat Jul 16 17:25:42 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:19 2006 Subject: Scanning of fragmented messages Message-ID: Hi Julian I am currently using MailScanner 4.40.11-1. I have always set "Allow Partial Messages = no" in MailScanner.conf due to the obvious potential vulnerability if a virus is split between partial messages. However I had not realised that this option results in the message parts being silently quarantined with no notice to recipient. I don't think that is the most desirable response as the vast majority of fragmented messages are generated by people using Microsoft software that is wrongly configured to split messages - often with some silly value such as 60 KB. I had naively thought that the following entry in still_deliver_silent_viruses.rules would overcome this problem: Virus: /Fragmented.messages/ yes but of course it does not do what I assumed it would - deliver the message with just a warning that the contents have been archived. Could I request the following update where partial messages are set to be blocked: When a message is found that is of type "message/partial" then the contents are replaced with a warning to state that the message body has been deleted as it is fragmented, and listing the usual quarantine location in case the user really wants the bits. This caters for all those people who insist on splitting their messages by unthinkingly ticking the split message option in their MUA. Even better would be checking for the "number=" line in the header, eg: Content-Type: message/partial; total=150; id="01C583F8.7ED65170@your-9dl6yfn7yi"; number=2 and if the number is not 1 then ignore it as before. That saves the recipient from receiving 150 notices when someone finds that the message size limit on our mail server is 1.5 MB so decides to split their 10 MB message into a couple of hundred bits. Any alternative suggestions would also be most appreciated. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Sat Jul 16 17:34:44 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:19 2006 Subject: Scanning of fragmented messages Message-ID: Hi again Julian My apologies. I seem to have made only a selective check of the logs. It seems that the most recent fragmented message was quarantined and not delivered, but earlier examples were quarantined and the empty message delivered with the warning message, exactly as requested below. I have looked more closely at the logs and found that the fragmented message had been found in an RBL and that was the reason it was not delivered. Sorry to waste your time. Regards Jim Holland On Sat, 16 Jul 2005, Jim Holland wrote: > Date: Sat, 16 Jul 2005 18:25:42 +0200 (CAT) > From: Jim Holland > To: MailScanner mailing list > Subject: Scanning of fragmented messages > > Hi Julian > > I am currently using MailScanner 4.40.11-1. > > I have always set "Allow Partial Messages = no" in MailScanner.conf due to > the obvious potential vulnerability if a virus is split between partial > messages. However I had not realised that this option results in the > message parts being silently quarantined with no notice to recipient. I > don't think that is the most desirable response as the vast majority of > fragmented messages are generated by people using Microsoft software that > is wrongly configured to split messages - often with some silly value such > as 60 KB. > > I had naively thought that the following entry in > still_deliver_silent_viruses.rules would overcome this problem: > > Virus: /Fragmented.messages/ yes > > but of course it does not do what I assumed it would - deliver the message > with just a warning that the contents have been archived. > > Could I request the following update where partial messages are set to be > blocked: When a message is found that is of type "message/partial" then > the contents are replaced with a warning to state that the message body > has been deleted as it is fragmented, and listing the usual quarantine > location in case the user really wants the bits. This caters for all > those people who insist on splitting their messages by unthinkingly > ticking the split message option in their MUA. Even better would be > checking for the "number=" line in the header, eg: > > Content-Type: message/partial; > total=150; > id="01C583F8.7ED65170@your-9dl6yfn7yi"; > number=2 > > and if the number is not 1 then ignore it as before. That saves the > recipient from receiving 150 notices when someone finds that the message > size limit on our mail server is 1.5 MB so decides to split their 10 MB > message into a couple of hundred bits. > > Any alternative suggestions would also be most appreciated. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Sun Jul 17 10:52:30 2005 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: Hi On Sat, 16 Jul 2005, Drew Marshall wrote: > It does become more complex as my DNS servers are also authorative for > various domains as well as caching and Bind does make that easier, only > needing one IP address (I know there is a patch but I have never quite > got there). Who knows? Only thing that is certain is I am more confused > (Which doesn't take much) as to a preference. I personally use Dan Bernstein's dnscache for local caching name service and have found its performance to be excellent. I also sympathise with most of his arguments against BIND - especially the concept of keeping it all simple, with separate executables for separate functions, simpler configuration file formats, and for his greater attention to security (default chroot installation for example). It comes with many useful utility programs that are very handy for use in batch files, producing output in much more processable format than "dig". I have never had any problems with dnscache whatsoever, and it needs virtually no attention or management. I have only the following gripes against it: A "dig ... any" will only return NS records even if other records are cached for the domain. But then "dig" is not part of the djbdns package . . . Dan Bernstein disparages anything that is not UNIX, so will not support an RPM version of dnscache, although I believe there are some out there. This means that Linux-oriented people like me have more difficulty in understanding its logic (eg use of a /command directory and the unusual way the service is managed - see appended extract from pstree -ap for example). I have not used djbdns for authoritative nameservice, so cannot comment from experience. I use BIND named for traditional reasons (mainly so that I am familiar enough with it to be able to support it for other people), but follow Dan Bernstein's advice to keep authoritative nameservice and caching nameservice quite separate, so operate them on different IP addresses. The BIND named service is configured to respond only to queries on domains for which the server is authoritative and to reject any other queries. The caching nameservice is in fact on a private IP address, so therefore totally inaccessible to external queries. I plan to drop BIND completely from the next server I set up and use only djbdns in spite of its idiosyncracies as it seems to be inherently better designed, more flexible, more reliable and more secure than BIND. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service |-svscanboot(761) /command/svscanboot | |-readproctitle(764) service errors: ... | `-svscan(763) /service | |-supervise(765) dnscache | | `-dnscache(768) | |-supervise(766) log | | `-multilog(769) t ./main | `-supervise(767) archive | `-(supervise,2894) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sat Jul 16 09:15:44 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:19 2006 Subject: BIND vs ncsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: >> >> Now I know the MSG SIZE is large with the Bind9 look up but there is >> no mistaking the 271ms against Bind's 817ms. > Must learn to type ^^^^^^^^^^^^^^^^^^ is supposed to read 'I know the MSG SIZE is larger' >> > >> Drew >> > Specifically with regards to mail gateways and aside from speed, do > DJBDNS and BIND and NSCD apps do the same job? Fundamentally, yes. They all offer DNS Caching services but I would suggest it's like saying do Sendmail, Exim and Postfix do the same job? The simple answer is yes but we all know there's a bit more to it than that ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sun Jul 17 15:24:40 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:19 2006 Subject: FW: Razor2 check fails with Can't locate object method "new" Message-ID: Please excuse this cross-post from the razor-users list but I betting that some MailScanner user has hit this problem - and hopefully solved it. TIA, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -----Original Message----- From: Stephen Swaney [mailto:steve.swaney@fsl.com] Sent: Sunday, July 17, 2005 10:15 AM To: 'razor-users@lists.sourceforge.net' Subject: Razor2 check fails with Can't locate object method "new" I'm having a problem after upgrading to Razor 2.75 on a Red Hat ES 3.0 x86_64system. All was working normally for version 2.72. After the update, when SpamAssassin attempts to call razor, the following error occurs: debug: Razor2 is available debug: entering helper-app run mode razor2 check skipped: Can't locate object method "new" via package "Razor2::Client::Agent" at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 430. debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 I belive I've followed the instructions from The SpamAssassin Wiki: Razor2 check fails with Can't locate object method "new" http://wiki.apache.org/spamassassin/RazorCantLocateNew?highlight=%28SHA1%29 And the test shown on that page passes without error. Still razor is not used by SpamAssassin. Applications / Modules / Versions installed: Running on Linux xxx.xxx.net 2.4.21-20.ELsmp #1 SMP Wed Aug 18 20:34:58 EDT 2004 x86_64 x86_64 x86_64 GNU/Linux This is Red Hat Enterprise Linux ES release 3 (Taroon Update 5) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.43.8 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.51 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.48 Test::Harness 0.6 Test::Simple 1.89 Text::Balanced 1.35 URI Any help very much appreciated. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Jul 17 17:10:10 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:19 2006 Subject: DCC and RAZOR2 checks Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7/13/05, Venkata Achanta wrote: (snip) > Anything else i should be checking? (snip) Perhaps a bit silly (and late!-), but why not simply remove the executables for the unwanted digest checks? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Jul 17 17:18:12 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:20 2006 Subject: mail is not send after upgrading postfix + mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7/14/05, Peter Russell wrote: > No idea what the fix is, but upgrading both of these at the same is > always going to be risky. I would suggest upgrading one, dealing with > any of the issues and then a day or more later upgrading the > other....its different with stuff like DCC etc because you can turn it off. > > > Meshbah Uddin Ahmed wrote: > > Hi, > > i m using postfix + mailscanner + clamav. after > > upgrading postfix and mailscanner mails are not sent. > > when i want to try send mail it is deferred 1st, chkin > > and then requeued. after requeued it was not send. > > > > here is my postfix and mailscanner version info- > > > > # apt-show-versions -p postfix > > postfix/testing uptodate 2.2.3-3 > > # apt-show-versions -p mailscanner > > mailscanner/testing uptodate 4.41.3-2 > > > > after requeued, in mail.log there is- > > > > MailScanner[17756]: Requeue: C03F8D6BC3.6F395 to > > 3ACF67F404 > > > > > > what can i do now to fix it, pls advice. > > > > thanks > > meshbah Nor do I *know* the solution, but.... obviously your postfix is HOLDing the messages and MailScanner is scanning them just fine, so the problem is probably to do with postfix and how MS is reinjecting the queue file.... Perhaps something to do with how PF 2.2 and MS handles depth of the incoming queue? Have a look at http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation#error_messages the paragraph titled "Mail not being delivered or stuck in /var/spool/postfix/incoming". -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Jul 17 17:39:58 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:20 2006 Subject: uninstall question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7/15/05, Meryll Larkin wrote: > 7/14/05 > > Thanks for your concern, both Kai and Scott, > > Nope, sorry. I'll lose my job if I "upgrade". Not my call. The server is not a Web server but it is a functional mail relay server and file server and may not be taken down during the "busy season". That would be November to November (no kidding). We're behind a strong firewall. (help, get me out of here). Anyway, with the help I've received I should be able to address it now and I'll write again if I come up with any more snags. Thanks. > > Scott says: > I will say that having a Redhat 7.2 server on the internet WILL be a > large security risk unless you have been manually adding security errata > as they have become available. > > Kai says: > Hm, Red Hat 7.2 is quite old, isn't it? If it's the Perl version of it you > are having problems with you would need to go to quite old MS versions as > well. You should think about upgrading. > > Meryll Larkin > Perhaps take a look at the best practices page: http://wiki.mailscanner.info/doku.php?id=best_practices#keep_your_software/your_knowledge_up_to_date http://wiki.mailscanner.info/doku.php?id=best_practices#compartmentalize_your_servers ... some "ammo" to throw at the PHB:-). To spell it out, I'm suggesting you lift the gateway part onto a new (and up2date) server. Unless your load is heavy, the mx bit will be light. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Sun Jul 17 22:38:15 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:30:20 2006 Subject: Strange behaviour? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, just tried to send a mail with an ascii file, with the following content: SuSE Linux 9.1 (i586) VERSION = 9.1 This Text-file (SuSE-release from /etc) was within a tgz-file. This is what te Maillog said: Jul 17 23:32:53 marcel MailScanner[5668]: SuSE-release Jul 17 23:32:53 marcel MailScanner[5668]: ProcessClamAVOutput: unrecognised line "SuSE-release". Please contact the authors! Jul 17 23:32:57 marcel MailScanner[5668]: Uninfected: Delivered 1 messages any ideas?? It seems that the file was transported ordinary way ;) Greetings Marcel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC2s/MeuKbXOoTCo8RAjORAJ45/YjJVlHJ4cEIVf8i3dzekn/Z5QCeO/O3 piyWfypDjG37tSPieOt0hNE= =UOvh -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sun Jul 17 22:43:28 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:20 2006 Subject: Strange behaviour? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Marcel Blenkers > Sent: Sunday, July 17, 2005 5:38 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Strange behaviour? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > just tried to send a mail with an ascii file, with the following content: > > SuSE Linux 9.1 (i586) > VERSION = 9.1 > > > This Text-file (SuSE-release from /etc) was within a tgz-file. > > This is what te Maillog said: > > Jul 17 23:32:53 marcel MailScanner[5668]: SuSE-release > Jul 17 23:32:53 marcel MailScanner[5668]: ProcessClamAVOutput: > unrecognised line "SuSE-release". Please contact the authors! > Jul 17 23:32:57 marcel MailScanner[5668]: Uninfected: Delivered 1 messages > > > any ideas?? > > It seems that the file was transported ordinary way ;) > > Greetings > > Marcel Please check the list archives. I believe you might need to upgrade your version of ClamAV to the latest version. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 18 09:03:53 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:20 2006 Subject: MailScanner content scanning for keywords Message-ID: Daniel Straka wrote: > Julian, and list, > > I know you're all getting tired of my postings so I'll make this my last > intrusion on this topic. > > I don't want to offend anyone on this list, but the comments sent back > about my suggestion (see bottom) are a bit programmer-anal. How > about just keeping it simple? A nice simple line file delimited by quotes > or whatever character, like: > > " viagra " > " vagara " > " cialis " > "sweeter tasting sperm" (this one offended many, damn spammers) > " cum " > " porn " > " ejaculation " > " orgasms " > > This is the kind of content that gets through to my users. None of this > needs to arrive in a mailbox. I don't really care about assigning a > "score" to spam like SpamAssassin does, I want to delete messages > that contian words or phrases like this. These aren't going to match > any other words or phrases since they have spaces before and after > single words and it's simple. Mail admins don't have to write a line of > "code" to enable a keyword rule. > How about the email with a spoofed Reply-to field that > spam.blacklist.rules can't touch...but...the from address is the one we > really need to be blacklisting? This would work great! > > Thanks everybody!, > > Dan > Julian, > > Since you already have an option to scan the messages for potentially > dangerous content, I think it would be very useful to have an option to > scan the messages for offensive text based on a file which contains a > list of offensive words and the message deleted if found. I understand > it would not have the scoring capabilities that SA has, but honestly, any > email arriving here with the word viagra in it would never be missed! > Could this be a future enhancement? > > > Dan Straka > Academic Systems Specialist > Casper College > (307) 268-2399 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Dan Nice generator for obsfucated words here.. http://sandgnat.com/cmos/cmos.jsp Type in you word and paste the SA rule that's generated into a file in /etc/mail/spamassassain. -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Mon Jul 18 10:31:29 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:30:20 2006 Subject: Spamassassin stoped working... :( Message-ID: And not being a smart guy I need some help. This is what I got after running debug and MailScanner -v. SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock Failed to run URIBL_JP_SURBL SpamAssassin test, skipping: (Can't locate object method "check_uridnsbl" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2340. ) Failed to run URIBL_JP_SURBL SpamAssassin test, skipping: (Can't locate object method "check_uridnsbl" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2340, line 374. ) Stopping now as you are debugging me. [ OK ] [root@ns2 MailScanner]# MailScanner -v Running on Linux ns2.ltkalmar.se 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.41.3 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 18 11:17:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:20 2006 Subject: Spamassassin stoped working... :( Message-ID: Anders Andersson, IT wrote: > And not being a smart guy I need some help. This is what I got after > running debug and MailScanner -v. > > SA bayes lock is /root/.spamassassin/bayes.lock > Bayes lock is at /root/.spamassassin/bayes.lock > Failed to run URIBL_JP_SURBL SpamAssassin test, skipping: > (Can't locate object method "check_uridnsbl" via package > "Mail::SpamAssassin::PerMsgStatus" at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line > 2340. > ) > Failed to run URIBL_JP_SURBL SpamAssassin test, skipping: > (Can't locate object method "check_uridnsbl" via package > "Mail::SpamAssassin::PerMsgStatus" at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line > 2340, line 374. > ) > Stopping now as you are debugging me. > [ OK ] Anders what's in you're init.pre file in /etc/mail/spamassassin and what happens if you run... spamassassn -p /spam.assassin.prefs.conf -D --lint the will be the same dir that MailScanner.conf is in.. -- -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Mon Jul 18 12:38:42 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:30:20 2006 Subject: Spamassassin stoped working... :( Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Monday, July 18, 2005 12:17 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Spamassassin stoped working... :( > > Anders Andersson, IT wrote: > > And not being a smart guy I need some help. This is what I > got after > > running debug and MailScanner -v. > > > > SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at > > /root/.spamassassin/bayes.lock Failed to run URIBL_JP_SURBL > > SpamAssassin test, skipping: > > (Can't locate object method "check_uridnsbl" via package > > "Mail::SpamAssassin::PerMsgStatus" at > > > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line > > 2340. > > ) > > Failed to run URIBL_JP_SURBL SpamAssassin test, skipping: > > (Can't locate object method "check_uridnsbl" via package > > "Mail::SpamAssassin::PerMsgStatus" at > > > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line > > 2340, line 374. > > ) > > Stopping now as you are debugging me. > > [ OK ] > > Anders > what's in you're init.pre file in /etc/mail/spamassassin and > what happens if you run... > > spamassassn -p /spam.assassin.prefs.conf -D --lint Semms like spamassassin disapered... Cant run the command.... I'll try and do a reinstall /usr/share/spamassassin is an emty directoru. Something must have gone bad whe I reinstalled Julians clamav-spamassassin prog Guess a reinstallation might help :) > > the will be the same dir that MailScanner.conf is in.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 18 12:39:18 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:20 2006 Subject: "Allowed Sophos Error Messages" and encrypted 530 errors Message-ID: Peter Bates wrote: > Hello all... > > I'm running MailScanner 4.43.8 > with several AV scanners and SA. > I'm using Sophos 3.95 with SAVI::Perl. > > Investigating a query about non-receipt of email > I found the following today: > > Jul 18 10:10:34 postbox MailScanner[16355]: SophosSAVI::ERROR:: File > was encrypted (530):: ./D3D5C13F868.E918B/Poptrends_revised.ZIP > Jul 18 10:10:34 postbox MailScanner[16355]: SophosSAVI::ERROR:: File > was encrypted (530):: ./D3D5C13F868.E918B/Popcharts.ZIP > > Jul 18 11:32:02 postbox MailScanner[18989]: SophosSAVI::ERROR:: File > was encrypted (530):: ./56D0B13F870.BCA7E/5jul2005.zip > > Should I be sending these files to Sophos, should I put 'was encrypted' > in 'Allowed Sophos Error Messages =' ? > > My 'Allowed Sophos Error Messages' setting is currently blank... but > that also appears to be the default. > > Or is there an easy setting to quarantine messages hitting this, so I > can at least release them at another time? > > Thanks. > > > > > ---------------------------------------------------------------------------------------------------> > Peter Bates, Systems Support Officer, IT Services. Peter mine is set at.. Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Mon Jul 18 13:14:35 2005 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:30:20 2006 Subject: Strange behaviour? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, > > Please check the list archives. I believe you might need to upgrade your > version of ClamAV to the latest version. > marcel:~ # clamscan -V ClamAV 0.86.1/982/Sun Jul 17 14:45:12 2005 guess it is the latest version ;) i am using clamscan and not the module.. maybe that helps? Greetings Marcel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC2501euKbXOoTCo8RAkA2AJ4sj9XbMlWoArAhl5ZqMPQXXUa00QCbB+Ka x+Zc4lPe35bNhT4jiaL+dmA= =Noz4 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Mon Jul 18 16:43:25 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: Hello, I've got a redhat server that scans mail before being forwarded on to an exchange server. For redundancy, I've actually got two servers before the mail gets to the exchange server. First, it hits destiny.winnefox.org. If everything goes ok, it goes on to mail.winnefox.org. If there's a problem, it goes to mystique.winnefox.org, which is also a redhat server. I've been noticing a good amount of mail that is being scanned by mystique. Best I can figure, destiny times out checking the message, so it goes on to mystique. Is there a way for me to look for something in the logs that would indicate a timeout? I checked var/logs/maillog, but didn't notice any errors in it. -- Jody Cleveland Computer Support Specialist cleveland@winnefox.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jul 18 17:15:45 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:20 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > On Sat, 16 Jul 2005 07:30 am, Matt Kettler wrote: > >>Spammers use thousands of variants of the word "Viagra", do you want to >>dictionary them all? 1 regex rule detects absurd numbers of of possible >>spellings: >> >>/(?:\b|\s)[_\W]{0,3}(?:\\\/|V)[_\W]{0,3}[a4ij1!|l\xCC-\xCF\xEC-\xEF][_\W] >>{0,3}[ila40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}[x >>yz]?[gj][_\W]{0,3}rr?[_\W]{0,3}[a40\xC0-\xC6\xE0-\xE6@][_\W]{0,3}x?[_\W]{ >>0,3}(?:\b|\s)/i > > > Good grief! That looks like a slightly extended version of the OBFU_VIAGRA > rule I wrote about a year ago...I can tell coz it's still got the (?:\b|\s) > rules which, syntactically can be replaced with [\b\s]. At least that's > how it reads in my custom SA rules /now/ and works just the same (and is > faster from my testing). Actually, it's part of the DRUGS_ERECTILE rule I developed for antidrug.cf and is now a part of sa 3.0.0+, starting sometime late 2003 with a public version in January 16, 2004. http://article.gmane.org/gmane.mail.spam.spamassassin.general/39305 It's interesting that the rest of our rules are similar, but then again, when you break it down it's all straightforward obfuscation handling. http://mywebpages.comcast.net/mkettler/sa/antidrug.cf The regex quoted is a slightly newer version of the __DRUGS_ERECTILE1 sub-part than is in common distribution via antidrug.cf or SA 3.0.x, one I've been testing but haven't done a mass-check of yet. > > Perl gurus: Am I correct? does (?:\b|\s) == [\b\s] ?? If not, what's the > difference? AFAICT (?:...) matches something without creating the $x > holder to refer to the match later, and [...] does the same thing except > matches a set of individual characters. I *may* have lifted the idea of using (?:\b|\s) from your rule, or from someone else's rule. Originally I did use \b only. I believe that later I saw some other rule (yours, some SARE rule, dono) with a mixed-pre-gap clause using the combination \b|\s and decided to try it, and was pleased with the improvement. I don't think the combo-phrase was added until at least Feb, 2004. The addition of \s makes considerable sense when you consider that my gap-clause could be word or non-word characters ([\W_]{0,3}) I settled on using (?:\b\s) instead of simplifying to [\b\s] based on my corpus testing. [\b\s] was the first thing that came to my mind, but it in fact does not work as well. My *theory* is this is because \b is not a character, it's a zero-width assertion. [] would require a width as it is a character meta-class, reducing some of the hit possibilities. But that's a theory. > So if you have (?:a|b|c|d|...|z) isn't that exactly the same as [a-z]? Yes, because those are all characters. And [a-z] will execute faster because it can be simplified. > Obviously something like "fuss(?:ing|ed|y)?" is a where you'd want the > (?:...) syntax - but I'm referring to matching individual characters. Ahh, but as we saw before \b can be 0 characters :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 18 17:46:50 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland wrote: > Hello, > > I've got a redhat server that scans mail before being forwarded on to an > exchange server. For redundancy, I've actually got two servers before > the mail gets to the exchange server. > > First, it hits destiny.winnefox.org. If everything goes ok, it goes on > to mail.winnefox.org. If there's a problem, it goes to > mystique.winnefox.org, which is also a redhat server. I've been noticing > a good amount of mail that is being scanned by mystique. Best I can > figure, destiny times out checking the message, so it goes on to > mystique. > > Is there a way for me to look for something in the logs that would > indicate a timeout? I checked var/logs/maillog, but didn't notice any > errors in it. > Is this diagram right? destiny (mailscanner) -> mail (exchange) or mystique (mailscanner) -> destiny (mailscanner) -> exchange The way you explain it is a bit confusing... Thanks, Ugo > -- > Jody Cleveland > Computer Support Specialist > cleveland@winnefox.org > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jul 18 18:15:17 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: Add ClamAV to your mix. It catches a LOT of phishing. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Wang Sent: Monday, July 18, 2005 11:50 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Phishing is not working Hi, We are running MailScanner 4.43.8-1 and I turned the phishing feature on. My phishing.safe.sites.conf file is the default. we receive tens of thousands messages daily and we've been running this version for a few days. We have not seen any message caught by the feature. I received a phishing message myself. I tried to attach it to the message such that I can explain my situation better. However, Julian's JISCmail mailer does not like it. Apparently, MailScanner is able to identify the phishing thing. I wonder if there is anything wrong in my configuration? Find Phishing Fraud = yes Also Find Numeric Phishing = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Thanks Kai Wang University of Calgary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Jul 18 18:17:48 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:20 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>- >> >Here's the problem; if we wanted to do the same thing for a company here in >the US we'd have to start all over again with a new nasty word list. Seems >that we Yanks have a very different set of Bl**dy nasty words. > >Just my 2p > >Steve > > Just reminded me of that Fawlty Towers bit where an American tells Fawlty to kick the guy's ass :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Mon Jul 18 18:36:02 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: Same here, I've never been able to get the phishing detection in mailscanner to work, luckily my virus scanners do pick up many of the attacks. If you figure out, be kind enough to post the fix. Regards Michael Baird > Hi, > > We are running MailScanner 4.43.8-1 and I turned the phishing feature > on. My phishing.safe.sites.conf file is the default. we receive tens of > thousands messages daily and we've been running this version for a few > days. We have not seen any message caught by the feature. I received a > phishing message myself. I tried to attach it to the message such that I > can explain my situation better. However, Julian's JISCmail mailer does > not like it. Apparently, MailScanner is able to identify the phishing > thing. I wonder if there is anything wrong in my configuration? > > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > > Thanks > Kai Wang > University of Calgary > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Mon Jul 18 18:45:57 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: > Is this diagram right? > > destiny (mailscanner) -> mail (exchange) > > or > > mystique (mailscanner) -> destiny (mailscanner) -> exchange Actually, it's: destiny (mailscanner) -> mystique (mailscanner) -> exchange But, it only hits mystique if there's a problem with destiny. - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 18 18:46:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That's interesting, I have never heard of this before. Do you have Dangerous Content Scanning = yes? Have you tried manually feeding it a message with an obvious phish in it? Michael Baird wrote: >Same here, I've never been able to get the phishing detection in >mailscanner to work, luckily my virus scanners do pick up many of the >attacks. If you figure out, be kind enough to post the fix. > >Regards >Michael Baird > > > >>Hi, >> >>We are running MailScanner 4.43.8-1 and I turned the phishing feature >>on. My phishing.safe.sites.conf file is the default. we receive tens of >>thousands messages daily and we've been running this version for a few >>days. We have not seen any message caught by the feature. I received a >>phishing message myself. I tried to attach it to the message such that I >>can explain my situation better. However, Julian's JISCmail mailer does >>not like it. Apparently, MailScanner is able to identify the phishing >>thing. I wonder if there is anything wrong in my configuration? >> >>Find Phishing Fraud = yes >>Also Find Numeric Phishing = yes >>Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf >> >>Thanks >>Kai Wang >>University of Calgary >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQtvq5RH2WUcUFbZUEQLimQCff8gbHBloPIFXF67M7mzAAvnnnBwAoNF0 NyrnKaJXHD6fJ2p6Teyix1sS =8aJb -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kwang at UCALGARY.CA Mon Jul 18 18:55:59 2005 From: kwang at UCALGARY.CA (Kai Wang) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My "Dangerous Content Scanning" is yes. The phishing message is very obvious. You can see it in here: http://homepages.ucalgary.ca/~kwang/phishing Kai Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >That's interesting, I have never heard of this before. Do you have >Dangerous Content Scanning = yes? Have you tried manually feeding it a >message with an obvious phish in it? > >Michael Baird wrote: > > > >>Same here, I've never been able to get the phishing detection in >>mailscanner to work, luckily my virus scanners do pick up many of the >>attacks. If you figure out, be kind enough to post the fix. >> >>Regards >>Michael Baird >> >> >> >> >> >>>Hi, >>> >>>We are running MailScanner 4.43.8-1 and I turned the phishing feature >>>on. My phishing.safe.sites.conf file is the default. we receive tens of >>>thousands messages daily and we've been running this version for a few >>>days. We have not seen any message caught by the feature. I received a >>>phishing message myself. I tried to attach it to the message such that I >>>can explain my situation better. However, Julian's JISCmail mailer does >>>not like it. Apparently, MailScanner is able to identify the phishing >>>thing. I wonder if there is anything wrong in my configuration? >>> >>>Find Phishing Fraud = yes >>>Also Find Numeric Phishing = yes >>>Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf >>> >>>Thanks >>>Kai Wang >>>University of Calgary >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.1 (Build 2185) > >iQA/AwUBQtvq5RH2WUcUFbZUEQLimQCff8gbHBloPIFXF67M7mzAAvnnnBwAoNF0 >NyrnKaJXHD6fJ2p6Teyix1sS >=8aJb >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Mon Jul 18 19:16:25 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: On Mon, 2005-07-18 at 18:46 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > That's interesting, I have never heard of this before. Do you have > Dangerous Content Scanning = yes? Have you tried manually feeding it a > message with an obvious phish in it? Yes I did turn it on, and Yes I have manually sent phishing type emails through it, I tried quite a bit, I have 4 inbound mx's w/MailScanner and I've never had any phishing attempts caught via MailScanner, however ClamAV does offer some protection against the phishing attempts. Regards Michael Baird > > Michael Baird wrote: > > >Same here, I've never been able to get the phishing detection in > >mailscanner to work, luckily my virus scanners do pick up many of the > >attacks. If you figure out, be kind enough to post the fix. > > > >Regards > >Michael Baird > > > > > > > >>Hi, > >> > >>We are running MailScanner 4.43.8-1 and I turned the phishing feature > >>on. My phishing.safe.sites.conf file is the default. we receive tens of > >>thousands messages daily and we've been running this version for a few > >>days. We have not seen any message caught by the feature. I received a > >>phishing message myself. I tried to attach it to the message such that I > >>can explain my situation better. However, Julian's JISCmail mailer does > >>not like it. Apparently, MailScanner is able to identify the phishing > >>thing. I wonder if there is anything wrong in my configuration? > >> > >>Find Phishing Fraud = yes > >>Also Find Numeric Phishing = yes > >>Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > >> > >>Thanks > >>Kai Wang > >>University of Calgary > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQtvq5RH2WUcUFbZUEQLimQCff8gbHBloPIFXF67M7mzAAvnnnBwAoNF0 > NyrnKaJXHD6fJ2p6Teyix1sS > =8aJb > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Jul 18 19:36:48 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: I could be wrong but the way I read the problem, Kai might be expecting that the phishing feature catches and quarantines the email. It doesn't do that. It just disarms the IRL by making it obvious that visible URL and the REAL URL do not match. Syebe Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, July 18, 2005 1:23 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Phishing is not working > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Make sure Dangerous Content Scanning = yes > > > Mike Kercher wrote: > > >Add ClamAV to your mix. It catches a LOT of phishing. > > > >Mike > > > > > >-----Original Message----- > >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > >Of Kai Wang > >Sent: Monday, July 18, 2005 11:50 AM > >To: MAILSCANNER@JISCMAIL.AC.UK > >Subject: Phishing is not working > > > >Hi, > > > >We are running MailScanner 4.43.8-1 and I turned the phishing feature on. > My > >phishing.safe.sites.conf file is the default. we receive tens of > thousands > >messages daily and we've been running this version for a few days. We > have > >not seen any message caught by the feature. I received a phishing message > >myself. I tried to attach it to the message such that I can explain my > >situation better. However, Julian's JISCmail mailer does not like it. > >Apparently, MailScanner is able to identify the phishing thing. I wonder > if > >there is anything wrong in my configuration? > > > >Find Phishing Fraud = yes > >Also Find Numeric Phishing = yes > >Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > > > >Thanks > >Kai Wang > >University of Calgary > > > >------------------------ MailScanner list ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQtvlZRH2WUcUFbZUEQKtAwCfSnaX+MuDroEWDzDBkygZi1H63PQAoKVg > 52uTp6YerZeLAdKYkCwbbdYc > =FeLd > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jul 18 20:01:16 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:20 2006 Subject: MailScanner content scanning for keywords Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >>>Thanks Matt for a very reasoned and simple explanation of the problem and >>>why it's so difficult to solve in a simplistic fashion! >>> >>>On a different tack - we were recently asked to implement a solution for a >>>client in England that used MCP to trap English (as in UK) profanity. > > > I hope that client has a clear, written agreement with all its customers that > he may scan the body of the mail. Because otherwise he is violating privacy > laws and you might tell them that :) > > -d Yes, very important point! Here in the US, a machine scanning content is very different than a person doing the same thing. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Mon Jul 18 20:51:58 2005 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:30:20 2006 Subject: Anything to catch this spam message?? Message-ID: should just bin any mail with a domain which resolves to china. -Dan On Mon, 18 Jul 2005, Rob Poe wrote: > I keep getting these emails. Very annoying .. > -------------------------------------------------------- > Our website : filtersppv.com ^^^^^^^^^^^^^^2C ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Mon Jul 18 21:28:37 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If it's SpamAssassin timeout, may be looking at whether there is bayes expiry issue. Cheers Raylund Jody Cleveland wrote: >Hello, > >I've got a redhat server that scans mail before being forwarded on to an >exchange server. For redundancy, I've actually got two servers before >the mail gets to the exchange server. > >First, it hits destiny.winnefox.org. If everything goes ok, it goes on >to mail.winnefox.org. If there's a problem, it goes to >mystique.winnefox.org, which is also a redhat server. I've been noticing >a good amount of mail that is being scanned by mystique. Best I can >figure, destiny times out checking the message, so it goes on to >mystique. > >Is there a way for me to look for something in the logs that would >indicate a timeout? I checked var/logs/maillog, but didn't notice any >errors in it. > >-- >Jody Cleveland >Computer Support Specialist >cleveland@winnefox.org > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Mon Jul 18 21:38:50 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: > If it's SpamAssassin timeout, may be looking at whether there > is bayes expiry issue. I did a search in maillog for 'timeout' and came up with quite a few like this: Jul 17 08:12:37 destiny postfix/smtpd[5719]: timeout after DATA from unknown[210.124.232.177] Jul 17 08:12:37 destiny postfix/smtpd[5719]: disconnect from unknown[210.124.232.177] Jul 17 08:12:37 destiny postfix/cleanup[5721]: 7867F3E4011: hold: header Received: from 199.242.176.200 (unknown [210.124.232.177])??by destiny.winnefox.org (Postfix) with SMTP id 7867F3E4011??for ; Sun, 17 Jul 2005 08:06:48 -0500 (CDT) from unknown[210.124.232.177]; from= to= proto=SMTP helo=<199.242.176.200> Jul 17 08:12:37 destiny postfix/cleanup[5721]: 7867F3E4011: hold: header Received: from (HELO nzlpz16) [140.165.249.179] by 199.242.176.200 id <8106350-26209>; Sun, 17 Jul 2005 16:00:05 +0300 from unknown[210.124.232.177]; from= to= proto=SMTP helo=<199.242.176.200> Jul 17 08:12:37 destiny postfix/cleanup[5721]: 7867F3E4011: message-id= It doesn't seem to be bayes, but any ideas what may be causing that timeout? - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 18 21:40:40 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland wrote: >>Why don't you set both destiny and mystique as MX for your >>domain(s)? I >>don't see the point of double-scanning... > > > Oh, I do. Mystique is only there in case something happens to destiny. > But, I'm noticing message headers that say mystique.winnefox.org. but, > yet that server is fine. It's as if there's a timeout on those messages. > But, I'm not sure what to look for in the logs to see what's happening. > > - jody > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:test_troubleshoot -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From SJCJonker at SJC.NL Mon Jul 18 21:59:06 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? (Try #2) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Jody (And now with the list included), On 18-Jul-2005 22:38, Jody Cleveland wrote: >>If it's SpamAssassin timeout, may be looking at whether there >>is bayes expiry issue. > > > I did a search in maillog for 'timeout' and came up with quite a few > like this: Looking at the DNS and your story, aren't you talking about MX preferences? [sjonker@hn00srv01:~]$ dig mx winnefox.org ; <<>> DiG 9.2.4 <<>> mx winnefox.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15896 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 5 ;; QUESTION SECTION: ;winnefox.org. IN MX ;; ANSWER SECTION: winnefox.org. 14400 IN MX 10 mail.winnefox.org. winnefox.org. 14400 IN MX 15 mailman.winnefox.org. winnefox.org. 14400 IN MX 20 mystique.winnefox.org. It also looks to me you are running a pix firewall, with iirc application "fixup" [maint@hn00sia01:~]$ telnet mailman.winnefox.org. 25 Trying 199.242.176.200... Connected to mailman.winnefox.org.. Escape character is '^]'. 220 ********************************** helo sjc.nl 250 destiny.winnefox.org ^] telnet> quit Connection closed. [maint@hn00sia01:~]$ telnet mystique.winnefox.org. 25 Trying 199.242.176.168... Connected to mystique.winnefox.org.. Escape character is '^]'. 220 *********************************** helo sjc.nl 250 mystique.winnefox.org ^] telnet> quit Connection closed. For me mail.winnefix.org doesn't connect at all, this could be something in the firewall (pix?). It doesn't look like you are hunting for a mailscanner issue, but a mailer and/or generic configuration issue. Also a lot of spammers have a prefference for the Mailserver with the highest MX value. WARNING: The below solution might not work in your situation, examine and understand in detail before puting below solution in action! (On your own risk off course.. ;-)) To accomplish a beter solution, and from the looks (and your logs) it is looking like a postfix mailer, what about the following setup: winnefox.org in mx 10 destiny.winnefox.org winnefox.org in mx 10 mystique.winnefox.org So both share the load. Then with the transport map, add something in the lines of the below statements to main.cf: transport_maps = hash:/etc/postfix/automaps/transport And in the transport file: winnefox.org :[199.242.176.171] .winnefox.org :[199.242.176.171] Then run: postmap /etc/postfix/transport postfix reload This way destiny & mystique share the load, mail.winnefox.org can be removed from the mx list and if you run internal and external dns, not being advertised in the external DNS at all. *BUT* the above recommendation is based on some assumptions and should be verified in DETAIL before being put in production. A hint, setting: soft_bounce = yes during testing in postfix's main.cf might save some bounces, but don't forget to put it back to no. In short: Try at your own risk! -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jul 19 02:27:37 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:20 2006 Subject: Anything to catch this spam message?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob Poe wrote: >I keep getting these emails. Very annoying .. >-------------------------------------------------------- > >Return-Path: >Received: from dsl-56.grp25.tnmmrl.infoave.net (dsl-56.grp25.tnmmrl.infoave.net [204.116.188.56]) > by xxx.xxxxxx.xxx (8.12.11/8.12.11) with SMTP id j6IJ0tLA009686; > Mon, 18 Jul 2005 14:00:58 -0500 >Subject: Urgent news about TV >Message-ID: >From: "Janet O. Kaufmann , VI" >To: "Janet O. Kaufmann , VI" >Cc: xxxxx@xxxxxxxxxx.com >Date: Mon, 18 Jul 2005 17:00:41 -0300 >MIME-Version: 1.0 >Content-Type: multipart/alternative; > boundary="--Piece.BYHVyq9J4.i" >X-xxxxxx-Mail-Services-MailScanner-Information: Please contact the ISP for more information >X-xxxxxx-Mail-Services-MailScanner: Found to be clean >X-xxxxxx-Mail-Services-MailScanner-SpamCheck: not spam, > SpamAssassin (score=2.215, required 5, HELO_DYNAMIC_DHCP 0.09, > HTML_10_20 0.29, HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.83) >X-xxxxxx-Mail-Services-MailScanner-SpamScore: ss >X-MailScanner-From: templeton apothegmaticb@uymail.com > >----Piece.BYHVyq9J4.i >Content-Type: text/plain; > format=flowed; > charset=iso-8859-15 >Content-Transfer-Encoding: 7Bit > >Hello, > >I didn't hate dancing last night at eleven. > >No man or woman who tries to pursue an ideal in his or her own way is without enemies. -Daisy Bates (1863-1951) > >Thanks, > >Grover Sousa > >----Piece.BYHVyq9J4.i >Content-Type: text/html; > format=flowed; > charset=iso-8859-15 >Content-Transfer-Encoding: 7Bit > >How are you, xxxx@xxxxxxx.com >

>Do you like watching cable T.V.? >

>PPV : Sports, Movies, Adult Channels, HBO ,Cinemax,
>Starz, OnDemand, Ect. And the best part is you can
>have all these channels with our product! >

>Our website : filtersppv.com >

>If you don't want this anymore, add /r to the domain
>above to goto our removal page. >

>Thank you,
>Janet O. Kaufmann , VI
>Templeton apothegmaticB@uymail.com > >----Piece.BYHVyq9J4.i-- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > How about blacklisting 204.116.188 ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Tue Jul 19 04:39:32 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:20 2006 Subject: search engine use in rule testing. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 19 Jul 2005 04:14 am, Matt Kettler wrote: > James Gray wrote: > > On Sat, 16 Jul 2005 03:45 am, Matt Kettler wrote: > >>(Note: the suggestion of using a web search is very powerful indeed. > >>Gives you a very quick idea of things that could possibly match a > >>word/phrase of interest.) > > > > I agree. I've also made a little perl script that allows you to enter a > > regex (cut-and-paste from SA rules etc) then it runs it against any > > dictionaries you have installed on your system (/usr/share/dict/... etc). > > I can make it available to the list if anyone is interested. > > That's quite interesting too. It serves a different purpose (testing a > regex for unwanted matched words) than what I use a search engine for > (testing a word/phrase for nonspam usage), but it's a damn useful thing to > do. > > I'd be interested in that script for rule testing.. Ok, I received a number of private mails requesting this script so I figured I'd make it available for everyone. It's provided "as-is" and is probably a pretty poor example of perl ;) I've hacked in a second dictionary in case people want see how to add additional languages to the script - if you need to check more than about 3 languages, put the dictionary files into an array and walk that in one step (it's neater - see the code for what I mean). Basically you just run it (it doesn't take command line args), follow the instructions and read the results. Here's a sample interaction: $./regex_test.pl This program takes a Perl REGEX and does a case insensitive check against an arbitrary string you specify (spam string) It will then search the standard dictionary for possible matches. ----------------------------------------------------------- ASSUMPTIONS: - REGEX delimiter '/' so escape any fwd slashes! eg, ".+\/foo\/.+" (without the "")is a sample of a valid regex for this tool ----------------------------------------------------------- Enter the Perl REGEX (req'd): p[e3]n[i1][s5] Enter the spam string (req'd): p3ni5 Enter an (optional) e-mail message or file to test: test1.eml REGEX matches p3ni5 Dictonary Search: (Ideally this should return as few as possible) Searching /usr/share/dict/british-english-large dictionary: penis penis's penises 3 dictionary matches - /usr/share/dict/british-english-large Searching /usr/share/dict/american-english-large dictionary: penis penis's penises 3 dictionary matches - /usr/share/dict/american-english-large Testing test1.eml: 13: PENIS HAD ITS OWN OPINION ON THIS QUESTION.
1 file matches Feel free to modify the script - it's GPL'ed and all my code (dunno if I should actually admit that or not!) :) I hope people find it useful. Cheers, James -- A professor is one who talks in someone else's sleep. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-PERL 3.6KB. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Tue Jul 19 08:23:00 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > Yes I did turn it on, and Yes I have manually sent phishing type emails > through it, I tried quite a bit, I have 4 inbound mx's w/MailScanner and > I've never had any phishing attempts caught via MailScanner, however > ClamAV does offer some protection against the phishing attempts. > > Regards > Michael Baird > > I only use clam for phishing, mailscanner seems to add a warning to every link where the link and the label dont match (which is every link). Between clam and mailscanners usual spam detection we find no live phishing attempts ever get through. One day i will take the time to learn MailScanner methods more carefully. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 19 08:59:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: Michael Baird wrote: > Same here, I've never been able to get the phishing detection in > mailscanner to work, luckily my virus scanners do pick up many of the > attacks. If you figure out, be kind enough to post the fix. > > Regards > Michael Baird > > >>Hi, >> >>We are running MailScanner 4.43.8-1 and I turned the phishing feature >>on. My phishing.safe.sites.conf file is the default. we receive tens of >>thousands messages daily and we've been running this version for a few >>days. We have not seen any message caught by the feature. I received a >>phishing message myself. I tried to attach it to the message such that I >>can explain my situation better. However, Julian's JISCmail mailer does >>not like it. Apparently, MailScanner is able to identify the phishing >>thing. I wonder if there is anything wrong in my configuration? >> >>Find Phishing Fraud = yes >>Also Find Numeric Phishing = yes >>Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf >> >>Thanks >>Kai Wang >>University of Calgary >> Always worked for me......it alters the message so you get a big red (colour) warning in the html that the URL and it's supposed address do not match. It doesn't block the email merely alters it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Jul 19 10:33:57 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > Always worked for me......it alters the message so you get a big red > (colour) warning in the html that the URL and it's supposed address do > not match. > > It doesn't block the email merely alters it.. > > -- Tip for new players - make sure this isnt enabled for outbound mail, or when your marketing department sends out a 20000 recipient mail to all of those who responded to a recent 1 page magazine advertising campaign will recieve Julians fancy red message, from you. just a tip ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jul 19 11:19:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:20 2006 Subject: Anything to catch this spam message?? Message-ID: Rob Poe wrote: > I keep getting these emails. Very annoying .. > -------------------------------------------------------- Rob Here's what I get when i run it over my system. X-Spam-Status: Yes, score=14.6 required=5.0 tests=ALL_TRUSTED,FB_GET_MEDS, FM_NO_FROM_OR_TO,FM_NO_TO,MANGLED_PAIN,MISSING_DATE,MISSING_SUBJECT, TW_RX,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL, URIBL_WS_SURBL autolearn=no version=3.0.4 Even with All-trusted mis-firing...it's still above the 10 I need for high scoring spam. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jul 19 11:21:28 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/7/18, Jody Cleveland : > > If it's SpamAssassin timeout, may be looking at whether there > > is bayes expiry issue. > > I did a search in maillog for 'timeout' and came up with quite a few > like this: > > Jul 17 08:12:37 destiny postfix/smtpd[5719]: timeout after DATA from > unknown[210.124.232.177] > Jul 17 08:12:37 destiny postfix/smtpd[5719]: disconnect from > unknown[210.124.232.177] > Jul 17 08:12:37 destiny postfix/cleanup[5721]: 7867F3E4011: hold: header > Received: from 199.242.176.200 (unknown [210.124.232.177])??by > destiny.winnefox.org (Postfix) with SMTP id 7867F3E4011??for > ; Sun, 17 Jul 2005 08:06:48 -0500 (CDT) from > unknown[210.124.232.177]; from= > to= proto=SMTP helo=<199.242.176.200> > Jul 17 08:12:37 destiny postfix/cleanup[5721]: 7867F3E4011: hold: header > Received: from (HELO nzlpz16) [140.165.249.179] by 199.242.176.200 id > <8106350-26209>; Sun, 17 Jul 2005 16:00:05 +0300 from > unknown[210.124.232.177]; from= > to= proto=SMTP helo=<199.242.176.200> > Jul 17 08:12:37 destiny postfix/cleanup[5721]: 7867F3E4011: > message-id= > > It doesn't seem to be bayes, but any ideas what may be causing that > timeout? > > - jody Um, that's not MS at all.... Just postfix reporting a remote (sender) behaving badly. It's not clear to me if you are accepting a message from that, or if you are seeing more than one messages from the same sender, one going through and one timing out. One possible reason for this kind of thing is that you (or someone else) have a firewall "in between" that "cuts" the connection prematurely... or some more idiotic spammer foolery. Not really an MS issue, and perhaps not even _your_ issue;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at caspercollege.edu Tue Jul 19 14:20:43 2005 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Jan 12 21:30:20 2006 Subject: Phishing is not working Message-ID: How do we make sure this isnt enabled for outbound mail? Date sent: Tue, 19 Jul 2005 19:33:57 +1000 Send reply to: MailScanner mailing list From: Pete Russell Subject: Re: Phishing is not working To: MAILSCANNER@JISCMAIL.AC.UK > > > > Always worked for me......it alters the message so you get a big red > > (colour) warning in the html that the URL and it's supposed address > > do not match. > > > > It doesn't block the email merely alters it.. > > > > -- > > Tip for new players - make sure this isnt enabled for outbound mail, > or when your marketing department sends out a 20000 recipient mail to > all of those who responded to a recent 1 page magazine advertising > campaign will recieve Julians fancy red message, from you. just a tip > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Dan Straka Academic Systems Specialist Casper College (307) 268-2399 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Tue Jul 19 15:10:36 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:30:20 2006 Subject: How to investigate timeouts? Message-ID: Ugo Bellavance wrote: > Why don't you set both destiny and mystique as MX for your domain(s)? > I don't see the point of double-scanning... I have to agree. Just setup mystique as a secondary MX host for your domain. BTW, I gather you have an X-Men theme going for your servers. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jul 19 16:51:21 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:20 2006 Subject: OT Trying to setup a inbox for autolearning Message-ID: Hello everyone! I am continuing to try to setup this: For my exchange users to be able to put spam in a folder and have the MailScanner machine learn it in the bayes database. I have gotten a distance so far but I am stuck. Here is what I have so far. These scripts are ran as the user spam in the cronjob. Fetch command to get the exchange messages: .fetchmailrc file = Poll servername proto imap user spam pass *** Script file: (retrieves exchange spam box email successfully into the spam (linux user named spam) inbox on the MailScanner machine Fetchmail --folder Spam -all (for bayes learning) Sa-learn --spam -p /etc/MailScanner/spam.assassin.prefs.conf --mbox /var/spool/mail/spam So.....The steps of the script should be = 1. Pull mail from exchange and into the user name spam on the linux machine mailbox = SUCCESSFUL 2. Emptying out the spam inbox after a learning takes place -NOT SUCCESSFUL- I don't know how 3. Bayes learning, seems to be SUCCESSFUL So what I cannot figure out is how do I clear the spam in box from the script? Pine doesn't seem to have a straight command to do it, and neither does mail. I thought about changing the permissions so that the spam user can delete the /var/spool/mail/spam/ file, but that doesn't seem like a good idea. Does anyone see anything wrong with doing it like I am doing it? (as far as the scripts, which are small) Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jul 19 16:52:09 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:20 2006 Subject: Anything to catch this spam message?? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: Tuesday, July 19, 2005 5:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Anything to catch this spam message?? > > Rob Poe wrote: > > I keep getting these emails. Very annoying .. > > -------------------------------------------------------- > > > Rob > > Here's what I get when i run it over my system. > > X-Spam-Status: Yes, score=14.6 required=5.0 > tests=ALL_TRUSTED,FB_GET_MEDS, > FM_NO_FROM_OR_TO,FM_NO_TO,MANGLED_PAIN,MISSING_DATE,MISSING_SUBJECT, > TW_RX,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL, > URIBL_WS_SURBL autolearn=no version=3.0.4 > > Even with All-trusted mis-firing...it's still above the 10 I need for > high scoring spam. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > How did you run your test? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Tue Jul 19 16:54:06 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:20 2006 Subject: OT Trying to setup a inbox for autolearning Message-ID: Edited > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Billy A. Pumphrey > Sent: Tuesday, July 19, 2005 10:51 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT Trying to setup a inbox for autolearning > > Hello everyone! > > I am continuing to try to setup this: > For my exchange users to be able to put spam in a folder and have the > MailScanner machine learn it in the bayes database. I have gotten a > distance so far but I am stuck. > > Here is what I have so far. These scripts are ran as the user spam in > the cronjob. > > Fetch command to get the exchange messages: > .fetchmailrc file = > Poll servername proto imap user spam pass *** > > Script file: > (retrieves exchange spam box email successfully into the spam (linux > user named spam) inbox on the MailScanner machine > > Fetchmail --folder Spam -all > > (for bayes learning) > Sa-learn --spam -p /etc/MailScanner/spam.assassin.prefs.conf --mbox > /var/spool/mail/spam > edited Sa-learn --sync (I forgot to put this in) End edit > > So.....The steps of the script should be = > 1. Pull mail from exchange and into the user name spam on the linux > machine mailbox = SUCCESSFUL > > 2. Emptying out the spam inbox after a learning takes place -NOT > SUCCESSFUL- I don't know how > > 3. Bayes learning, seems to be SUCCESSFUL > > So what I cannot figure out is how do I clear the spam in box from the > script? Pine doesn't seem to have a straight command to do it, and > neither does mail. > > I thought about changing the permissions so that the spam user can > delete the /var/spool/mail/spam/ file, but that doesn't seem like a good > idea. > > Does anyone see anything wrong with doing it like I am doing it? (as > far as the scripts, which are small) > > Billy Pumphrey > IT Manager > Wooden & McLaughlin > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Tue Jul 19 17:01:36 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:20 2006 Subject: OT Trying to setup a inbox for autolearning Message-ID: Hi there, Try attached script to purge your spam mbox. Can be run from cron daily before your fetchmail / sa-learn scripts run. Tony. "Billy A. Pumphrey" Sent by: MailScanner mailing list 07/20/2005 01:51 AM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject OT Trying to setup a inbox for autolearning Hello everyone! I am continuing to try to setup this: For my exchange users to be able to put spam in a folder and have the MailScanner machine learn it in the bayes database. I have gotten a distance so far but I am stuck. Here is what I have so far. These scripts are ran as the user spam in the cronjob. Fetch command to get the exchange messages: .fetchmailrc file = Poll servername proto imap user spam pass *** Script file: (retrieves exchange spam box email successfully into the spam (linux user named spam) inbox on the MailScanner machine Fetchmail --folder Spam -all (for bayes learning) Sa-learn --spam -p /etc/MailScanner/spam.assassin.prefs.conf --mbox /var/spool/mail/spam So.....The steps of the script should be = 1. Pull mail from exchange and into the user name spam on the linux machine mailbox = SUCCESSFUL 2. Emptying out the spam inbox after a learning takes place -NOT SUCCESSFUL- I don't know how 3. Bayes learning, seems to be SUCCESSFUL So what I cannot figure out is how do I clear the spam in box from the script? Pine doesn't seem to have a straight command to do it, and neither does mail. I thought about changing the permissions so that the spam user can delete the /var/spool/mail/spam/ file, but that doesn't seem like a good idea. Does anyone see anything wrong with doing it like I am doing it? (as far as the scripts, which are small) Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "expire_mail.pl") 17KB. ] [ Unable to print this part. ] From bpumphrey at WOODMACLAW.COM Tue Jul 19 17:23:41 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:20 2006 Subject: OT Trying to setup a inbox for autolearning Message-ID: > > Hi there, > > Try attached script to purge your spam mbox. > > > > Can be run from cron daily before your fetchmail / sa-learn scripts run. > > Tony. I get an error when running it as the user (spam) = non-root Expire_mail: unable to create temporary file for /var/spool/mail/spam I looked at the file and changed a few of the options, like postmaster address. I do not get the error when running it as root: ./expire_mail.pl -u spam -a 1 However no mail is deleted out of the spam inbox. What is wrong with my syntax? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at VHIA.COM.AU Tue Jul 19 17:32:20 2005 From: tenderby at VHIA.COM.AU (Tony Enderby) Date: Thu Jan 12 21:30:20 2006 Subject: OT Trying to setup a inbox for autolearning Message-ID: Try this, perl expire_mail.pl -a0 -z /var/spool/mail/spam or perl expire_mail.pl -a0 -z -d /var/spool/mail/spam to run in debug mode and get output to console (doesn't delete any mail) Tony. "Billy A. Pumphrey" Sent by: MailScanner mailing list 07/20/2005 02:23 AM Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: OT Trying to setup a inbox for autolearning > > Hi there, > > Try attached script to purge your spam mbox. > > > > Can be run from cron daily before your fetchmail / sa-learn scripts run. > > Tony. I get an error when running it as the user (spam) = non-root Expire_mail: unable to create temporary file for /var/spool/mail/spam I looked at the file and changed a few of the options, like postmaster address. I do not get the error when running it as root: ./expire_mail.pl -u spam -a 1 However no mail is deleted out of the spam inbox. What is wrong with my syntax? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jul 19 18:18:16 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:21 2006 Subject: Phishing is not working Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka spake the following on 7/19/2005 6:20 AM: > How do we make sure this isnt enabled for outbound mail? > Rulesets are your friend! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wayne at NIGHTSOL.NET Tue Jul 19 18:58:50 2005 From: wayne at NIGHTSOL.NET (Wayne) Date: Thu Jan 12 21:30:21 2006 Subject: Attachments renamed application1 Message-ID: Hi Guys, I posted about this a while back and I guess I didn't properly follow up. I have a quickmail server that has its mail scanned with mailscanner before it reaches in the quickmail server. All clients use quickmail clients. Now some mails are sent through fine and others are not. If I take the scanning system from the equation it all works fine. Also in the past there was a different scanning server that didn't have this problem. But basically attachments come through renamed to application or application1. Now I know that mailscanner doesn't rename things as was pointed out to me before but maybe the encoding is getting messed up or something, im kinda stumped. I have attached a queue file from postfix of a mail that I blacklisted to catch on the server itself. I have removed any important info like emails and ip addresses but you should get the basics from it for anybody who might have an idea also there Is a word wrap in effect to make it more readable before I saved it. I know that its something that quickmail is doing wrong. I just need to able to go back and explain what exactly it is.. Thanks, Wayne ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "queuefile.txt") 174 lines. ] [ Unable to print this part. ] From alex at nkpanama.com Tue Jul 19 19:02:15 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:21 2006 Subject: Attachments renamed application1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wayne wrote: >Hi Guys, > >I posted about this a while back and I guess I didn't properly follow up. > >I have a quickmail server that has its mail scanned with mailscanner before >it reaches in the quickmail server. >All clients use quickmail clients. Now some mails are sent through fine and >others are not. > >If I take the scanning system from the equation it all works fine. >Also in the past there was a different scanning server that didn't have this >problem. > >But basically attachments come through renamed to application or >application1. Now I know that mailscanner doesn't rename things as was >pointed out to me before but maybe the encoding is getting messed up or >something, im kinda stumped. > >I have attached a queue file from postfix of a mail that I blacklisted to >catch on the server itself. >I have removed any important info like emails and ip addresses but you >should get the basics from it for anybody who might have an idea also there >Is a word wrap in effect to make it more readable before I saved it. > >I know that its something that quickmail is doing wrong. I just need to able >to go back and explain what exactly it is.. > >Thanks, > Wayne > > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > >------------------------------------------------------------------------ > >C/ 9887 300 1T >1121769143S^^user@domain.comA^S >client_name=unknownA^[client_address=192.168.1.15A$ >message_origin=unknown[192.168.1.15]A^Phelo_name= >dbl001A^Rprotocol_name=SMTPO^^user@ >domain.comR^^user@domain.comM > 10187N.Received: from db01 (unknown >[192.168.1.10])N: by my.mailscanner.com >(Postfix) with SMTP id A7B013869DNL for >; Tue, 19 Jul 2005 >11:32:23 +0100 (IST)N Date: 19 Jul 2005 11:33:13 >+0100N6Message-ID: ><3204617581user@domain.com>N5Sender >: User Name >N3From: User >Name N^TSubject: >test googleNDTo: User Name >, >N'X-Mailer: QuickMail Pro 2.1 >(Windows32)N X-Priority: 3N^QMIME-Version: >1.0N7Reply-To: User Name >NFContent-Type: >multipart/mixed; >boundary="====49574949525457535256===1"N49574949525457535256===1NLContent-Type: >multipart/alternative; >boundary="====49574949525457535256===2"N49574949525457535256===2N+Content-Transfer- >Encoding: quoted-printableN.Content-Type: >text/plain; >charset="iso-8859-1"NsignaturewashereNType: text/html; >charset="iso-8859-1"N+Content-Transfer-Encoding: >quoted-printableN49574949525457535256===2N#Content-Type: >application/quickmailN!Content-Transfer-Encoding: >base64NNLAAABEAt0ZXN0IGdvb2dsZQAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAUbWFpbDY2OTY1OTE1MTI2NC5lNLbWwAAAAAAAAAAAAAAAAA >DEdlcnJ5IFJpZ25leQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUU >1QMyo8NLMzIwNDYxNzU4MWdlcnJ5LnJpZ25leUBtdXJyYXlvbG >FvaXJlLmNvbT4AAAAAAAAAAAAAAAAAAAAANLAAAAAAAAAAAAAA >AAAAAAE011bHRpcGxlIFJlY2lwaWVudHMAAAAAAAAAAAAAAAD/ >AQEBAAAAAAAANLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAANLAAAAAAAA >AAAAAAAAAAAAvwKVbb8ClW4AAQAEAAAAAAA2AAAAAAEJAeMAAg >BmAAMAfgHjAAUAAAAWNLAAwBAAAAAAAAiAAEAQkB4wAFAAAAFg >AMAAAAAQAAAAAA5AxHZXJyeSBSaWduZXnLEgAAAAAAoMoSNLAL >CbHgFQyhIA/wEBBgVC///// >wEAsJseZ2VycnkucmlnbmV5QG11cnJheW9sYW9pcmUuY29tx0A >ANLAAASAAAAAAConx4BpJseASQEAADdK4oABSyKABDlnAANLAB >HZXJyeSBSaWduZXnLEgAAAAAAoMoSNLALCbHgFQyhIA/ >wEBBgVC+//// >wEAsJsPd2F5bmVAZWxpdmUubmV0cnJheW9sYW9pcmUuY29tx0A >ANLAAASAAAAAAConx4BpJseASQEAADdK4oABSyKABDlnAANLAA >AAAt0ZXN0IGdvb2dsZQDrDS0tIA0NNLDUdlcnJ5IFJpZ25leQ0 >oSVQgQXNzaXN0YW50KQ0NTXVycmF5IO4gTGFvaXJlIEFyY2hpd >GVjdHMNNLRnVtYmFsbHkgQ291cnQNRnVtYmFsbHkgTGFuZQ1Ed >WJsaW4gOA1JcmVsYW5kDQ1nZXJyeS5yaWduNLZXlAbXVycmF5b >2xhb2lyZS5jb20NaHR0cDovL3d3dy5tdXJyYXlvbGFvaXJlLmN >vbQ0NTU86IDAwNLMzUzIDg3IDY0Mzk2MDENUEg6IDAwMzUzIDE >gNDUzIDczMDANRlg6IDAwMzUzIDEgNDUzIDQwNjINNLDQAAAAA >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAAAAAAAANLAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANLA >ADkDEdlcnJ5IFJpZ25lecoSAKibHgFIyhIA68dmAKQQvgH/ >AQEGA5v6//// >AQEqAR5nZXJyeS5yNLaWduZXlAbXVycmF5b2xhb2lyZS5jb20A >QAAAAB4BpJseASQEAADdK4oABSyKABDlnAANLIoA8N4SNLAGwv >DEdlcnJ5IFJpZ25lecoSAKibHgFIyhIA68dmANQYHQH/ >AQEGApv6//// >AQEqAR5nZXJyeS5yNLaWduZXlAbXVycmF5b2xhb2lyZS5jb20A >QAAAAB4BpJseASQEAADdK4oABSyKABDlnAANLIoAsN4SN^XAFC+ >AHgwAHgwAHgwAHgwX0Y=N--====49574949525457535256===2--N49574949525457535256===1N6Content-Type: >application/mac-binhex40; >name="hp0.gif"N^_Content-disposition: >attachmentNBinHex >4.0)NM:"fK`-#jRD@B!2j!)!*!%%,8!N!5*bdG*4MJjBCi!6J$ >Q!!#)Ur$'err3X+T@BhQTTUUAN!-21)rhNLp[IhKR2rqrqYP'r >[kqpNGU!A4l+bar$RiqEhmqq*E9rHfplCjIq0FJ$1bmlC+!l' >aFEhjpCV$!!eNLDpV@e0BB6mVjm)Vje-bpZVfeXV@TK!$cd# >Na8C5i*a21`kADemVrkqH,Pl@mYVbJL6[1amB**@6HNLbmE- >cYERkrrRjqq[UUA1eGDbV,'dXUlRkqlkqIST8EAHfpE'amiU3Q >[*amR2cmkfYVA[N!2'[Vh@NLfZ)K@GEDf0G#BD,RN!1KS+' >VUUhHhq1Y&!$[ZJ#-%!$@VJ$''!$rc`#pPJ$'RJ"MPZqeMJ" >cSZp+NLIHIrG@2[@8,R2#(R56(hD9,rl`KDLZpM83$12#RhheU >)4cPm*KMhqrqYXVAhprqpRKEhPS5% >G6RHNLbibeTSbaYmDYPSchZUhhTTaDJYErlc('G@[`m[ArmlA@ >Y$DYMK"pPG2'NSc1dqHe6cl[jqIrrZ[@NLC9VrprIYkqQZVUfp >[Vf&KjIrN!-Kq33!N!8X!*!%RJ"1!!!(ri"rJS1%KBD(L)Q+ >Lib0MSq3!*'5NLNj59PTHBQCUER*fHRk#KSU1NTDDRU+ >QUUkbYVUq`XE+cY,@fYlL3!'![!3kq[li",f+jaCPL$J"XNL'N >%F$Fr3caa"'P03$R8qaYZ0,`j3'Xl2"JB0jH6QdKcVdaTXD%!( >#GcdJJ&58d(0jZ3M)d-!KrJENLef#G[S2Y!-#SCb`!1'BhqM&! >N@-$$Ka(K*K`F3%0#JBMdK9%D("1(BDf*Z$6S#'L!3CSMKc"`@ >2(NLK4miqqM%HC-!5'J'Ql&M!`4P,'4DTV3Nab$(N3dhIr6j3, >@U94"BHrK-aijG1K6bM,*5Q95$Z4%pNLD1VXN5*&eCXArq,+ >aGN$+iJ#3mUTJpC2JPK9hj,QCF'!ai88@GRqU-"M``B6%Q3HN5 >"KJq%,IE!DNLBF"eR!%@,)Bm#2Zhe$G`%9RiiI'"$`MAI5l`L( >aN!33IYJrFYNhN3@8H2qS@Z-(h-iX"2'T$+%hUNLp&)@"5k!)) >$e``@,4(+6RXGphJ(F$cC8#$kFR2%"I'*,X-dme1NTU4Rd)8!J >"SM&%SMii2iR`6a&NL"ab``&-9c$I#H388B83I'a!4PRrYEI* >HDJ0m3)##pfh``!+N44,JJ"ZNF1"a"C5iB)-(40M*"&"!NLSB8 >'RqR!4a%dpP$"HKe5mL%$R`e3BK(8AE$HFLTU)SB8,TS&@[m"& >a*JBhllDH,!$52i33104B!JNLT)0&EJ*!Lr$e5!#629bJ(#G!! >"(H"dEBYf@1A9E#SK3['ZF(MAbmfGdQ#f`3R(8irKIR*3!JqG` >!NL&mE!)*HH##LHE)%1LXNpG-))fTe&P(N%R*TmjeYNl%Pk#4J >!I2QF$LAQ'HNR!Li3UULAU!4!R6h5NL#!)2$JV++UH931#"' >Q3J)#`#C+cK`3QNi)%(("ediDbc(F#"Kb6*i*-D#a%3B)53!&( >ULXX*Df"aNLK39@@'#Z&HKHF889HC!!i9FRH$3V3K,deTY%% >rJf)B)CHcMb3URJQ-1#$VEb-"Sh'#!`VJ9-)%(#NL``qIUbkk& >Z6a,[mQH(644"*,21'%%f1%r-355p#,,lea%-&)-V1D&513!) >YZGmX*C#cXX"X#V0!#NL$`))i!B*je,-K!9ZG$Y*aKXr%B8F# >T4JJJNmV&##!Q13!'`[afE`+NLe@J4"cR(eFHYY,4jJB38ANL* >(a"K`4[e$$C%6,%r8-%3*0V,K0-F#%%*A#ddF356XKaaK%q`$# >CBd,)m)-#)pY,FXU)(&#UY9mMNL#N)&"qHb4K9AF)'%&bZm89N >&&qc``ddlT8(#d(IM6B)!NR53!-AI)DKJ`J+M9d#k9$ZG8AA*( >(FmNLKJQ(b"V`e`bFb1&rBlm5EK@HHd%Ck9(&G6VU(kL1GqY)) >!(lRSV)6V[r#Y0E$pGF9"(`1mNGHdamNL)3j)85NrUXA! >VHCB32r&&a8)NC0ePR'-#5`cRKqN!@m)E&Mh9Z!)m5dK"' >9Sc2mZ`"J"@LBZI6M$NLb0Mh")r*iAf$L0rm@2!C2fK*!P' >bK4US)#i5++%),Q",#KDM)5,daP8JdTdE%SLhlT&!!K##N!! >KNLC*H&*)5!!M')S@)U8-2XZ1S"NaQ2!YK(-Sp&3382))3)md% >r%jT*Dkl`!"@S8!8AHL%(@F'2JdMcNLS3@%*`Gfi'(hP"!"2@ >J0$PQBR4-S8!BdJU!(2jK0GYLS'a$p)!j8Y'))&+"&*1A$2+ >V4dUDDjiS%NL))#&A2K#"K53!!)MJ1$r!bML9B!H))3Bb"%*5P >##!!+%L$E-lS&E+%!222Q$8$C[P#B3!"8l&S83NLK)! >3AhU4ellQKa6J#SbX@#%CAIJ&"CeSNSXi!"'!%%IZSG),4i"! >LJT"a#6XF3Y&L)%43%N%E5i#NL!Y1-!lfUk!4I%J)I5R%'m[U! >Z@h1iJ6#SX)95*!!!5pFk)6)(-4h"'#ZZme4#6&B(L(`i%VD85 >"ENL6X)F"#KC#(5@S&iGDqF["r'3!($3Vd,eV-8+%D#rIY+( >3D1KD%8P`)@#+M#9%GM3GSMBK#G3B!X4NL##H$123)(ca!RF(6 >+#(B3)epI'd)j#65,2*C4L9N)&[fUie+#k%E1K58BDMr618&A[ >8(9aEaQcQ9NLC!SEFB!pQ!'M5YZS))LU$hQ53`Ff5ZNX*%#& >5ql6U6RY!BSme!++B6@9'8K$EED*J6cq,3Sh[G1YNL'28)-*J! >VEdNa"bQBG5hmN'L8dA&5,'!0VbQCkqk)%)9K*E9TmSJFc4pi% >dMS$al1Z)!-"$"aMM@NL6XP59KcQL3lK-RX+-S`4HUKmUK&qJ% >,q["B-ETLB"8VVK4[j)%9GQ*e$Yq#('""hV)miJ"PQ#cLeNLrJ >%!Yad(#4RJA2#e!J+AA'C`)a!'iVk"YiB3J(*,q`9bTNJ%dRh# >%A&kRfa5BV[VV1dJkN!5IKKJNL",9F!(a*FB!aUYHTAQL[r`58 >'SN@9)&c&R#K8lm3KT!!iMGT4q5MK#N-#41FV,Z%J%%iK1)C!a >"JNL!`U&"33F[-rJ4TLi*(l%!r)h,JeRi![EBYX"C!YL# >SJBaj5iJfcTTGp#X'%DkfKaB533d%K-)!#pNL`,+@Y``-H!KL! >9KJBBdh(13U(m)(,"bYMlp!J1Y#J-K*d+q4ba#',bkB%%-q@C1 >"#H8SQfF%BY1%NL5T6#NLPS!3Vb3j)`j6Q#)h`jc1* >DELVCE1Iqh"QpqE2#QJR!)"qm@Fq)0A+EGcZ*2)1i%(AS5R%- >NLJ),eh"N4+Q%*-kK4$5L8UP$a0-F3&[!(H63idj*fUQl0I!J% >B-&X,Xc!M`RrN!"81(IAb-0qY5$%NLS,&6%m)'iI#+CdC3! >FC1iJ95D%B3EN$Z'`"N$[)VP$$2JJ0dlUI"&bjAD52JP1G5JJc >(eV46qaN'NLBcSS$LGZTj%9%'K*(+$DhU5!)F#VDJ1Mi!j'L` >3bd1!!&m40"MbSJ!XD-bXAFE&(0!%9''Tf"APRNLe3X*PVBJm) >hXIE2@hhm!-'e$A!C3+TJ5#0qM)53J&'hhS`)ma33kJ8#kUIaJ >$Y9J#3FUp`%eJN%!NLIQeB+T9`1EP+!Yr35rC6-d3%'h3!XL%' >!@JM!BCU,`'aKMM!C,AY'3C!A18#pDN%aT1C&23"k5`*NL`NGl >!#J(5D"FjAUT%K6J![qV4m,B`&9f-aHdf`H!hFKT1+eVXf[f) >kCp!cf2XQG3m&bi"iJ)"*S,NL$`!`"DAS[A+H$#NBmZ$5JhV"" >@b6YKM%V(@S#ZQpBJ!UbCc35`US!2B6PB30PQc6,D3G!R- >SL1EjNL-J)A"&p(2T8*C6B3'63NkI3p'LGS#FU`(QBe"[QCI#- >@32YpPkMUBEPSm$`@BKUXCa+I6J*LMCrfNL)`a"qH+)aK# >Jf4m2I3H(2K#!%2!HHNG#ar&*VLB)0F!&#A43%5!$hZB) >C905rC3JHX8S-)")l04,NLL`3%%GJ)H%3l@d"r9,8!D,!AdD" >VpPCUhZ%Ym3-&(pFMQT*#6hG+UI3$Q32r#CYc9mU@)*bf! >6kJNL"i*`!#A!3BT%!Af3!)12)$X*0i+)i&-SN!##8ZKfRP!( >MS4p"eK`!K*(#03pU'3(8J8*D%D"!i!RNLQ$@%#i")(D4)(3J$ >GhB!IJ0,1"8jIF)C8XJA3k!0R2##-AJF0&!"T0CV"l!# >Uq0pFj3'Er!JQD8'NLR*0XAP!%#9*,M"8J+c!'DmL'!P!$a2B( >6$Kr1C8)"r!!,T!!&hGB%!d`"%@a#9B)JeJi!(rSAi1! >NL6QIJKE6S-#[!5Sf!!5fN5Fh%**F6L2f"6J,`-F6)Hb%J"ca! >E!c9"0rN"5@5#$E`"Jp3!6"5LY)!NL!015#AcBLM-S+! >RJ4JT3LejSr`G!P&Pk3!@DaSXrmS-4+#"!F!E&@)aM)!&JB&k( >i$I&jib3!+J)NL0Z!$1,!#pkFAdD"j4*%*GC!!*%Yh( >M43F2dK66`3MZ+)"(E3!Sa`!ZLB0LD&*EqBBhrJ8c*`"P% >3NLNL+j022)#"N6Cb'`"@9J"*!!@!5,%)d5F!%mBKiT''8F-! >GCC!N1S"6%B4aqD#CMP3!"-RF+m!9+NL))iN3!IL0`L-Q'& >ie8Qf)L5mGJMI-AGR)!Hq&!)L#6*CN`K`-#mfp9"S`**C`JMp' >*0qF#!d@C-0NL%!3QXC5-)$NY)6#JmC2Cj#h5Y!%j3!"H-(@eD >!Gdi!'GG`)HX$RQBNB%8!%c3Kf5U2meMT)$-D!#NL@HP,8H!% >6a!(CS!"`DFX(6![CmG(563M@I)$M3#6+d!!H@%H!JN8kk!"*R >&cL`!'%q!!,p+6G3NDNL!k!TciGR4!!9)+!!IHQAhB-hA-!&* >GGphH-&D5!%2$!GM)NL+T@A(9%!+Q"N&%#CPRQCF5!#RXPqNL+ >R!'iZ'F@V)"ML#84l!$29!!DUQD8XJ136!&F`!!`D"P[[! >PTLG2GDN$!c!!Gl)YGdQ9i5%G"!#FNL4LQFiZJ&%5!!8(3"2F! >(I&!Qd$N)P!3"!DS9e&N'eSQG(b15+Y!d#pUJ$hSG+P1HSFJD- >j!!PUUjNLPMAT$&h4SRjfB#2J)`Q#*8@3!#IrQIpfEJ39Xm55# >K!"A[#M3'S(EN!(#RS(iI%$GJ&!Z8*@&+UANL$@S%*D)!+M#P9 >+S!#T!!-`q`"dGJ'(8"![3dGSj`PMX`!`2+!!1J!bQDSRGi$QF >"%#L!"Sfa!b!`NL!c4U"#P36d*%93)L"!9#!r5K,6-`3bXJ"" >iS%irb!fp"IEDaB')J)(2A"c6!NYS5"Mh3"c`J!cJ!NL48pK') >K+&C!!%Q13!*!!!'r3Qhd3"M%!L@CkTQLDT[hJ$d-`%@rD2`m3 >(Mc3"bN`!dD3!+Y'd!-fNL!Q1l5C8j@L!pJ+Y'3"dI%"X8C$V@ >Bafc-4T`Z3K[%+a)#J,&@Kh)ZJ-fB6f,dD`V1!N*d)m`` >2qRNL2d!$-A#U*A+Z"H!(#C+Vpl%$+p!B'CF$f)Sk8p%@GVF$2 >%#S5mS)%*!!Sbk!%e3"!QjK(GUU1aEaNL!2ZU)k#h!IrDU30, >X0CMX%IJV("(#0rDVljK'"q3!!)di+!dJ+[e`3Fcm%FGb`FdF, >)d`+Y0G`([NLkKL4NDAkB3-,TKX8'KiZS$XiDl$8Paq$P+H9d# >T3a,!jUcXm8,68G`3ed(QGm+hId4X5`*c8Sa0cNL86T8@d%[5` >4lX!F,i!1*'#!bkbfC"3CY"%@D+KN)QaXqfbN33+'pBEB6Uabi >#!VqB3-fF!"[i!0lNH!(U8!3650l%fP"fHGJ"d1lKdkarIbM`k >)T5km4)GDaXJfP5afD90!F+iLkY5J3!!1kp)!!!:N--====49574949525457535256===1--N > Could it be a MIME::Somethingsomething problem? Perhaps your perl modules are not all up to date. You also don't mention mailscanner versions, etc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 19 19:13:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:21 2006 Subject: Attachments renamed application1 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MailScanner hasn't processed that message at all. If it had been through MailScanner, there would be some MailScanner headers in the message, which there aren't. The attachment of type "application/quickmail" does not have a name and therefore will be just called something random like "attachment1". Wayne wrote: >Hi Guys, > >I posted about this a while back and I guess I didn't properly follow up. > >I have a quickmail server that has its mail scanned with mailscanner before >it reaches in the quickmail server. >All clients use quickmail clients. Now some mails are sent through fine and >others are not. > >If I take the scanning system from the equation it all works fine. >Also in the past there was a different scanning server that didn't have this >problem. > >But basically attachments come through renamed to application or >application1. Now I know that mailscanner doesn't rename things as was >pointed out to me before but maybe the encoding is getting messed up or >something, im kinda stumped. > >I have attached a queue file from postfix of a mail that I blacklisted to >catch on the server itself. >I have removed any important info like emails and ip addresses but you >should get the basics from it for anybody who might have an idea also there >Is a word wrap in effect to make it more readable before I saved it. > >I know that its something that quickmail is doing wrong. I just need to able >to go back and explain what exactly it is.. > >Thanks, > Wayne > > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > >------------------------------------------------------------------------ > >C/ 9887 300 1T >1121769143S^^user@domain.comA^S >client_name=unknownA^[client_address=192.168.1.15A$ >message_origin=unknown[192.168.1.15]A^Phelo_name= >dbl001A^Rprotocol_name=SMTPO^^user@ >domain.comR^^user@domain.comM > 10187N.Received: from db01 (unknown >[192.168.1.10])N: by my.mailscanner.com >(Postfix) with SMTP id A7B013869DNL for >; Tue, 19 Jul 2005 >11:32:23 +0100 (IST)N Date: 19 Jul 2005 11:33:13 >+0100N6Message-ID: ><3204617581user@domain.com>N5Sender >: User Name >N3From: User >Name N^TSubject: >test googleNDTo: User Name >, >N'X-Mailer: QuickMail Pro 2.1 >(Windows32)N X-Priority: 3N^QMIME-Version: >1.0N7Reply-To: User Name >NFContent-Type: >multipart/mixed; >boundary="====49574949525457535256===1"N49574949525457535256===1NLContent-Type: >multipart/alternative; >boundary="====49574949525457535256===2"N49574949525457535256===2N+Content-Transfer- >Encoding: quoted-printableN.Content-Type: >text/plain; >charset="iso-8859-1"NsignaturewashereNType: text/html; >charset="iso-8859-1"N+Content-Transfer-Encoding: >quoted-printableN49574949525457535256===2N#Content-Type: >application/quickmailN!Content-Transfer-Encoding: >base64NNLAAABEAt0ZXN0IGdvb2dsZQAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAUbWFpbDY2OTY1OTE1MTI2NC5lNLbWwAAAAAAAAAAAAAAAAA >DEdlcnJ5IFJpZ25leQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUU >1QMyo8NLMzIwNDYxNzU4MWdlcnJ5LnJpZ25leUBtdXJyYXlvbG >FvaXJlLmNvbT4AAAAAAAAAAAAAAAAAAAAANLAAAAAAAAAAAAAA >AAAAAAE011bHRpcGxlIFJlY2lwaWVudHMAAAAAAAAAAAAAAAD/ >AQEBAAAAAAAANLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAANLAAAAAAAA >AAAAAAAAAAAAvwKVbb8ClW4AAQAEAAAAAAA2AAAAAAEJAeMAAg >BmAAMAfgHjAAUAAAAWNLAAwBAAAAAAAAiAAEAQkB4wAFAAAAFg >AMAAAAAQAAAAAA5AxHZXJyeSBSaWduZXnLEgAAAAAAoMoSNLAL >CbHgFQyhIA/wEBBgVC///// >wEAsJseZ2VycnkucmlnbmV5QG11cnJheW9sYW9pcmUuY29tx0A >ANLAAASAAAAAAConx4BpJseASQEAADdK4oABSyKABDlnAANLAB >HZXJyeSBSaWduZXnLEgAAAAAAoMoSNLALCbHgFQyhIA/ >wEBBgVC+//// >wEAsJsPd2F5bmVAZWxpdmUubmV0cnJheW9sYW9pcmUuY29tx0A >ANLAAASAAAAAAConx4BpJseASQEAADdK4oABSyKABDlnAANLAA >AAAt0ZXN0IGdvb2dsZQDrDS0tIA0NNLDUdlcnJ5IFJpZ25leQ0 >oSVQgQXNzaXN0YW50KQ0NTXVycmF5IO4gTGFvaXJlIEFyY2hpd >GVjdHMNNLRnVtYmFsbHkgQ291cnQNRnVtYmFsbHkgTGFuZQ1Ed >WJsaW4gOA1JcmVsYW5kDQ1nZXJyeS5yaWduNLZXlAbXVycmF5b >2xhb2lyZS5jb20NaHR0cDovL3d3dy5tdXJyYXlvbGFvaXJlLmN >vbQ0NTU86IDAwNLMzUzIDg3IDY0Mzk2MDENUEg6IDAwMzUzIDE >gNDUzIDczMDANRlg6IDAwMzUzIDEgNDUzIDQwNjINNLDQAAAAA >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAAAAAAAANLAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANLA >ADkDEdlcnJ5IFJpZ25lecoSAKibHgFIyhIA68dmAKQQvgH/ >AQEGA5v6//// >AQEqAR5nZXJyeS5yNLaWduZXlAbXVycmF5b2xhb2lyZS5jb20A >QAAAAB4BpJseASQEAADdK4oABSyKABDlnAANLIoA8N4SNLAGwv >DEdlcnJ5IFJpZ25lecoSAKibHgFIyhIA68dmANQYHQH/ >AQEGApv6//// >AQEqAR5nZXJyeS5yNLaWduZXlAbXVycmF5b2xhb2lyZS5jb20A >QAAAAB4BpJseASQEAADdK4oABSyKABDlnAANLIoAsN4SN^XAFC+ >AHgwAHgwAHgwAHgwX0Y=N--====49574949525457535256===2--N49574949525457535256===1N6Content-Type: >application/mac-binhex40; >name="hp0.gif"N^_Content-disposition: >attachmentNBinHex >4.0)NM:"fK`-#jRD@B!2j!)!*!%%,8!N!5*bdG*4MJjBCi!6J$ >Q!!#)Ur$'err3X+T@BhQTTUUAN!-21)rhNLp[IhKR2rqrqYP'r >[kqpNGU!A4l+bar$RiqEhmqq*E9rHfplCjIq0FJ$1bmlC+!l' >aFEhjpCV$!!eNLDpV@e0BB6mVjm)Vje-bpZVfeXV@TK!$cd# >Na8C5i*a21`kADemVrkqH,Pl@mYVbJL6[1amB**@6HNLbmE- >cYERkrrRjqq[UUA1eGDbV,'dXUlRkqlkqIST8EAHfpE'amiU3Q >[*amR2cmkfYVA[N!2'[Vh@NLfZ)K@GEDf0G#BD,RN!1KS+' >VUUhHhq1Y&!$[ZJ#-%!$@VJ$''!$rc`#pPJ$'RJ"MPZqeMJ" >cSZp+NLIHIrG@2[@8,R2#(R56(hD9,rl`KDLZpM83$12#RhheU >)4cPm*KMhqrqYXVAhprqpRKEhPS5% >G6RHNLbibeTSbaYmDYPSchZUhhTTaDJYErlc('G@[`m[ArmlA@ >Y$DYMK"pPG2'NSc1dqHe6cl[jqIrrZ[@NLC9VrprIYkqQZVUfp >[Vf&KjIrN!-Kq33!N!8X!*!%RJ"1!!!(ri"rJS1%KBD(L)Q+ >Lib0MSq3!*'5NLNj59PTHBQCUER*fHRk#KSU1NTDDRU+ >QUUkbYVUq`XE+cY,@fYlL3!'![!3kq[li",f+jaCPL$J"XNL'N >%F$Fr3caa"'P03$R8qaYZ0,`j3'Xl2"JB0jH6QdKcVdaTXD%!( >#GcdJJ&58d(0jZ3M)d-!KrJENLef#G[S2Y!-#SCb`!1'BhqM&! >N@-$$Ka(K*K`F3%0#JBMdK9%D("1(BDf*Z$6S#'L!3CSMKc"`@ >2(NLK4miqqM%HC-!5'J'Ql&M!`4P,'4DTV3Nab$(N3dhIr6j3, >@U94"BHrK-aijG1K6bM,*5Q95$Z4%pNLD1VXN5*&eCXArq,+ >aGN$+iJ#3mUTJpC2JPK9hj,QCF'!ai88@GRqU-"M``B6%Q3HN5 >"KJq%,IE!DNLBF"eR!%@,)Bm#2Zhe$G`%9RiiI'"$`MAI5l`L( >aN!33IYJrFYNhN3@8H2qS@Z-(h-iX"2'T$+%hUNLp&)@"5k!)) >$e``@,4(+6RXGphJ(F$cC8#$kFR2%"I'*,X-dme1NTU4Rd)8!J >"SM&%SMii2iR`6a&NL"ab``&-9c$I#H388B83I'a!4PRrYEI* >HDJ0m3)##pfh``!+N44,JJ"ZNF1"a"C5iB)-(40M*"&"!NLSB8 >'RqR!4a%dpP$"HKe5mL%$R`e3BK(8AE$HFLTU)SB8,TS&@[m"& >a*JBhllDH,!$52i33104B!JNLT)0&EJ*!Lr$e5!#629bJ(#G!! >"(H"dEBYf@1A9E#SK3['ZF(MAbmfGdQ#f`3R(8irKIR*3!JqG` >!NL&mE!)*HH##LHE)%1LXNpG-))fTe&P(N%R*TmjeYNl%Pk#4J >!I2QF$LAQ'HNR!Li3UULAU!4!R6h5NL#!)2$JV++UH931#"' >Q3J)#`#C+cK`3QNi)%(("ediDbc(F#"Kb6*i*-D#a%3B)53!&( >ULXX*Df"aNLK39@@'#Z&HKHF889HC!!i9FRH$3V3K,deTY%% >rJf)B)CHcMb3URJQ-1#$VEb-"Sh'#!`VJ9-)%(#NL``qIUbkk& >Z6a,[mQH(644"*,21'%%f1%r-355p#,,lea%-&)-V1D&513!) >YZGmX*C#cXX"X#V0!#NL$`))i!B*je,-K!9ZG$Y*aKXr%B8F# >T4JJJNmV&##!Q13!'`[afE`+NLe@J4"cR(eFHYY,4jJB38ANL* >(a"K`4[e$$C%6,%r8-%3*0V,K0-F#%%*A#ddF356XKaaK%q`$# >CBd,)m)-#)pY,FXU)(&#UY9mMNL#N)&"qHb4K9AF)'%&bZm89N >&&qc``ddlT8(#d(IM6B)!NR53!-AI)DKJ`J+M9d#k9$ZG8AA*( >(FmNLKJQ(b"V`e`bFb1&rBlm5EK@HHd%Ck9(&G6VU(kL1GqY)) >!(lRSV)6V[r#Y0E$pGF9"(`1mNGHdamNL)3j)85NrUXA! >VHCB32r&&a8)NC0ePR'-#5`cRKqN!@m)E&Mh9Z!)m5dK"' >9Sc2mZ`"J"@LBZI6M$NLb0Mh")r*iAf$L0rm@2!C2fK*!P' >bK4US)#i5++%),Q",#KDM)5,daP8JdTdE%SLhlT&!!K##N!! >KNLC*H&*)5!!M')S@)U8-2XZ1S"NaQ2!YK(-Sp&3382))3)md% >r%jT*Dkl`!"@S8!8AHL%(@F'2JdMcNLS3@%*`Gfi'(hP"!"2@ >J0$PQBR4-S8!BdJU!(2jK0GYLS'a$p)!j8Y'))&+"&*1A$2+ >V4dUDDjiS%NL))#&A2K#"K53!!)MJ1$r!bML9B!H))3Bb"%*5P >##!!+%L$E-lS&E+%!222Q$8$C[P#B3!"8l&S83NLK)! >3AhU4ellQKa6J#SbX@#%CAIJ&"CeSNSXi!"'!%%IZSG),4i"! >LJT"a#6XF3Y&L)%43%N%E5i#NL!Y1-!lfUk!4I%J)I5R%'m[U! >Z@h1iJ6#SX)95*!!!5pFk)6)(-4h"'#ZZme4#6&B(L(`i%VD85 >"ENL6X)F"#KC#(5@S&iGDqF["r'3!($3Vd,eV-8+%D#rIY+( >3D1KD%8P`)@#+M#9%GM3GSMBK#G3B!X4NL##H$123)(ca!RF(6 >+#(B3)epI'd)j#65,2*C4L9N)&[fUie+#k%E1K58BDMr618&A[ >8(9aEaQcQ9NLC!SEFB!pQ!'M5YZS))LU$hQ53`Ff5ZNX*%#& >5ql6U6RY!BSme!++B6@9'8K$EED*J6cq,3Sh[G1YNL'28)-*J! >VEdNa"bQBG5hmN'L8dA&5,'!0VbQCkqk)%)9K*E9TmSJFc4pi% >dMS$al1Z)!-"$"aMM@NL6XP59KcQL3lK-RX+-S`4HUKmUK&qJ% >,q["B-ETLB"8VVK4[j)%9GQ*e$Yq#('""hV)miJ"PQ#cLeNLrJ >%!Yad(#4RJA2#e!J+AA'C`)a!'iVk"YiB3J(*,q`9bTNJ%dRh# >%A&kRfa5BV[VV1dJkN!5IKKJNL",9F!(a*FB!aUYHTAQL[r`58 >'SN@9)&c&R#K8lm3KT!!iMGT4q5MK#N-#41FV,Z%J%%iK1)C!a >"JNL!`U&"33F[-rJ4TLi*(l%!r)h,JeRi![EBYX"C!YL# >SJBaj5iJfcTTGp#X'%DkfKaB533d%K-)!#pNL`,+@Y``-H!KL! >9KJBBdh(13U(m)(,"bYMlp!J1Y#J-K*d+q4ba#',bkB%%-q@C1 >"#H8SQfF%BY1%NL5T6#NLPS!3Vb3j)`j6Q#)h`jc1* >DELVCE1Iqh"QpqE2#QJR!)"qm@Fq)0A+EGcZ*2)1i%(AS5R%- >NLJ),eh"N4+Q%*-kK4$5L8UP$a0-F3&[!(H63idj*fUQl0I!J% >B-&X,Xc!M`RrN!"81(IAb-0qY5$%NLS,&6%m)'iI#+CdC3! >FC1iJ95D%B3EN$Z'`"N$[)VP$$2JJ0dlUI"&bjAD52JP1G5JJc >(eV46qaN'NLBcSS$LGZTj%9%'K*(+$DhU5!)F#VDJ1Mi!j'L` >3bd1!!&m40"MbSJ!XD-bXAFE&(0!%9''Tf"APRNLe3X*PVBJm) >hXIE2@hhm!-'e$A!C3+TJ5#0qM)53J&'hhS`)ma33kJ8#kUIaJ >$Y9J#3FUp`%eJN%!NLIQeB+T9`1EP+!Yr35rC6-d3%'h3!XL%' >!@JM!BCU,`'aKMM!C,AY'3C!A18#pDN%aT1C&23"k5`*NL`NGl >!#J(5D"FjAUT%K6J![qV4m,B`&9f-aHdf`H!hFKT1+eVXf[f) >kCp!cf2XQG3m&bi"iJ)"*S,NL$`!`"DAS[A+H$#NBmZ$5JhV"" >@b6YKM%V(@S#ZQpBJ!UbCc35`US!2B6PB30PQc6,D3G!R- >SL1EjNL-J)A"&p(2T8*C6B3'63NkI3p'LGS#FU`(QBe"[QCI#- >@32YpPkMUBEPSm$`@BKUXCa+I6J*LMCrfNL)`a"qH+)aK# >Jf4m2I3H(2K#!%2!HHNG#ar&*VLB)0F!&#A43%5!$hZB) >C905rC3JHX8S-)")l04,NLL`3%%GJ)H%3l@d"r9,8!D,!AdD" >VpPCUhZ%Ym3-&(pFMQT*#6hG+UI3$Q32r#CYc9mU@)*bf! >6kJNL"i*`!#A!3BT%!Af3!)12)$X*0i+)i&-SN!##8ZKfRP!( >MS4p"eK`!K*(#03pU'3(8J8*D%D"!i!RNLQ$@%#i")(D4)(3J$ >GhB!IJ0,1"8jIF)C8XJA3k!0R2##-AJF0&!"T0CV"l!# >Uq0pFj3'Er!JQD8'NLR*0XAP!%#9*,M"8J+c!'DmL'!P!$a2B( >6$Kr1C8)"r!!,T!!&hGB%!d`"%@a#9B)JeJi!(rSAi1! >NL6QIJKE6S-#[!5Sf!!5fN5Fh%**F6L2f"6J,`-F6)Hb%J"ca! >E!c9"0rN"5@5#$E`"Jp3!6"5LY)!NL!015#AcBLM-S+! >RJ4JT3LejSr`G!P&Pk3!@DaSXrmS-4+#"!F!E&@)aM)!&JB&k( >i$I&jib3!+J)NL0Z!$1,!#pkFAdD"j4*%*GC!!*%Yh( >M43F2dK66`3MZ+)"(E3!Sa`!ZLB0LD&*EqBBhrJ8c*`"P% >3NLNL+j022)#"N6Cb'`"@9J"*!!@!5,%)d5F!%mBKiT''8F-! >GCC!N1S"6%B4aqD#CMP3!"-RF+m!9+NL))iN3!IL0`L-Q'& >ie8Qf)L5mGJMI-AGR)!Hq&!)L#6*CN`K`-#mfp9"S`**C`JMp' >*0qF#!d@C-0NL%!3QXC5-)$NY)6#JmC2Cj#h5Y!%j3!"H-(@eD >!Gdi!'GG`)HX$RQBNB%8!%c3Kf5U2meMT)$-D!#NL@HP,8H!% >6a!(CS!"`DFX(6![CmG(563M@I)$M3#6+d!!H@%H!JN8kk!"*R >&cL`!'%q!!,p+6G3NDNL!k!TciGR4!!9)+!!IHQAhB-hA-!&* >GGphH-&D5!%2$!GM)NL+T@A(9%!+Q"N&%#CPRQCF5!#RXPqNL+ >R!'iZ'F@V)"ML#84l!$29!!DUQD8XJ136!&F`!!`D"P[[! >PTLG2GDN$!c!!Gl)YGdQ9i5%G"!#FNL4LQFiZJ&%5!!8(3"2F! >(I&!Qd$N)P!3"!DS9e&N'eSQG(b15+Y!d#pUJ$hSG+P1HSFJD- >j!!PUUjNLPMAT$&h4SRjfB#2J)`Q#*8@3!#IrQIpfEJ39Xm55# >K!"A[#M3'S(EN!(#RS(iI%$GJ&!Z8*@&+UANL$@S%*D)!+M#P9 >+S!#T!!-`q`"dGJ'(8"![3dGSj`PMX`!`2+!!1J!bQDSRGi$QF >"%#L!"Sfa!b!`NL!c4U"#P36d*%93)L"!9#!r5K,6-`3bXJ"" >iS%irb!fp"IEDaB')J)(2A"c6!NYS5"Mh3"c`J!cJ!NL48pK') >K+&C!!%Q13!*!!!'r3Qhd3"M%!L@CkTQLDT[hJ$d-`%@rD2`m3 >(Mc3"bN`!dD3!+Y'd!-fNL!Q1l5C8j@L!pJ+Y'3"dI%"X8C$V@ >Bafc-4T`Z3K[%+a)#J,&@Kh)ZJ-fB6f,dD`V1!N*d)m`` >2qRNL2d!$-A#U*A+Z"H!(#C+Vpl%$+p!B'CF$f)Sk8p%@GVF$2 >%#S5mS)%*!!Sbk!%e3"!QjK(GUU1aEaNL!2ZU)k#h!IrDU30, >X0CMX%IJV("(#0rDVljK'"q3!!)di+!dJ+[e`3Fcm%FGb`FdF, >)d`+Y0G`([NLkKL4NDAkB3-,TKX8'KiZS$XiDl$8Paq$P+H9d# >T3a,!jUcXm8,68G`3ed(QGm+hId4X5`*c8Sa0cNL86T8@d%[5` >4lX!F,i!1*'#!bkbfC"3CY"%@D+KN)QaXqfbN33+'pBEB6Uabi >#!VqB3-fF!"[i!0lNH!(U8!3650l%fP"fHGJ"d1lKdkarIbM`k >)T5km4)GDaXJfP5afD90!F+iLkY5J3!!1kp)!!!:N--====49574949525457535256===1--N > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt1CxRH2WUcUFbZUEQKZ1ACePistjxSVvWS2KQ1w7sCrx3pJcJgAoPFw XSCbhI3f2yOrnJcWkYuOPhNh =vwh3 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Jul 19 19:22:00 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:21 2006 Subject: Sophos and Encrypted Attachments Message-ID: I've been getting complaints of encrypted attachments being rejected by SophosSAVI because they are encrypted. I've added a ruleset to allow encrypted attachments from certain domains and added a "Sophos Allowed Error Messages" entry for "File was encrypted", but they are still rejected. Jul 18 09:37:55 avwall2 MailScanner[26790]: SophosSAVI::ERROR:: File was encrypted (530):: ./j6IEbXCt027886/Cing 615 @ McMullen.xls Jul 18 20:29:11 avwall2 MailScanner[31191]: SophosSAVI::ERROR:: File was encrypted (530):: ./j6J1So5V000931/20050718155617H0004711.PDF These attachments must be encrypted to comply with the Graham-Leach-Bliley Act here in the US. I think my last resort is to not virus scan emails from specified email addresses, but I'd hate to have a forging virus come through using one of these whitelisted email addresses. Did I miss something elsewhere in my config? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 19 19:34:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:21 2006 Subject: Sophos and Encrypted Attachments Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What version are you running? Mike Kercher wrote: >I've been getting complaints of encrypted attachments being rejected by >SophosSAVI because they are encrypted. I've added a ruleset to allow >encrypted attachments from certain domains and added a "Sophos Allowed Error >Messages" entry for "File was encrypted", but they are still rejected. > >Jul 18 09:37:55 avwall2 MailScanner[26790]: SophosSAVI::ERROR:: File was >encrypted (530):: ./j6IEbXCt027886/Cing 615 @ McMullen.xls >Jul 18 20:29:11 avwall2 MailScanner[31191]: SophosSAVI::ERROR:: File was >encrypted (530):: ./j6J1So5V000931/20050718155617H0004711.PDF > >These attachments must be encrypted to comply with the Graham-Leach-Bliley >Act here in the US. I think my last resort is to not virus scan emails from >specified email addresses, but I'd hate to have a forging virus come through >using one of these whitelisted email addresses. Did I miss something >elsewhere in my config? > >Mike > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt1H1RH2WUcUFbZUEQJYzgCgrRYR78Md/7VTLev4cpZnwgPbIGgAn1dc 3xnQIl9M97TfPRscz1VifXkz =saso -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Jul 19 19:39:44 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:21 2006 Subject: Sophos and Encrypted Attachments Message-ID: mailscanner-4.41.3-1 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, July 19, 2005 1:35 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos and Encrypted Attachments -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What version are you running? Mike Kercher wrote: >I've been getting complaints of encrypted attachments being rejected by >SophosSAVI because they are encrypted. I've added a ruleset to allow >encrypted attachments from certain domains and added a "Sophos Allowed >Error Messages" entry for "File was encrypted", but they are still rejected. > >Jul 18 09:37:55 avwall2 MailScanner[26790]: SophosSAVI::ERROR:: File >was encrypted (530):: ./j6IEbXCt027886/Cing 615 @ McMullen.xls Jul 18 >20:29:11 avwall2 MailScanner[31191]: SophosSAVI::ERROR:: File was >encrypted (530):: ./j6J1So5V000931/20050718155617H0004711.PDF > >These attachments must be encrypted to comply with the >Graham-Leach-Bliley Act here in the US. I think my last resort is to >not virus scan emails from specified email addresses, but I'd hate to >have a forging virus come through using one of these whitelisted email >addresses. Did I miss something elsewhere in my config? > >Mike > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt1H1RH2WUcUFbZUEQJYzgCgrRYR78Md/7VTLev4cpZnwgPbIGgAn1dc 3xnQIl9M97TfPRscz1VifXkz =saso -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hoff.milo at gmail.com Tue Jul 19 19:47:43 2005 From: hoff.milo at gmail.com (Milo Hoffman) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 7/18/05, Jody Cleveland wrote: > > Why don't you set both destiny and mystique as MX for your > > domain(s)? I > > don't see the point of double-scanning... > > Oh, I do. Mystique is only there in case something happens to destiny. > But, I'm noticing message headers that say mystique.winnefox.org. but, > yet that server is fine. It's as if there's a timeout on those messages. > But, I'm not sure what to look for in the logs to see what's happening. > Oh this thread is rather confusing now ! I am just trying to reframe your words to make myself clearer about your problem 1) You mean to say you have Destiny as the primary MX and Mystique as the secondary MX ? When mail hits on Destiny some problem oocurs (it can be a connection time out or a busy server ) and the mail goes to Mystique instead. But in normal scenarios when there is no load or much traffic on the server you are observing that the mail still goes to mystique. 2) Is Destiny and Mystique directly available on the Internet via MX records or you have some kind of load balancer which redirects the mails to Mystique incase Destiny is overload. I know I have repeated a lot of stuff over here again and again, but trying to make myself clear. Milo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Jul 19 20:22:40 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:21 2006 Subject: Sophos and Encrypted Attachments Message-ID: Installing...thanks Julian! Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Tuesday, July 19, 2005 2:15 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sophos and Encrypted Attachments -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case, you may be interested in this from the ChangeLog 2/7/2005 New in Version 4.43.8 ============================== * New Features and Improvements * - - "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well as the command-line Sophos scanner. Mike Kercher wrote: >mailscanner-4.41.3-1 > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Julian Field >Sent: Tuesday, July 19, 2005 1:35 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Sophos and Encrypted Attachments > >* PGP Bad Signature, Signed: 07/19/05 at 19:35:01 > >What version are you running? > >Mike Kercher wrote: > > > >>I've been getting complaints of encrypted attachments being rejected >>by SophosSAVI because they are encrypted. I've added a ruleset to >>allow encrypted attachments from certain domains and added a "Sophos >>Allowed Error Messages" entry for "File was encrypted", but they are >>still >> >> >rejected. > > >>Jul 18 09:37:55 avwall2 MailScanner[26790]: SophosSAVI::ERROR:: File >>was encrypted (530):: ./j6IEbXCt027886/Cing 615 @ McMullen.xls Jul 18 >>20:29:11 avwall2 MailScanner[31191]: SophosSAVI::ERROR:: File was >>encrypted (530):: ./j6J1So5V000931/20050718155617H0004711.PDF >> >>These attachments must be encrypted to comply with the >>Graham-Leach-Bliley Act here in the US. I think my last resort is to >>not virus scan emails from specified email addresses, but I'd hate to >>have a forging virus come through using one of these whitelisted email >>addresses. Did I miss something elsewhere in my config? >> >>Mike >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional >Support Services at www.MailScanner.biz MailScanner thanks transtec >Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >* Julian Field >* 0x1415B654 (L) > > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt1RRRH2WUcUFbZUEQJcbwCdFNm1S5qx5fuFi+1nLX+Twr/2kmIAoI2i yqWzo0LAIg3XYyvPNVhghqpk =9Hb1 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Tue Jul 19 20:30:28 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: > I am just trying to reframe your words to make myself clearer > about your problem I really appreciate everyone's help with this. > 1) You mean to say you have Destiny as the primary MX and Mystique as > the secondary MX ? From PHachey at CITY.CORNWALL.ON.CA Tue Jul 19 21:01:12 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:30:21 2006 Subject: Suggestion: option to spam check blacklisted spam Message-ID: I suggest adding a rule to MailScanner.conf, such as: # Should spam checks (RBLs, SpamAssassin, etc) be performed # on spam that is blacklisted (treated by "Is Definitely Spam")? # Settings interact in the following manner: Is Definitely Spam Definite Spam Is High Scoring Check Definite Spam ACTION TAKEN no (irrelevant) (irrelevant) as appropriate yes yes (irrelevant) HIGH SPAM yes no no REGULAR SPAM yes no yes HIGH SPAM if high-scoring, otherwise REGULAR SPAM # In other words, marking this as "yes" means that "definite spam" # that is NOT automatically treated as high scoring is still # checked as normal to determine if it is high scoring spam. # This can also be the filename of a ruleset. Check Definite Spam = %rules-dir%/spam.blacklist.check.rules Regards, Philip Hachey ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Jul 19 21:01:33 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland wrote: >>I am just trying to reframe your words to make myself clearer >>about your problem > > > I really appreciate everyone's help with this. > > >>1) You mean to say you have Destiny as the primary MX and Mystique as >>the secondary MX ? > > > From dnsstuff.com: > mystique.winnefox.org. [Preference = 20] > mail.winnefox.org. [Preference = 10] > destiny.winnefox.org. [Preference = 15] Then, what is 'mail'? > > >>When mail hits on Destiny some problem oocurs (it can be a connection >>time out or a busy server ) and the mail goes to Mystique instead. >>But in normal scenarios when there is no load or much traffic on the >>server you are observing that the mail still goes to mystique. > > > Close. Mail goes to mail.winn... Then get's bounced to destiny. Destiny > scans that mail, then sends it off to mail.winn... Mystique.winn... Is > only there as a fail safe in case there's a problem with destiny. Does > that make any sense? What kind of problem exactly? A spamassassin timeout? I think that most of the people will have their MailScanner send scanned mail directly to the destination server (the exchange in your case). You should give a priority to fix your timeouts first. Please give us more details on the timeouts so that we can help you with that. Once your timeout issues are solved, you'll be able to deliver directly from destiny to your exchange. > > >>2) Is Destiny and Mystique directly available on the Internet via MX >>records > > > Yes. > > - jody > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Jul 19 21:48:05 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:21 2006 Subject: Off-topic - Qmail expert needed Message-ID: Please excuse the off-topic posting but we have some emergency work for a Qmail expert. Please contact me off-list if anyone is interested. TIA Steve Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Tue Jul 19 22:04:05 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: > Then, what is 'mail'? 'mail' is the Exchange server. > What kind of problem exactly? A spamassassin timeout? I think that > most of the people will have their MailScanner send scanned mail > directly to the destination server (the exchange in your case). Either a timeout, or hardware failure, lockup, whatever. > You should give a priority to fix your timeouts first. Please > give us more details on the timeouts so that we can help you with that. Once your > timeout issues are solved, you'll be able to deliver directly from > destiny to your exchange. I looked at one message that ended up going through mystique, rather than destiny. Here's the header: Received: from users.trulyamazingoffers.com (users.trulyamazingoffers.com [206.113.114.110]) by mystique.winnefox.org (Postfix) with SMTP id 31BD137C10A for <_@mail.winnefox.org>; Tue, 19 Jul 2005 15:39:25 -0500 (CDT) From: "Camera Phone Incentive" To: _@mail.winnefox.org Subject: Camera Phone Giveaway Date: Tue, 19 Jul 2005 15:00:00 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit List-Unsubscribe: Message-Id: There's absolutely nothing in the maillog on destiny in regards to this message. I look at the maillog on mystique, and found this: Jul 19 15:39:26 mystique MailScanner[4996]: New Batch: Scanning 1 messages, 2950 bytes Jul 19 15:39:26 mystique MailScanner[4996]: MCP Checks completed at 2950 bytes per second Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks: Starting Jul 19 15:39:26 mystique MailScanner[4996]: RBL checks: 31BD137C10A found in SBL+XBL Jul 19 15:39:26 mystique MailScanner[4996]: Message 31BD137C10A from 206.113.114.110 (bounce-nb-763763@users.trulyamazingoffers.com) to mail.winnefox.org is spam, SBL+XBL, SpamAssassin (score=6.83, required 5, BAYES_80 2.00, FROM_OFFERS 1.49, RCVD_IN_SBL 0.11, URIBL_JP_SURBL 2.46, URI_OFFERS 0.77) Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks: Found 1 spam messages Jul 19 15:39:26 mystique MailScanner[4996]: Spam Actions: message 31BD137C10A actions are store,deliver,striphtml Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks completed at 2950 bytes per second Jul 19 15:39:27 mystique MailScanner[4996]: Virus and Content Scanning: Starting Jul 19 15:39:27 mystique MailScanner[4996]: Virus Scanning completed at 2950 bytes per second Jul 19 15:39:27 mystique MailScanner[4996]: Requeue: 31BD137C10A to 6D99137C10B Jul 19 15:39:27 mystique MailScanner[4996]: Uninfected: Delivered 1 messages Jul 19 15:39:27 mystique MailScanner[4996]: Virus Processing completed at 2950 bytes per second Jul 19 15:39:27 mystique MailScanner[4996]: Disinfection completed at 2950 bytes per second Jul 19 15:39:27 mystique MailScanner[4996]: Batch completed at 2950 bytes per second (2950 / 1) Since there's no mention of it on destiny, is there a message to search for in the maillog that may indicate the message timing out, or other problems? Is there a different log file for errors? - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Tue Jul 19 22:35:09 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: > BTW, I gather you have an X-Men theme going for your servers. Yup. ;) - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Jul 19 22:40:11 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland spake the following on 7/19/2005 2:04 PM: >>Then, what is 'mail'? > > > 'mail' is the Exchange server. > > >>What kind of problem exactly? A spamassassin timeout? I think that >>most of the people will have their MailScanner send scanned mail >>directly to the destination server (the exchange in your case). > > > Either a timeout, or hardware failure, lockup, whatever. > > >>You should give a priority to fix your timeouts first. Please >>give us more details on the timeouts so that we can help you with > > that. Once your > >>timeout issues are solved, you'll be able to deliver directly from >>destiny to your exchange. > > > I looked at one message that ended up going through mystique, rather > than destiny. Here's the header: > > Received: from users.trulyamazingoffers.com > (users.trulyamazingoffers.com [206.113.114.110]) > by mystique.winnefox.org (Postfix) with SMTP id 31BD137C10A > for <_@mail.winnefox.org>; Tue, 19 Jul 2005 15:39:25 -0500 (CDT) > From: "Camera Phone Incentive" > > To: _@mail.winnefox.org > Subject: Camera Phone Giveaway > Date: Tue, 19 Jul 2005 15:00:00 -0400 > MIME-Version: 1.0 > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: 8bit > List-Unsubscribe: > Message-Id: > azingoffers.com> > > There's absolutely nothing in the maillog on destiny in regards to this > message. I look at the maillog on mystique, and found this: > > Jul 19 15:39:26 mystique MailScanner[4996]: New Batch: Scanning 1 > messages, 2950 bytes > Jul 19 15:39:26 mystique MailScanner[4996]: MCP Checks completed at 2950 > bytes per second > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks: Starting > Jul 19 15:39:26 mystique MailScanner[4996]: RBL checks: 31BD137C10A > found in SBL+XBL > Jul 19 15:39:26 mystique MailScanner[4996]: Message 31BD137C10A from > 206.113.114.110 (bounce-nb-763763@users.trulyamazingoffers.com) to > mail.winnefox.org is spam, SBL+XBL, SpamAssassin (score=6.83, required > 5, BAYES_80 2.00, FROM_OFFERS 1.49, RCVD_IN_SBL 0.11, URIBL_JP_SURBL > 2.46, URI_OFFERS 0.77) > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks: Found 1 spam > messages > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Actions: message > 31BD137C10A actions are store,deliver,striphtml > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks completed at > 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Virus and Content Scanning: > Starting > Jul 19 15:39:27 mystique MailScanner[4996]: Virus Scanning completed at > 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Requeue: 31BD137C10A to > 6D99137C10B > Jul 19 15:39:27 mystique MailScanner[4996]: Uninfected: Delivered 1 > messages > Jul 19 15:39:27 mystique MailScanner[4996]: Virus Processing completed > at 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Disinfection completed at > 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Batch completed at 2950 > bytes per second (2950 / 1) > > Since there's no mention of it on destiny, is there a message to search > for in the maillog that may indicate the message timing out, or other > problems? Is there a different log file for errors? > > - jody > If it is spam, it most likely was sent directly to mystique as it is the higher MX record. Spammers have been hitting the higher MX for a long time, probably in the hopes that either the secondary MX is not protected, or the transfer from the secondary to the primary will be whitelisted or less likely to bounce. If you are trying to screen the exchange server, then why even have it listed with a MX record? Have it both send and receive through either destiny or mystique. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mll at SEA.ALASKAMARITIME.COM Tue Jul 19 23:21:49 2005 From: mll at SEA.ALASKAMARITIME.COM (Meryll Larkin) Date: Thu Jan 12 21:30:21 2006 Subject: uninstall question -- fixed! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 7/19/05 Thanks again for your help. I finally had time to work on this again today. After uninstalling the newer rpms, reading the README and installing some of the older rpms individually from source as recommended, then reinstalling an older version of MailScanner(one that is more compatible with my older server), all is working as it should. I'm happy, Meryll Larkin -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Kai Schaetzl Sent: Thursday, July 14, 2005 2:31 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: uninstall question Meryll Larkin wrote on Wed, 13 Jul 2005 18:34:44 -0700: > Do you know where I might > find a list? As I said they are all in the tarball. You unpacked the tarball, right? So, there are all the names ... > Then I can start from scratch and install an older version of > MailScanner. Hm, Red Hat 7.2 is quite old, isn't it? If it's the Perl version of it you are having problems with you would need to go to quite old MS versions as well. You should think about upgrading. Kai -- Kai Schätzl, Berlin, Germany ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ctwatts at gmail.com Wed Jul 20 00:13:48 2005 From: ctwatts at gmail.com (Cannon Watts) Date: Thu Jan 12 21:30:21 2006 Subject: SpamAssassin score is always zero Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just set up MailScanner 4.43.8 on Redhat 9 (Intel). SpamAssassin 2.6.4 was already installed. For the most part things are working as expected. SpamAssassin, however, doesn't catch anything when run through MailScanner. Here's a typical maillog entry: Jul 19 16:52:58 **** MailScanner[10122]: Message XYZ from **** (****) to **** is spam, SBL+XBL, spamhaus.org, spamcop.net, SpamAssassin (score=0,required6, autolearn=) The SA score is zero on every entry in the log. However, if I feed the quarantined copy of that message directly to SpamAssassin: spamassassin -D < /var/spool/MailScanner/quarantine/20050719/spam/XYZ SA gives it a score of 17.653, and generally does what it's supposed to. Any thoughts on why SA isn't working when called by MailScanner? Cannon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jul 20 00:37:22 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/7/19, Jody Cleveland : > > Then, what is 'mail'? > > 'mail' is the Exchange server. Somewhat strange setup (to my eues at least:)... Perhaps consider completely hiding the exchange (split DNS etc). > > What kind of problem exactly? A spamassassin timeout? I think that > > most of the people will have their MailScanner send scanned mail > > directly to the destination server (the exchange in your case). > > Either a timeout, or hardware failure, lockup, whatever. The only timeout you've showed so far is a postfix one... which is pretty normal (since you don't control what is in the other end of that conversation). Scott probably has the right of this.... Spammers hitting your highest MX. > > You should give a priority to fix your timeouts first. Please > > give us more details on the timeouts so that we can help you with > that. Once your > > timeout issues are solved, you'll be able to deliver directly from > > destiny to your exchange. Hear hear!-):-) > I looked at one message that ended up going through mystique, rather > than destiny. Here's the header: (snip) > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Actions: message Detects one spam message and does what you've told it to do.... (snip) > Since there's no mention of it on destiny, is there a message to search > for in the maillog that may indicate the message timing out, or other > problems? Is there a different log file for errors? > > - jody Since you've looked and found nothing (on destiny, and probably not on mail either), you've just proved Scotts point;). Nothing to lose sleep over. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ctwatts at gmail.com Wed Jul 20 02:17:37 2005 From: ctwatts at gmail.com (Cannon Watts) Date: Thu Jan 12 21:30:21 2006 Subject: SpamAssassin score is always zero -- SOLVED Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike wrote: >I would uninstall the rpm install of SA2.64 and install SA3.04 from CPAN or >source. Then restart MS. Thanks, seems to be fixed. I tried that this morning and 3.04 wouldn't compile. I've changed so many things today I have no idea what made the difference, but it compiled this evening and looks to be working correctly. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.clancy at businessworld.ie Wed Jul 20 08:09:53 2005 From: john.clancy at businessworld.ie (John Clancy) Date: Thu Jan 12 21:30:21 2006 Subject: Bitdefender exploit report Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] FYI: BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers is susceptible to an antivirus scan evasion vulnerability. This vulnerability allows malicious content to pass undetected, leading to a false sense of security. A malicious attachment may be opened by a vulnerable user facilitating a malicious code infection. BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers versions 1.6.1 and prior are affected by this issue Details are at http://www.securityfocus.com/bid/14262/info JC ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Jul 20 09:31:29 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:21 2006 Subject: uninstall question -- fixed! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meryll Larkin wrote on Tue, 19 Jul 2005 15:21:49 -0700: > then reinstalling an older version of MailScanner How long did you have to go back? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Wed Jul 20 09:41:39 2005 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:21 2006 Subject: Bitdefender exploit report Message-ID: MailScanner doesn't use the mail server version of Bitdefender, it uses the command line scanner (which is currently version 7). I don't think this should worry MailScanner users, unless anyone knows any additional information... On Wed, 2005-07-20 at 08:09 +0100, John Clancy wrote: > FYI: > > BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers is > susceptible to an antivirus scan evasion vulnerability. > > This vulnerability allows malicious content to pass undetected, leading to a > false sense of security. A malicious attachment may be opened by a > vulnerable user facilitating a malicious code infection. > > BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers versions > 1.6.1 and prior are affected by this issue > > Details are at http://www.securityfocus.com/bid/14262/info > > JC > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ================================================================= BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wayne at NIGHTSOL.NET Wed Jul 20 11:38:52 2005 From: wayne at NIGHTSOL.NET (Wayne) Date: Thu Jan 12 21:30:21 2006 Subject: Attachments renamed application1 Message-ID: On 19/07/2005 19:02, "Alex Neuman van der Hans" wrote: > Could it be a MIME::Somethingsomething problem? Perhaps your perl > modules are not all up to date. You also don't mention mailscanner > versions, etc. MIME-Tools is the latest version.. MailScanner version is 4.43.6-1 Clamav 0.86.1 Postfix 2.0.18-4 Fedora Core 2 I think its because quickmail can sometimes use non-standard ways to send a mail as part of its quickmail office features for updating contacts etc.. Anybody have any ideas on where to go with this? Quickmail forums are not much help and would be great to specifically find out whats going wrong.. Thanks, Wayne ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 13:23:17 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:21 2006 Subject: SpamAssassin score is always zero Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Cannon Watts wrote: > I just set up MailScanner 4.43.8 on Redhat 9 (Intel). SpamAssassin > 2.6.4 was already installed. For the most part things are working as > expected. SpamAssassin, however, doesn't catch anything when run > through MailScanner. > > Here's a typical maillog entry: > > Jul 19 16:52:58 **** MailScanner[10122]: Message XYZ from **** (****) > to **** is spam, SBL+XBL, spamhaus.org, spamcop.net, SpamAssassin > (score=0,required6, autolearn=) > > The SA score is zero on every entry in the log. > > However, if I feed the quarantined copy of that message directly to > SpamAssassin: > spamassassin -D < /var/spool/MailScanner/quarantine/20050719/spam/XYZ > SA gives it a score of 17.653, and generally does what it's supposed to. > > Any thoughts on why SA isn't working when called by MailScanner? > What do you have for: Check SpamAssassin If On Spam List = in MailScanner.conf? > Cannon > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Jul 20 13:38:41 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:30:21 2006 Subject: SpamAssassin score is always zero Message-ID: > I just set up MailScanner 4.43.8 on Redhat 9 (Intel). SpamAssassin > 2.6.4 was already installed. For the most part things are working as > expected. SpamAssassin, however, doesn't catch anything when run > through MailScanner. > > Here's a typical maillog entry: > > Jul 19 16:52:58 **** MailScanner[10122]: Message XYZ from **** (****) > to **** is spam, SBL+XBL, spamhaus.org, spamcop.net, SpamAssassin > (score=0,required6, autolearn=) > > The SA score is zero on every entry in the log. > > However, if I feed the quarantined copy of that message directly to > SpamAssassin: > spamassassin -D < > /var/spool/MailScanner/quarantine/20050719/spam/XYZ > SA gives it a score of 17.653, and generally does what it's supposed to. > > Any thoughts on why SA isn't working when called by MailScanner? > Looking at the maillog entry it looks like MailScanner is also doing RBL checking (SBL+XBL, spamhaus.org, spamcop.net). Since the message is already flagged as spam from the RBL checking, doesn't Mailscanner then skip the SpamAssassin checks? Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 20 13:45:43 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:21 2006 Subject: Bitdefender exploit report Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Spicer wrote: >MailScanner doesn't use the mail server version of Bitdefender, it uses >the command line scanner (which is currently version 7). I don't think >this should worry MailScanner users, unless anyone knows any additional >information... > >On Wed, 2005-07-20 at 08:09 +0100, John Clancy wrote: > > >>FYI: >> >>BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers is >>susceptible to an antivirus scan evasion vulnerability. >> >> >> Besides, everybody here uses ClamAV + whatever else, right? :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From svs at TRANSAS.COM Wed Jul 20 13:36:36 2005 From: svs at TRANSAS.COM (Smirnov, Sergey) Date: Thu Jan 12 21:30:21 2006 Subject: Do I need start spamassasin with mailscanner? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I read that mailscanner have internal interface to spamassassin. Do I need start spamassasin(spamd) with mailscanner? Thanks -- Sergey Smirnov UNIX System Administrator of System Department Transas Group ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jul 20 13:48:14 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:21 2006 Subject: Do I need start spamassasin with mailscanner? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Smirnov, Sergey wrote: > Hi > I read that mailscanner have internal interface to spamassassin. > Do I need start spamassasin(spamd) with mailscanner? > Thanks This is a classic MAQ.. read this http://wiki.mailscanner.info/doku.php?id=maq:index#spam-fighting_tools How do I get spamc/spamd to.....? Stop right there. MailScanner does not use spamd, spamc, or the spamassassin script directly. It calls the installed perl modules directly. Any spamassassin-related configuration is done in /etc/MailScanner/spam.assassin.prefs.conf, and only certain options are recognized. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 20 13:46:34 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:21 2006 Subject: Do I need start spamassasin with mailscanner? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Smirnov, Sergey wrote: > Hi >I read that mailscanner have internal interface to spamassassin. >Do I need start spamassasin(spamd) with mailscanner? >Thanks > > No... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 13:38:12 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:21 2006 Subject: How to investigate timeouts? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jody Cleveland wrote: >>Then, what is 'mail'? > > > 'mail' is the Exchange server. Huh? That means that your exchange server is open on the net? Ah, I tried a connexion to it, you're using the 'old way' of dealing with that. Here's a simpler way (IMHO). http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway > > >>What kind of problem exactly? A spamassassin timeout? I think that >>most of the people will have their MailScanner send scanned mail >>directly to the destination server (the exchange in your case). > > > Either a timeout, or hardware failure, lockup, whatever. > Using regular MX records, if one of your server doesn't respond, the other will. > >>You should give a priority to fix your timeouts first. Please >>give us more details on the timeouts so that we can help you with > > that. Once your > >>timeout issues are solved, you'll be able to deliver directly from >>destiny to your exchange. > > > I looked at one message that ended up going through mystique, rather > than destiny. Here's the header: > > Received: from users.trulyamazingoffers.com > (users.trulyamazingoffers.com [206.113.114.110]) > by mystique.winnefox.org (Postfix) with SMTP id 31BD137C10A > for <_@mail.winnefox.org>; Tue, 19 Jul 2005 15:39:25 -0500 (CDT) > From: "Camera Phone Incentive" > > To: _@mail.winnefox.org > Subject: Camera Phone Giveaway > Date: Tue, 19 Jul 2005 15:00:00 -0400 > MIME-Version: 1.0 > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: 8bit > List-Unsubscribe: > Message-Id: > azingoffers.com> > > There's absolutely nothing in the maillog on destiny in regards to this > message. I look at the maillog on mystique, and found this: > > Jul 19 15:39:26 mystique MailScanner[4996]: New Batch: Scanning 1 > messages, 2950 bytes > Jul 19 15:39:26 mystique MailScanner[4996]: MCP Checks completed at 2950 > bytes per second > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks: Starting > Jul 19 15:39:26 mystique MailScanner[4996]: RBL checks: 31BD137C10A > found in SBL+XBL > Jul 19 15:39:26 mystique MailScanner[4996]: Message 31BD137C10A from > 206.113.114.110 (bounce-nb-763763@users.trulyamazingoffers.com) to > mail.winnefox.org is spam, SBL+XBL, SpamAssassin (score=6.83, required > 5, BAYES_80 2.00, FROM_OFFERS 1.49, RCVD_IN_SBL 0.11, URIBL_JP_SURBL > 2.46, URI_OFFERS 0.77) > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks: Found 1 spam > messages > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Actions: message > 31BD137C10A actions are store,deliver,striphtml > Jul 19 15:39:26 mystique MailScanner[4996]: Spam Checks completed at > 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Virus and Content Scanning: > Starting > Jul 19 15:39:27 mystique MailScanner[4996]: Virus Scanning completed at > 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Requeue: 31BD137C10A to > 6D99137C10B > Jul 19 15:39:27 mystique MailScanner[4996]: Uninfected: Delivered 1 > messages > Jul 19 15:39:27 mystique MailScanner[4996]: Virus Processing completed > at 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Disinfection completed at > 2950 bytes per second > Jul 19 15:39:27 mystique MailScanner[4996]: Batch completed at 2950 > bytes per second (2950 / 1) > > Since there's no mention of it on destiny, is there a message to search > for in the maillog that may indicate the message timing out, or other > problems? Is there a different log file for errors? > grep killed /var/log/maillog If you do grep timeout /var/log/maillog, you'll have all SMTP timeouts, wich are normal (it is your server trying to reach other servers on the net). > - jody > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 20 13:58:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:21 2006 Subject: SpamAssassin score is always zero Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20 Jul 2005, at 13:38, Adri Koppes wrote: >> I just set up MailScanner 4.43.8 on Redhat 9 (Intel). SpamAssassin >> 2.6.4 was already installed. For the most part things are working as >> expected. SpamAssassin, however, doesn't catch anything when run >> through MailScanner. >> >> Here's a typical maillog entry: >> >> Jul 19 16:52:58 **** MailScanner[10122]: Message XYZ from **** (****) >> to **** is spam, SBL+XBL, spamhaus.org, spamcop.net, SpamAssassin >> (score=0,required6, autolearn=) >> >> The SA score is zero on every entry in the log. >> >> However, if I feed the quarantined copy of that message directly to >> SpamAssassin: >> spamassassin -D < >> /var/spool/MailScanner/quarantine/20050719/spam/XYZ >> SA gives it a score of 17.653, and generally does what it's supposed >> > to. > >> >> Any thoughts on why SA isn't working when called by MailScanner? >> >> > > Looking at the maillog entry it looks like MailScanner is also > doing RBL > checking (SBL+XBL, spamhaus.org, spamcop.net). Since the message is > already flagged as spam from the RBL checking, doesn't Mailscanner > then > skip the SpamAssassin checks? There is a MailScanner.conf option to choose whether to run SpamAssassin on messages which have already been marked as spam by the MailScanner RBL checks. Check SpamAssassin If On Spam List = yes - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt5KexH2WUcUFbZUEQK6vQCffoobKwjHM0PkaDY7pPP2iDlUmaYAoLjU kS8TaD03jcX3bZ4oeqPVgSfN =+Fbj -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jul 20 13:55:00 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:21 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: >>> >>>> then is it possible to incorporate clamd.conf related parameters in >>>> the next version of MailScanner? something like the current limits >>>> set for clamavmodule.. OR would you rather have people modify the >>>> clamd.conf files? >>> Julian, In /usr/lib/MailScanner/MailScanner/SweepViruses.pm, there exists a parameter Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED(), removing this will ensure that clamavmodule (libclamav + Mail::ClamAV) doesn't mark password-protected archives as viruses. Can this be possibly corrected by the mighty 'root' in the next MailScanner release? thanks, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From svs at TRANSAS.COM Wed Jul 20 14:04:46 2005 From: svs at TRANSAS.COM (Smirnov, Sergey) Date: Thu Jan 12 21:30:21 2006 Subject: Do I need start spamassasin with mailscanner? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've read this. Sorry for stupid question but it's possible to call spamd from perl. Dhawal Doshy wrote: > Smirnov, Sergey wrote: > >> Hi >> I read that mailscanner have internal interface to spamassassin. >> Do I need start spamassasin(spamd) with mailscanner? >> Thanks > > > This is a classic MAQ.. read this > http://wiki.mailscanner.info/doku.php?id=maq:index#spam-fighting_tools > > How do I get spamc/spamd to.....? > Stop right there. MailScanner does not use spamd, spamc, or the > spamassassin script directly. It calls the installed perl modules > directly. Any spamassassin-related configuration is done in > /etc/MailScanner/spam.assassin.prefs.conf, and only certain options are > recognized. > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Sergey Smirnov UNIX System Administrator of System Department Transas Group -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC3kvumVlVgFWQYrkRAi9wAJ9aQGJs6Jwf7sb3bEgNihnAYZvjrACgjd1S /5s0oviI5JJ19a4UFMQNv0s= =f9C4 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed Jul 20 14:11:39 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:22 2006 Subject: Mailscanner stopped scanning after Debian upgrade Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since my Debian Sarge system upgrade sendmail my mailscanner does not seem to scan... i see it starting in the log file but does not scan incoming email.... Actually i think mailscanner was upgraded too... not sure..... I am running sendmail 8.13.4 and Mailscanner version 4.41.3 also i now see a new file named sendmail.conf that i did not see before?? Any help appreciated... Thanks and have a great day! Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 20 14:17:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:22 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20 Jul 2005, at 13:55, Dhawal Doshy wrote: > Dhawal Doshy wrote: > >>>> >>>> >>>>> then is it possible to incorporate clamd.conf related >>>>> parameters in the next version of MailScanner? something like >>>>> the current limits set for clamavmodule.. OR would you rather >>>>> have people modify the clamd.conf files? >>>>> >>>> >>>> > > Julian, > > In /usr/lib/MailScanner/MailScanner/SweepViruses.pm, there exists a > parameter Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED(), removing this > will ensure that clamavmodule (libclamav + Mail::ClamAV) doesn't > mark password-protected archives as viruses. > > Can this be possibly corrected by the mighty 'root' in the next > MailScanner release? It's already there. If you have MailScanner set to allow password-protected zip and rar archives, then this option is disabled. If you have it set to block password-protected archives, then this option is enabled. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt5O7xH2WUcUFbZUEQIveQCg35LVwR4VaAUfLRGjiJxu00uZFgwAoPqd 7188mMWPvnpd+2hMgP3De6zR =R9Mm -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 20 14:19:03 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:22 2006 Subject: Mailscanner stopped scanning after Debian upgrade Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It has probably re-enabled the sendmail service.Do these 4 commands (you might have to use some other command in place of "service" on Debian, I'm not a Debian user): chkconfig sendmail off chkconfig MailScanner on service sendmail stop service MailScanner start On 20 Jul 2005, at 14:11, Rob wrote: Since my Debian Sarge system upgrade sendmail my mailscanner does not seem to scan... i see it starting in the log file but does not scan incoming email....   Actually i think mailscanner was upgraded too... not sure.....   I am running sendmail 8.13.4  and Mailscanner version 4.41.3 also i now see a new file named sendmail.conf that i did not see before??   Any help appreciated...   Thanks and have a great day!   Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 202bytes. ] [ Unable to print this part. ] From wietse at BOUDISQUE.NL Wed Jul 20 14:15:53 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:30:22 2006 Subject: Mailscanner stopped scanning after Debian upgrade Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, On Wednesday, July 20, 2005 3:11 PM, Rob wrote: > Since my Debian Sarge system upgrade sendmail my mailscanner does not > seem to scan... i see it starting in the log file but does not scan > incoming email.... > > Actually i think mailscanner was upgraded too... not sure..... > > I am running sendmail 8.13.4 and Mailscanner version 4.41.3 also i > now see a new file named sendmail.conf that i did not see before?? Is the MailScanner version the version from Sarge, or the .tar.gz-version? I use the standard Sarge-sendmail version, but update MailScanner by hand with the .tar.gz-version. To have the thing working in Sarge, I needed to edit the /etc/mail/sendmail.conf, and give this to the DAEMON_PARMS: DAEMON_PARMS="-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; That takes care of the 'split' sendmail queues. You should start MailScanner seperately, in this configuration. Hope this helps! -- Kind regards, Wietse Muizelaar ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jul 20 14:26:27 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:22 2006 Subject: Question regarding clamd.conf parameters.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >>In /usr/lib/MailScanner/MailScanner/SweepViruses.pm, there exists a >>parameter Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED(), removing this >>will ensure that clamavmodule (libclamav + Mail::ClamAV) doesn't >>mark password-protected archives as viruses. >> >>Can this be possibly corrected by the mighty 'root' in the next >>MailScanner release? > > > It's already there. > > If you have MailScanner set to allow password-protected zip and rar > archives, then this option is disabled. If you have it set to block > password-protected archives, then this option is enabled. perl = greek, Noted and corrected.. - dhawal Infected with perl learning and reading disability ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 14:18:05 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: Mailscanner stopped scanning after Debian upgrade Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Since my Debian Sarge system upgrade sendmail my mailscanner does not > seem to scan... i see it starting in the log file but does not scan > incoming email.... > > Actually i think mailscanner was upgraded too... not sure..... > > I am running sendmail 8.13.4 and Mailscanner version 4.41.3 also i now > see a new file named sendmail.conf that i did not see before?? > > Any help appreciated... > > Thanks and have a great day! What do you have for Lock Type ? It should be posix for Sendmail 8.13+ > > > Rob... > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed Jul 20 14:40:42 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:30:22 2006 Subject: Mailscanner stopped scanning after Debian upgrade Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That did it, but after i chowned /var/spool/mqueue.in to root:smmsp When did sendmail start using a sendmail.conf file?? where was i when this happened :0) As for upgrading i try to use apt-get for everything as it keeps my maintenance on all my servers easier.... thanks for all the quick replies from everyone i really appreciate it! Rob... ----- Original Message ----- From: "Wietse Muizelaar" To: Sent: Wednesday, July 20, 2005 9:15 AM Subject: Re: Mailscanner stopped scanning after Debian upgrade > Hi, > > On Wednesday, July 20, 2005 3:11 PM, > Rob wrote: > >> Since my Debian Sarge system upgrade sendmail my mailscanner does not >> seem to scan... i see it starting in the log file but does not scan >> incoming email.... >> >> Actually i think mailscanner was upgraded too... not sure..... >> >> I am running sendmail 8.13.4 and Mailscanner version 4.41.3 also i >> now see a new file named sendmail.conf that i did not see before?? > > Is the MailScanner version the version from Sarge, or the .tar.gz-version? > I use the standard Sarge-sendmail version, but update MailScanner by hand > with the .tar.gz-version. > To have the thing working in Sarge, I needed to edit the > /etc/mail/sendmail.conf, and give this to the DAEMON_PARMS: > > DAEMON_PARMS="-ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; > > That takes care of the 'split' sendmail queues. You should start > MailScanner seperately, in this configuration. > > Hope this helps! > > -- > Kind regards, > > Wietse Muizelaar > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 14:23:43 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, We've got something on postix, sendmail and qmail about how tu use MailScanner in gateway mode (I've asked the qmail staff to check the qmail version). But we're missing something about Exim. Could someone write something about Exim that looks like http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway in http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:setup_a_gateway ? Thanks, Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 14:35:13 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: Mailscanner stopped scanning after Debian upgrade Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > It has probably re-enabled the sendmail service. > Do these 4 commands (you might have to use some other command in place > of "service" on Debian, I'm not a Debian user): > > chkconfig sendmail off > chkconfig MailScanner on > service sendmail stop > service MailScanner start chkconfig and service don't exist on debian ;). And I think that the .deb sets up MailScanner to not start the MTA and changes the MTA startup script. On my Sarge/postfix server, I must start MailScanner and Postfix individually. Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jul 20 15:12:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Hi, > > We've got something on postix, sendmail and qmail about how tu use > MailScanner in gateway mode (I've asked the qmail staff to check the > qmail version). But we're missing something about Exim. > > Could someone write something about Exim that looks like > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway > > in > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:setup_a_gateway > > > ? > > Thanks, > > Ugo > Ugo already there..just called how-to.. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 15:21:35 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Ugo Bellavance wrote: > >> Hi, >> >> We've got something on postix, sendmail and qmail about how tu use >> MailScanner in gateway mode (I've asked the qmail staff to check the >> qmail version). But we're missing something about Exim. >> >> Could someone write something about Exim that looks like >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway >> >> >> in >> >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:setup_a_gateway >> >> >> >> ? >> >> Thanks, >> >> Ugo >> > > Ugo > > already there..just called how-to.. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation I can't easily find where to configure it to send scanned messages directly to the other mail server (e.g. Exchange). (like mailertable in sendmail) -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From svs at TRANSAS.COM Wed Jul 20 15:52:38 2005 From: svs at TRANSAS.COM (Smirnov, Sergey) Date: Thu Jan 12 21:30:22 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How can I add X-Spam-Status header on mails successfuly scanned by mailscanner? - -- Sergey Smirnov UNIX System Administrator of System Department Transas Group -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC3mU2mVlVgFWQYrkRAusoAJ9sDwYabnqJfu1JesMZ5dShrSvHxwCeIEQn eP4xQbJ/dDD9VCmjdxUlJ5Q= =yqoP -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jul 20 15:52:01 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Martin Hepworth wrote: > >>Ugo Bellavance wrote: >> >> >>>Hi, >>> >>> We've got something on postix, sendmail and qmail about how tu use >>>MailScanner in gateway mode (I've asked the qmail staff to check the >>>qmail version). But we're missing something about Exim. >>> >>> Could someone write something about Exim that looks like >>> >>>http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway >>> >>> >>>in >>> >>>http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:setup_a_gateway >>> >>> >>> >>>? >>> >>>Thanks, >>> >>>Ugo >>> >> >>Ugo >> >>already there..just called how-to.. >> >>http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation > > > I can't easily find where to configure it to send scanned messages > directly to the other mail server (e.g. Exchange). > > (like mailertable in sendmail) > > Hmm well that's what the 'default' installation does for Exim. It relies on internal MX records being correc....but apart from that... -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 16:05:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Smirnov, Sergey wrote: > How can I add X-Spam-Status header on mails successfuly scanned by > mailscanner? > -- > Sergey Smirnov > UNIX System Administrator of System Department > Transas Group # header "name: value" - Add the header # name: value # to the message. name must not contain any spaces. # # This can also be the filename of a ruleset, in which case the filename You can find this in all "Actions". Found that in the change log for 4.37.7. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 16:05:54 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Ugo Bellavance wrote: > >> Martin Hepworth wrote: >> >>> Ugo Bellavance wrote: >>> >>> >>>> Hi, >>>> >>>> We've got something on postix, sendmail and qmail about how tu use >>>> MailScanner in gateway mode (I've asked the qmail staff to check the >>>> qmail version). But we're missing something about Exim. >>>> >>>> Could someone write something about Exim that looks like >>>> >>>> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway >>>> >>>> >>>> >>>> in >>>> >>>> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:setup_a_gateway >>>> >>>> >>>> >>>> >>>> ? >>>> >>>> Thanks, >>>> >>>> Ugo >>>> >>> >>> Ugo >>> >>> already there..just called how-to.. >>> >>> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:installation >>> >> >> >> >> I can't easily find where to configure it to send scanned messages >> directly to the other mail server (e.g. Exchange). >> >> (like mailertable in sendmail) >> >> > > Hmm > > well that's what the 'default' installation does for Exim. It relies on > internal MX records being correc....but apart from that... Wouldn't it be possible to relay to, for example 192.168.1.1, without having a local DNS zone? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Jul 20 16:29:20 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Martin Hepworth wrote: > >>Ugo Bellavance wrote: >> >> >>> >>> >>>I can't easily find where to configure it to send scanned messages >>>directly to the other mail server (e.g. Exchange). >>> >>>(like mailertable in sendmail) >>> >>> >> >>Hmm >> >>well that's what the 'default' installation does for Exim. It relies on >>internal MX records being correc....but apart from that... > > > Wouldn't it be possible to relay to, for example 192.168.1.1, without > having a local DNS zone? > I should think so. I'll have a look in the exim book/website. -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From svs at TRANSAS.COM Wed Jul 20 16:31:59 2005 From: svs at TRANSAS.COM (Smirnov, Sergey) Date: Thu Jan 12 21:30:22 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] But it should be different in spam and not spam messages I changed MailScanner.conf: Spam Header = X-Spam-Status: and /etc/MailScanner/reports/en/languages.conf: Spam = Yes NotSpam = No Now my user don't need to change filter rules to identify spam Ugo Bellavance wrote: > Smirnov, Sergey wrote: > >>How can I add X-Spam-Status header on mails successfuly scanned by >>mailscanner? >>-- >>Sergey Smirnov >>UNIX System Administrator of System Department >>Transas Group > > > > # header "name: value" - Add the header > # name: value > # to the message. name must not contain any > spaces. > # > # This can also be the filename of a ruleset, in which case the filename > > > You can find this in all "Actions". > > Found that in the change log for 4.37.7. > -- Sergey Smirnov UNIX System Administrator of System Department Transas Group ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ctwatts at gmail.com Wed Jul 20 16:43:38 2005 From: ctwatts at gmail.com (Cannon Watts) Date: Thu Jan 12 21:30:22 2006 Subject: SpamAssassin score is always zero Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > What do you have for: > Check SpamAssassin If On Spam List = > in MailScanner.conf? I have that set to "Yes". As I posted earlier, upgrading to SpamAssasin 3 fixed the problem. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 16:33:50 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Smirnov, Sergey wrote: > But it should be different in spam and not spam messages > I changed MailScanner.conf: > > Spam Header = X-Spam-Status: > > and /etc/MailScanner/reports/en/languages.conf: > > Spam = Yes > NotSpam = No > > Now my user don't need to change filter rules to identify spam > Please avoid top posting. You may break something else this way. You can make a 'header' action for spam, another for non-spam, and another for high-spam. > Ugo Bellavance wrote: > >>Smirnov, Sergey wrote: >> >> >>>How can I add X-Spam-Status header on mails successfuly scanned by >>>mailscanner? >>>-- >>>Sergey Smirnov >>>UNIX System Administrator of System Department >>>Transas Group >> >> >> >># header "name: value" - Add the header >># name: value >># to the message. name must not contain any >>spaces. >># >># This can also be the filename of a ruleset, in which case the filename >> >> >>You can find this in all "Actions". >> >>Found that in the change log for 4.37.7. >> > > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jul 20 16:53:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:22 2006 Subject: Putting the wiki in the distributions Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am considering putting a copy of the latest version of the wiki contents in future versions of the MailScanner downloadable distributions. 2 questions: 1) Is this a good idea? 2) How do I do it? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt5zYRH2WUcUFbZUEQJAWwCghY50/hWmWT2GGwWAt6UdFY/MWAIAoLBi qwWVla+Kf+l32saZoWFaD+bA =1KPw -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From christian.schmidt at CHEMIE.UNI-HAMBURG.DE Wed Jul 20 16:40:46 2005 From: christian.schmidt at CHEMIE.UNI-HAMBURG.DE (Christian Schmidt) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: Hello Ugo, Ugo Bellavance, 20.07.2005 (d.m.y): > I can't easily find where to configure it to send scanned messages > directly to the other mail server (e.g. Exchange). Just add a corresponding router (manualroute) to the exim configuration that is responsible for outgoing mails (= mails that have been scanned by MailScanner). Regards, Christian Schmidt -- Kaum gedacht, kaum gedacht, war der Lust ein End' gemacht. -- Wilhelm Hauff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 17:04:21 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Schmidt wrote: > Hello Ugo, > > Ugo Bellavance, 20.07.2005 (d.m.y): > > >>I can't easily find where to configure it to send scanned messages >>directly to the other mail server (e.g. Exchange). > > > Just add a corresponding router (manualroute) to the exim > configuration that is responsible for outgoing mails (= mails that > have been scanned by MailScanner). > > Regards, > Christian Schmidt > I don't know exim at all. I can't write that in the wiki this way :(. Could you write to the list the complete procedure with an example snippet, or write directly in the wiki? http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:setup_a_gateway -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 17:05:18 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: Putting the wiki in the distributions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I am considering putting a copy of the latest version of the wiki > contents in future versions of the MailScanner downloadable > distributions. > > 2 questions: > > 1) Is this a good idea? > > 2) How do I do it? > -> I must add that the wiki is only based on text files, no DB backend. Thanks, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Wed Jul 20 17:24:11 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:22 2006 Subject: Putting the wiki in the distributions Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > I am considering putting a copy of the latest version of the wiki > contents in future versions of the MailScanner downloadable > distributions. > > 2 questions: > > 1) Is this a good idea? > If you are a) 100% sure the information is verified and valid b) There is no misleading of complicated information in there, or even contradictory things. > 2) How do I do it? Some wikis allow you do export their Data to PDF. But you as a perl Guru could easily write a screen scraper with WWW::Mechnize and then convert it to PDF over a Latex template? or PDF::API2 or so? - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFC3nqrPMoaMn4kKR4RAhdfAJ0WoZWfCEX0zHW3rnFeJG8YuZxt1ACgk0O0 /hyyAcoDmWGx42DHyFKezRA= =CvYD -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jul 20 17:30:54 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:22 2006 Subject: Putting the wiki in the distributions Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Wouldn't it make a bit more sense to include the pdf manual instead? Michele -- Blacknight Solutions http://www.blacknight.ie/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Cleveland at WINNEFOX.ORG Wed Jul 20 17:59:29 2005 From: Cleveland at WINNEFOX.ORG (Jody Cleveland) Date: Thu Jan 12 21:30:22 2006 Subject: How to investigate timeouts? Message-ID: > If it is spam, it most likely was sent directly to mystique > as it is the higher MX record. > Spammers have been hitting the higher MX for a long time, probably in > the hopes that either the secondary MX is not protected, or > the transfer > from the secondary to the primary will be whitelisted or less > likely to bounce. Brilliant!! In looking over all the messages, all the ones that I thought were timing out were either spam, or otherwise accounted for. Thank you so much! - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 18:21:52 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: RHEL3 -> RHEL4 upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Anyone successfully upgraded a MailScanner (dedicated) server running RHEL3 (or a clone) to RHEL4? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From munafo at polito.it Wed Jul 20 19:24:27 2005 From: munafo at polito.it (Maurizio M. Munafo') Date: Thu Jan 12 21:30:22 2006 Subject: Problems with qmail: viruses not blocked Message-ID: I recently started using Mailscanner with Qmail (after using it a long time on another system with sendmail). I installed the openprotect extension and everything seemed to work, i.e. spam, HTML, phishing identification and extention blocking are working fine, but I did not received any virus notification as an administrator. I investigated further the problem and I just realized that the system seems not to block viruses (and if a virus is blocked is actually because of the extension filtering). ClamAV identifies the virus, the log contains messages like > Jul 20 19:28:14 mysystem MailScanner[3669]: New Batch: Scanning 1 messages, 2247 bytes > Jul 20 19:28:14 mysystem MailScanner[3669]: Spam Checks: Starting > Jul 20 19:28:18 mysystem MailScanner[3669]: Virus and Content Scanning: Starting > Jul 20 19:28:18 mysystem MailScanner[3669]: /mnt/drbd0/var/spool/MailScanner/incoming/3669/./12386487/eicar.cam: Eicar-Test-Signature FOUND > Jul 20 19:28:18 mysystem MailScanner[3669]: Virus Scanning: ClamAV found 1 infections > Jul 20 19:28:18 mysystem MailScanner[3669]: Virus Scanning: Found 1 viruses > Jul 20 19:28:18 mysystem MailScanner[3669]: Uninfected: Delivered 1 messages but the message is delivered completely without any filtering and the header is "X-MySys-MailScanner: Found to be clean" MailScanner.conf contains: > Virus Scanning = yes > Virus Scanners = clamav > Virus Scanner Timeout = 300 > Deliver Disinfected Files = yes > Silent Viruses = HTML-IFrame HTML-Codebase All-Viruses > Still Deliver Silent Viruses = yes > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Deliver Disinfected Files used to be "no", but I have been experimenting with the configuration to try to solve the problem. I do not know if this a problem of qmail configuration or it is due to some combination of directives in my Mailscanner.conf file. Thanks for your help. Maurizio -- ______ / Maurizio M. Munafo' / dMMMMMMMMb dMMMMb / Dip. di Elettronica - Politecnico di Torino / dMP"dMP"dMP "dMP / Corso Duca degli Abruzzi 24 / dMP dMP dMP dMMK" / I-10129 Torino (Italia) / dMP dMP dMP dMF / Tel: +39 011 5644128 Fax: +39 011 5644099 / dMP dMP dMP dMMMMP" / E-mail: munafo@polito.it /________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From dhawal at NETMAGICSOLUTIONS.COM Wed Jul 20 19:54:55 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:22 2006 Subject: RHEL3 -> RHEL4 upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joshua Hirsh wrote: >> Anyone successfully upgraded a MailScanner (dedicated) >>server running RHEL3 (or a clone) to RHEL4? > > > > Yes and no. I didn't want to take the risk, so I migrated over to a different server when I did the upgrade between RHEL 3 (Tao 1) and RHEL 4 (CentOS 4). > > The upgrade can't be done "live" and is recommended to be done through the use of the CD (anaconda), which was the reason behind my choice to use a separate server for the migration. Plus it allowed me to make sure there was absolutely no problems before taking down the mail. The cutover resulted in maybe 10 seconds of downtime while I swapped the IP's on the servers. > > > Cheers, > > -Joshua See if this helps http://www.centos.org/modules/smartfaq/faq.php?faqid=27 => Pop in the CD, type 'linux upgradeany' at the boot prompt and this http://www.centos.org/modules/newbb/viewtopic.php?topic_id=382&start=0 => Make changes to /etc/redhat-release and forcibly upgrade a few rpms and then let yum take care of the rest A lot of things change from 3 to 4 primarily the kernel and the file-system layout (ext3 over lvm2) and selinux Anyways i tend to agree with Joshua on a complete re-install rather than an upgrade.. OR use the first method of a CD based upgrade (which IMO would be the one recommended by redhat), just make sure you take a complete backup of everything in any case. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 20 20:02:16 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:22 2006 Subject: RHEL3 -> RHEL4 upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Joshua Hirsh wrote: > >>> Anyone successfully upgraded a MailScanner (dedicated) server >>> running RHEL3 (or a clone) to RHEL4? >> >> >> >> >> Yes and no. I didn't want to take the risk, so I migrated over to a >> different server when I did the upgrade between RHEL 3 (Tao 1) and >> RHEL 4 (CentOS 4). >> >> The upgrade can't be done "live" and is recommended to be done >> through the use of the CD (anaconda), which was the reason behind my >> choice to use a separate server for the migration. Plus it allowed me >> to make sure there was absolutely no problems before taking down the >> mail. The cutover resulted in maybe 10 seconds of downtime while I >> swapped the IP's on the servers. >> >> >> Cheers, >> >> -Joshua > > > See if this helps > http://www.centos.org/modules/smartfaq/faq.php?faqid=27 > => Pop in the CD, type 'linux upgradeany' at the boot prompt > Yep, knew that one. I already updgraded with this method my development server wich is basically a LAMP server + CVS > and this > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=382&start=0 > => Make changes to /etc/redhat-release and forcibly upgrade a few rpms > and then let yum take care of the rest Not recommended by many persons, especially by Johnny Hughes (he made a test, but the website is down, so I can't put the URL here... > > A lot of things change from 3 to 4 primarily the kernel and the > file-system layout (ext3 over lvm2) and selinux And udev I think. > > Anyways i tend to agree with Joshua on a complete re-install rather than > an upgrade.. OR use the first method of a CD based upgrade (which IMO > would be the one recommended by redhat), just make sure you take a > complete backup of everything in any case. That is all already in my head... I was just wondering if someone had actually done it (or will I be the first... ;)?) Thanks, Ugo > > - dhawal > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Jul 20 20:32:31 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:22 2006 Subject: RHEL3 -> RHEL4 upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: >>A lot of things change from 3 to 4 primarily the kernel and the >>file-system layout (ext3 over lvm2) and selinux > > > And udev I think. Ah yes, udev is an important change as well > > >>Anyways i tend to agree with Joshua on a complete re-install rather than >>an upgrade.. OR use the first method of a CD based upgrade (which IMO >>would be the one recommended by redhat), just make sure you take a >>complete backup of everything in any case. > > > That is all already in my head... I was just wondering if someone had > actually done it (or will I be the first... ;)?) > You certainly won't be the first, check "rhel3 to rhel4 upgrade site:redhat.com" in google. It would be a good idea to skim through the typical problems that people have faced so far. If you have a strong backup policy, then go ahead, upgrade and share your experience. I had once done this for a development qmail + courier-imap server running centos 3.3 but it broke a few things, none which were not fixable with a little effort, like gamin over sgi_fam and no perl-suidperl (required by qmail-scanner) etc.. Later a fresh install was the best option. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Wed Jul 20 21:37:34 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:30:22 2006 Subject: RHEL3 -> RHEL4 upgrade? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 20 July 2005 11:21 am, Ugo Bellavance wrote: > Anyone successfully upgraded a MailScanner (dedicated) server running > RHEL3 (or a clone) to RHEL4? I upgraded one from WhiteBox to CentOS 3 and then to CentOS 4 without any problems. Just followed notes on the CentOS web site for doing this - pretty straightforward. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From b.addis at TIMESMEDIA.CO.NZ Wed Jul 20 21:57:46 2005 From: b.addis at TIMESMEDIA.CO.NZ (Brent Addis) Date: Thu Jan 12 21:30:23 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I presume you are using exim4? Just setup a hubbed_hosts file eg: ># cat /etc/exim4/hubbed_hosts timesmedia.co.nz: mail.timesmedia.co.nz I'm not exactly sure if you can point it at ip addresses however, as it sort of goes against the rfcs - "thou shalt not point mail at an ip" or similar, which exim follows quite strictly. You could probably setup an alias in your hosts file though. Regards, Brent Addis Group Systems Administrator Times Media Group Martin Hepworth wrote: > Ugo Bellavance wrote: > >> Martin Hepworth wrote: >> >>> Ugo Bellavance wrote: >>> > >> > >>>> >>>> >>>> I can't easily find where to configure it to send scanned messages >>>> directly to the other mail server (e.g. Exchange). >>>> >>>> (like mailertable in sendmail) >>>> >>>> >>> >>> Hmm >>> >>> well that's what the 'default' installation does for Exim. It relies on >>> internal MX records being correc....but apart from that... >> >> >> >> Wouldn't it be possible to relay to, for example 192.168.1.1, without >> having a local DNS zone? >> > > I should think so. I'll have a look in the exim book/website. > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic Ltd > tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From christian.schmidt at CHEMIE.UNI-HAMBURG.DE Wed Jul 20 23:18:28 2005 From: christian.schmidt at CHEMIE.UNI-HAMBURG.DE (Christian Schmidt) Date: Thu Jan 12 21:30:23 2006 Subject: Wiki exim request Message-ID: Hello Ugo, Ugo Bellavance, 20.07.2005 (d.m.y): > Christian Schmidt wrote: > > > > Ugo Bellavance, 20.07.2005 (d.m.y): > > > >>I can't easily find where to configure it to send scanned messages > >>directly to the other mail server (e.g. Exchange). > > > > Just add a corresponding router (manualroute) to the exim > > configuration that is responsible for outgoing mails (= mails that > > have been scanned by MailScanner). > > I don't know exim at all. I can't write that in the wiki this way :(. > Could you write to the list the complete procedure with an example > snippet, This snippet has to be placed in the ROUTERS section of the configuration file that configures the "delivering" instance of exim, i.e. the instance that MailScanner "passes" the mails to after scanning for viri and spam. # Router for eMails to some.special.domain: special_router: driver = manualroute domains = some.special.domain transport = remote_smtp route_list = "* some.special.host" This tells exim that mail to addresses with the domain part "some.special.domain" shall be delivered via a "manualroute" to the host "some.special.host". This router must be placed first in the ROUTERS section. The above example is a very minimalistic one, but it works for me... More information can be found in the docs on . There are examples, too... Regards, Christian Schmidt -- Jede Aussage, die Sie hier lesen, kann gegen Sie verwendet werden! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Thu Jul 21 07:13:42 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:30:23 2006 Subject: Filename Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, i have set up filename.types.rules : # Deny all other double file extensions. This catches any hidden filenames. deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding deny \pdf$.\exe$ Not allow But i received a File like "Rechnung.pdf.exe" .... # /opt/MailScanner/bin/MailScanner -v This is MailScanner version 4.42.9 Module versions are: 1.15 Archive::Zip 1.119 Convert::BinHex 1.03 Fcntl 2.6 File::Basename 2.03 File::Copy 2.00 FileHandle 1.0404 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.08 IO::File 1.121 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.03 POSIX 1.72 Socket 0.01 Sys::Syslog 1.01 Time::localtime Optional module versions are: 1.811 DB_File 1.05 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent 0.30 SAVI 1.2 Sys::Hostname::Long 1.1604 Test::Harness 0.44 Test::Simple 1.95 Text::Balanced 1.35 URI Whats wrong ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevind at GO2.IE Thu Jul 21 09:21:49 2005 From: kevind at GO2.IE (kevin) Date: Thu Jan 12 21:30:23 2006 Subject: Filename Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Uwe wrote: >Hello, > >i have set up filename.types.rules : > ># Deny all other double file extensions. This catches any hidden filenames. >deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding >deny \pdf$.\exe$ Not allow > > > i could be wrong, it's been a while. but from my shell scripting days the first thing i would spot is : deny \pdf$.\exe$ Not allow ^ the '$' symbol indicates the end of the file name if you wanted to catch blah.pdf.exe use \pdf\.exe$ if you wanted to block each ending just write two rules. kevind ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Paul.Haldane at NEWCASTLE.AC.UK Thu Jul 21 11:53:58 2005 From: Paul.Haldane at NEWCASTLE.AC.UK (Paul Haldane) Date: Thu Jan 12 21:30:23 2006 Subject: Phishing detection and outbind: Message-ID: We've got an issue (I don't like to call it a problem because MailScanner is doing the right thing :->) with messages from Outlook clients (I believe it's always Outlook) containing things like www.ncl.ac.uk (as opposed to properly formed URLs like http://www.ncl.ac.uk/) and the phishing detection code. Here's an example (after going passing through MailScanner - haven't yet managed to capture an untouched version) ... >programme has been developed. This is available on the website - > >MailScanner has detected a possible fraud attempt from "outbind:" >claiming to be www.ncl.ac.uk/internal/e2r I've tried (quite hard) to persuade Outlook to generate messages containing outbind hrefs but haven't yet managed so either it's not as simple as I thought or the version/setup of Outlook I'm using doesn't do it. Does anyone know exactly how to provoke this behaviour (and by implication how to avoid it)? Would it be sensible/possible to treat this sort of URL specially (stripping off ^outbind://\d+/ ?) so that the phishing code is happy with it? Paul -- Paul Haldane Unix Systems, Information Systems and Services, University of Newcastle upon Tyne ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jul 21 13:26:48 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:23 2006 Subject: MCP & quarantine Message-ID: I don't normally use the MailScanner quarantine feature here. Am looking for some pointers to enable me to quarantine messages caught my MCP. We are using MCP to recognise and block what looks like a new MyDoom or similar virus/worm that arrives as a zipped attachment in a socially engineered message that looks like it was sent by this site. When the MCP action is "delete" that is working OK. However I would like to capture some of these messages to be better able to study their content and characteristics. To that end I changed the MCP action from "delete" to "quarantine". The logs indicate that the action is now "quarantine" but I am seeing nothing under /var/spool/MailScanner/quarantine. Note that I do _not_ want any other messages to be quarantined. This happened when I was trying to sort out the MCP quarantining problem by changing actions in MailScanner.conf. Found that a message containing a .bmp attachment had been quarantined (.bmp files are one of the 50+ filename types that we block). Any advice on this is welcome. Thanks Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 21 13:42:34 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:23 2006 Subject: Putting the wiki in the distributions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Doesnt everyone prefer to read doco and such in thier webbrowser rather than in VI or similar? Its not like anyone who is using mailscanner doesnt have a web enabled machine. If anything then i agree the PDF. Pete Michele Neylon :: Blacknight Solutions wrote: > Julian > > Wouldn't it make a bit more sense to include the pdf manual instead? > > Michele > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Jul 21 13:42:38 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:23 2006 Subject: Filename Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Uwe wrote: >But i suspected the "standard" rule would do the job (stop file.pdf.exe) > > > >># Deny all other double file extensions. This catches any hidden filenames. >>deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding >> >> Uwe, This rule should catch double extension file names. Are you sure you don't have an allow rule before this one in your filename rules files? Also make sure all fields are separated with TABs, not spaces in this file. Denis PS: you shouldn't use a reply-to address because it bypasses MailScanner list unless someone does a reply to all. -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From steve.swaney at fsl.com Thu Jul 21 13:52:32 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:23 2006 Subject: MCP & quarantine Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Quentin Campbell > Sent: Thursday, July 21, 2005 8:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MCP & quarantine > > I don't normally use the MailScanner quarantine feature here. Am looking > for some pointers to enable me to quarantine messages caught my MCP. > > We are using MCP to recognise and block what looks like a new MyDoom or > similar virus/worm that arrives as a zipped attachment in a socially > engineered message that looks like it was sent by this site. > > When the MCP action is "delete" that is working OK. However I would like > to capture some of these messages to be better able to study their > content and characteristics. > > To that end I changed the MCP action from "delete" to "quarantine". The > logs indicate that the action is now "quarantine" but I am seeing > nothing under /var/spool/MailScanner/quarantine. Quentin, I think you want "store" not "quarantine" Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Thu Jul 21 13:52:49 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:30:23 2006 Subject: Putting the wiki in the distributions Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pete Russell wrote: > Doesnt everyone prefer to read doco and such in thier webbrowser rather > than in VI or similar? > Well I hate readfing on screen, and printing out a PDF is usually a lot nicer :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFC35qhPMoaMn4kKR4RAllsAKCR/UDP08XaIe8F4pYXkEspIx5IkACeIPs/ yyLf+Ue3n4P7pX0EEFu4wMU= =mszq -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 21 13:57:44 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:23 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Steve, dod yuou ever resolve this issue with postfix? I am really keen to fix this. I ran the smtpd_recipient_limit = 1 for a few weeks but a number of hosts start failing to send untill you increase the limit :( Any other ideas for fixing this in postfix? Heres hoping Pete Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Joshua Hirsh >>Sent: Tuesday, May 17, 2005 3:04 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: off topic: postfix and email to multiple recipients >> >> >>>And as I read this means the >>>default_destination_recipient_limit controls >>>only outgoing (destination_recipient) parameters. I nees >>>something that >>>works on the incoming messages :( >> >> You mean like smtpd_recipient_limit? Changing that setting would do it, >>however, it would probably have a negative impact on the server as it >>would now have to accept one message per recipient. For small sites I >>wouldn't see this as a problem, but for large sites, it would be a pretty >>excessive waste of I/O. >> >> > > > I think this setting just rejects any email thats over the limit, hence the > high default setting of 1000 but I'll try testing. > > You are right about load. Using this configuration with sendmail can add 30% > to the server load. But if you want to be sure that individual user's spam > preferences are strictly enforced, It the only way I know of doing it. > > Thanks, > > Steve > > Steve Swaney > President > Fortress Systems Ltd. > Phone: 202 338-1670 > Cell: 202 352-3262 > www.fsl.com > steve.swaney@fsl.com > > > >> Regards, >> >>-Joshua >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 21 14:00:43 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:23 2006 Subject: RHEL3 -> RHEL4 upgrade? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Stone wrote: > On Wednesday 20 July 2005 11:21 am, Ugo Bellavance wrote: > >> Anyone successfully upgraded a MailScanner (dedicated) server running >>RHEL3 (or a clone) to RHEL4? > > > I upgraded one from WhiteBox to CentOS 3 and then to CentOS 4 without any > problems. Just followed notes on the CentOS web site for doing this - pretty > straightforward. > > Chris > What was your method to upgrade from 3 to 4? Yum or CD? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Jul 21 14:11:38 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:23 2006 Subject: Filename Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Uwe > Sent: Thursday, July 21, 2005 1:14 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Filename > > > Hello, > > i have set up filename.types.rules : > > # Deny all other double file extensions. This catches any hidden > filenames. > deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible > filename hiding > deny \pdf$.\exe$ Not allow > just using deny \.exe$ should catch this as the end is .exe, to catch both would be "\.pdf\.exe$" .the \ tells the regex engine to treat the next character as a literal rather than special, in this case "." would normally mean any single character. However, the default rules will catch \.exe$ so it would seem there is something else amiss here. Are you getting any errors in the log stating the file format is wrong for your file name rules (like not delimitating with a tab char?) Rick > > But i received a File like "Rechnung.pdf.exe" .... > > > # /opt/MailScanner/bin/MailScanner -v > > This is MailScanner version 4.42.9 > Module versions are: > 1.15 Archive::Zip > 1.119 Convert::BinHex > 1.03 Fcntl > 2.6 File::Basename > 2.03 File::Copy > 2.00 FileHandle > 1.0404 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.20 IO > 1.08 IO::File > 1.121 IO::Pipe > 1.66 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.03 POSIX > 1.72 Socket > 0.01 Sys::Syslog > 1.01 Time::localtime > > Optional module versions are: > 1.811 DB_File > 1.05 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.000004 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > 1.94 Parse::RecDescent > 0.30 SAVI > 1.2 Sys::Hostname::Long > 1.1604 Test::Harness > 0.44 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > Whats wrong ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 21 14:04:31 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:23 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brent Addis wrote: > I presume you are using exim4? No preference, I just want to have the doc written in the wiki. If you have info for exim3 as well, I'll gladly take them. > Just setup a hubbed_hosts file > > eg: > >># cat /etc/exim4/hubbed_hosts > timesmedia.co.nz: mail.timesmedia.co.nz > > I'm not exactly sure if you can point it at ip addresses however, as it > sort of goes against the rfcs - "thou shalt not point mail at an ip" or > similar, which exim follows quite strictly. > > You could probably setup an alias in your hosts file though. > Ok, can anyone confirm? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. > > > Regards, > > Brent Addis > Group Systems Administrator > Times Media Group > > > > > > Martin Hepworth wrote: > >> Ugo Bellavance wrote: >> >>> Martin Hepworth wrote: >>> >>>> Ugo Bellavance wrote: >>>> >> >> >> >>>>> >>>>> >>>>> I can't easily find where to configure it to send scanned messages >>>>> directly to the other mail server (e.g. Exchange). >>>>> >>>>> (like mailertable in sendmail) >>>>> >>>>> >>>> >>>> Hmm >>>> >>>> well that's what the 'default' installation does for Exim. It relies on >>>> internal MX records being correc....but apart from that... >>> >>> >>> >>> >>> Wouldn't it be possible to relay to, for example 192.168.1.1, without >>> having a local DNS zone? >>> >> >> I should think so. I'll have a look in the exim book/website. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 21 14:23:39 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:23 2006 Subject: Postfix help required. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I know this has been raised a few times, but i think its important enough to pursue. As described clearly by Steve below. Stephen Swaney wrote: > Quite a while back there was a discussion on this list regarding using the > MTA to split incoming emails to multiple recipients into individual > messages, one per recipient, before dropping the messages into MailScanner's > incoming queue. I have tried running smtpd_recipient_limit = 1 for a few weeks, but this is no good for high volume mail sites and i have encountered at least 2 hosts that just refuse to send us mail unless the limit is raised back to the default 100 (as required by the rfc). Below Dhawal quotes some discussion on the postfix list that discuss the possiblity of a using a content filter to seperate the mail after it has been recieved. Could this be used to seperate before the mail is queued in the HOLD dir? Specifically anyone who knows how to manipulate script, please have a look in the 2nd link below - do you think this could be easily used to achieve the desired effect? If so how? Dhawal Doshy wrote: > here is a thread on the neohapsis postfix archives, which if i > understand correctly requires the same functionality.. > > Follow this thread.. > http://archives.neohapsis.com/archives/postfix/2002-10/1141.html > > And read these 2 messages in particular > http://archives.neohapsis.com/archives/postfix/2002-10/1469.html > http://archives.neohapsis.com/archives/postfix/2002-10/1490.html I guess the other possibility is to have 2 postfix instances - the 2nd running as per normal MailScanner config but on a different port, the first as a postifix relay with default_destination_recipient_limit = 1 to split the mail as it is delivered to the 2nd <--seems overly complicated and messy :( Sorry for the long post and for raising this again, but its becoming a limitation at my site. Looking forward to any suggestions Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 21 14:24:56 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:23 2006 Subject: Putting the wiki in the distributions Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not me - too hard to do a text search on your fallen forest. :) David H. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Pete Russell wrote: > >>Doesnt everyone prefer to read doco and such in thier webbrowser rather >>than in VI or similar? >> > > Well I hate readfing on screen, and printing out a PDF is usually a lot nicer :) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (Darwin) > > iD8DBQFC35qhPMoaMn4kKR4RAllsAKCR/UDP08XaIe8F4pYXkEspIx5IkACeIPs/ > yyLf+Ue3n4P7pX0EEFu4wMU= > =mszq > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Jul 21 14:22:41 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:23 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Pete Russell > Sent: Thursday, July 21, 2005 8:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: off topic: postfix and email to multiple recipients > > Hi Steve, dod yuou ever resolve this issue with postfix? I am really > keen to fix this. > > I ran the smtpd_recipient_limit = 1 for a few weeks but a number of > hosts start failing to send untill you increase the limit :( > > Any other ideas for fixing this in postfix? > > Heres hoping > Pete > Unfortunately no - I have only found successful solutions for sendmail and exim. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 21 14:14:16 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:23 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Christian Schmidt wrote: > Hello Ugo, > > Ugo Bellavance, 20.07.2005 (d.m.y): > > >>Christian Schmidt wrote: >> >>>Ugo Bellavance, 20.07.2005 (d.m.y): >>> >>> >>>>I can't easily find where to configure it to send scanned messages >>>>directly to the other mail server (e.g. Exchange). >>> >>>Just add a corresponding router (manualroute) to the exim >>>configuration that is responsible for outgoing mails (= mails that >>>have been scanned by MailScanner). >> >>I don't know exim at all. I can't write that in the wiki this way :(. >>Could you write to the list the complete procedure with an example >>snippet, > > > This snippet has to be placed in the ROUTERS section of the > configuration file that configures the "delivering" instance of exim, > i.e. the instance that MailScanner "passes" the mails to after > scanning for viri and spam. > > # Router for eMails to some.special.domain: > special_router: > driver = manualroute > domains = some.special.domain > transport = remote_smtp > route_list = "* some.special.host" > > This tells exim that mail to addresses with the domain part > "some.special.domain" shall be delivered via a "manualroute" to the > host "some.special.host". > This router must be placed first in the ROUTERS section. The above > example is a very minimalistic one, but it works for me... > > More information can be found in the docs on . > There are examples, too... > > Regards, > Christian Schmidt > Thanks Christian. I suppose this is for exim4. Is exim3 still widely in use? I'll put that up on the wiki if there is no one against. Thanks, Ugo -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Thu Jul 21 14:31:19 2005 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:30:23 2006 Subject: Putting the wiki in the distributions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Doesnt everyone prefer to read doco and such in thier webbrowser rather > than in VI or similar? > > Its not like anyone who is using mailscanner doesnt have a web enabled > machine. > > If anything then i agree the PDF. > > Pete Depending on what you mean by including the wiki, wouldn't a copy of MySQL and Apache required on the MailScanner box be required to view it properly? I would disagree about the Wiki, in my experience most wikis are out of date and poorly organised. But, I do not know about the MailScanner Wiki as I have not used it. On my servers I do not have a way to read a webpage or a PDF. All my servers are always headless and without X (they are servers not workstations!) Given a vote I would opt for a URL to current installation information, and a plain text copy of the install information. It could be assumed that the installing admin has some way of accessing the internet off the installation host, and that they have some way of reading a plaintext doc. Vi, Vim, Pico, Less, More, Joe are much more likely to be installed than a PDF reader. DAve > > > Michele Neylon :: Blacknight Solutions wrote: > >> Julian >> >> Wouldn't it make a bit more sense to include the pdf manual instead? >> >> Michele >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Jul 21 14:28:59 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:23 2006 Subject: MCP & quarantine Message-ID: Steve Thanks for that. It is now working. Serves me right for not checking the MailScanner.conf file for the correct action string. :-( However what confused the issue is that MS does not object to the use of "quarantine" in MailScanner.conf as an "action". After changing "High Scoring MCP Actions = delete" to "High Scoring MCP Actions = quarantine" and restarting MS, the logs said "Jul 21 13:21:19 cheviot7 MailScanner[29834]: MCP Actions: message j6LCLGBi011126 actions are quarantine" This appears to be a bug in 4.43.2. I would expect MailScanner to have objected to an invalid action (quarantine) in MailScanner.conf when it was restarted after the change described above. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney >Sent: 21 July 2005 13:53 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: MCP & quarantine > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Quentin Campbell >> Sent: Thursday, July 21, 2005 8:27 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: MCP & quarantine >> >> I don't normally use the MailScanner quarantine feature >here. Am looking >> for some pointers to enable me to quarantine messages caught my MCP. >> >> We are using MCP to recognise and block what looks like a >new MyDoom or >> similar virus/worm that arrives as a zipped attachment in a socially >> engineered message that looks like it was sent by this site. >> >> When the MCP action is "delete" that is working OK. However >I would like >> to capture some of these messages to be better able to study their >> content and characteristics. >> >> To that end I changed the MCP action from "delete" to >"quarantine". The >> logs indicate that the action is now "quarantine" but I am seeing >> nothing under /var/spool/MailScanner/quarantine. > >Quentin, > >I think you want "store" not "quarantine" > >Steve > >Stephen Swaney >Fort Systems Ltd. >stephen.swaney@fsl.com >www.fsl.com > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jul 21 14:37:19 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:23 2006 Subject: Wiki exim request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Christian Schmidt wrote: > >>Hello Ugo, >> >>Ugo Bellavance, 20.07.2005 (d.m.y): >> >> >> >>>Christian Schmidt wrote: >>> >>> >>>>Ugo Bellavance, 20.07.2005 (d.m.y): >>>> >>>> >>>> >>>>>I can't easily find where to configure it to send scanned messages >>>>>directly to the other mail server (e.g. Exchange). >>>> >>>>Just add a corresponding router (manualroute) to the exim >>>>configuration that is responsible for outgoing mails (= mails that >>>>have been scanned by MailScanner). >>> >>>I don't know exim at all. I can't write that in the wiki this way :(. >>>Could you write to the list the complete procedure with an example >>>snippet, >> >> >>This snippet has to be placed in the ROUTERS section of the >>configuration file that configures the "delivering" instance of exim, >>i.e. the instance that MailScanner "passes" the mails to after >>scanning for viri and spam. >> >># Router for eMails to some.special.domain: >>special_router: >> driver = manualroute >> domains = some.special.domain >> transport = remote_smtp >> route_list = "* some.special.host" >> >>This tells exim that mail to addresses with the domain part >>"some.special.domain" shall be delivered via a "manualroute" to the >>host "some.special.host". >>This router must be placed first in the ROUTERS section. The above >>example is a very minimalistic one, but it works for me... >> >>More information can be found in the docs on . >>There are examples, too... >> >>Regards, >>Christian Schmidt >> > > > Thanks Christian. I suppose this is for exim4. Is exim3 still widely > in use? > > I'll put that up on the wiki if there is no one against. > > Thanks, > > Ugo > Ugo unfortunate Exim 3 is still widely used (esp as Debian Sarge has just gone stable and woody is ages old) . But the official line from the exim developers is "UPGRADE, V3 is no longer supported" so I think we should stick with that. :-) -- -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From christian.schmidt at CHEMIE.UNI-HAMBURG.DE Thu Jul 21 14:57:20 2005 From: christian.schmidt at CHEMIE.UNI-HAMBURG.DE (Christian Schmidt) Date: Thu Jan 12 21:30:23 2006 Subject: Wiki exim request Message-ID: Hello Ugo, Ugo Bellavance, 21.07.2005 (d.m.y): > Thanks Christian. You're welcome. I'm always trying to return something to the community, but I often lack the time... > I suppose this is for exim4. Yes, it's for exim4. > Is exim3 still widely in use? on the exim-users mailing list, each question concerning exim3 is answered in this manner: exim3 has not been developed for roundabout three years. Switch to exim4. ;-) Nevertheless, there is an exi3 package in Debian's stable distribution to ensure a working upgrade from old stable (Woody) to stable (Sarge). > I'll put that up on the wiki if there is no one against. OK, but please add an annotation that this router definition is very "rudimentary"... ;-) Regards, Christian Schmidt -- Der Frieden kann bei uns nicht ausbrechen, weil er viel zu gut gesichert ist! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 21 16:04:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:23 2006 Subject: Filename Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21 Jul 2005, at 14:11, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Uwe >> Sent: Thursday, July 21, 2005 1:14 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Filename >> >> >> Hello, >> >> i have set up filename.types.rules : >> >> # Deny all other double file extensions. This catches any hidden >> filenames. >> deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible >> filename hiding >> deny \pdf$.\exe$ Not allow >> >> > > just using > > deny \.exe$ > > should catch this as the end is .exe, to catch both would be "\.pdf > \.exe$" > .the \ tells the regex engine to treat the next character as a literal > rather than special, in this case "." would normally mean any single > character. > > However, the default rules will catch \.exe$ so it would seem there is > something else amiss here. Are you getting any errors in the log > stating the > file format is wrong for your file name rules (like not > delimitating with a > tab char?) > > Rick You need 4 fields per line, not 3. > >> >> But i received a File like "Rechnung.pdf.exe" .... >> >> >> # /opt/MailScanner/bin/MailScanner -v >> >> This is MailScanner version 4.42.9 >> Module versions are: >> 1.15 Archive::Zip >> 1.119 Convert::BinHex >> 1.03 Fcntl >> 2.6 File::Basename >> 2.03 File::Copy >> 2.00 FileHandle >> 1.0404 File::Path >> 0.14 File::Temp >> 1.29 HTML::Entities >> 3.45 HTML::Parser >> 2.30 HTML::TokeParser >> 1.20 IO >> 1.08 IO::File >> 1.121 IO::Pipe >> 1.66 Mail::Header >> 3.05 MIME::Base64 >> 5.417 MIME::Decoder >> 5.417 MIME::Decoder::UU >> 5.417 MIME::Head >> 5.417 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.417 MIME::Tools >> 0.10 Net::CIDR >> 1.03 POSIX >> 1.72 Socket >> 0.01 Sys::Syslog >> 1.01 Time::localtime >> >> Optional module versions are: >> 1.811 DB_File >> 1.05 Digest >> 1.01 Digest::HMAC >> 2.33 Digest::MD5 >> 2.10 Digest::SHA1 >> 0.44 Inline >> 0.17 Mail::ClamAV >> 3.000004 Mail::SpamAssassin >> 1.997 Mail::SPF::Query >> 0.15 Net::CIDR::Lite >> 0.48 Net::DNS >> missing Net::LDAP >> 1.94 Parse::RecDescent >> 0.30 SAVI >> 1.2 Sys::Hostname::Long >> 1.1604 Test::Harness >> 0.44 Test::Simple >> 1.95 Text::Balanced >> 1.35 URI >> >> >> Whats wrong ? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt+5iRH2WUcUFbZUEQJ4lQCfVIc6R2+4YUpmX4yrUrxA9myNwp4An1Lu aNMQ9OPRv7Pfv1IyyAEESuaq =0Aem -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 21 16:40:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:23 2006 Subject: Phishing detection and outbind: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What version of MailScanner are you using? On 21 Jul 2005, at 11:53, Paul Haldane wrote: > We've got an issue (I don't like to call it a problem because > MailScanner is doing the right thing :->) with messages from Outlook > clients (I believe it's always Outlook) containing things like > www.ncl.ac.uk (as opposed to properly formed URLs like > http://www.ncl.ac.uk/) and the phishing detection code. > > > Here's an example (after going passing through MailScanner - > haven't yet managed to capture an untouched version) ... > > >> programme has been developed. This is available on the website - >> >> MailScanner has detected a possible fraud attempt from "outbind:" >> claiming to be www.ncl.ac.uk/internal/e2r >> > > I've tried (quite hard) to persuade Outlook to generate messages > containing outbind hrefs but haven't yet managed so either it's not > as simple as I thought or the version/setup of Outlook I'm using > doesn't do it. > > Does anyone know exactly how to provoke this behaviour (and by > implication how to avoid it)? > > Would it be sensible/possible to treat this sort of URL specially > (stripping off ^outbind://\d+/ ?) so that the phishing code is > happy with it? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQt/B6BH2WUcUFbZUEQKyWgCgsc31HuQIyK/iCPOB/dz7pcvaZ/EAn1e1 YVWmLEiUo41+K6Q5nPtcaf/7 =xWD3 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Paul.Haldane at NEWCASTLE.AC.UK Thu Jul 21 17:01:00 2005 From: Paul.Haldane at NEWCASTLE.AC.UK (Paul Haldane) Date: Thu Jan 12 21:30:23 2006 Subject: Phishing detection and outbind: Message-ID: 4.43.2-1 (it's the systems that Quentin looks after - I just happen to be interested in this particular question :->). Paul > -----Original Message----- > From: Julian Field > Sent: 21 July 2005 16:40 > To: MailScanner mailing list > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What version of MailScanner are you using? > > On 21 Jul 2005, at 11:53, Paul Haldane wrote: > > > We've got an issue (I don't like to call it a problem because > > MailScanner is doing the right thing :->) with messages > from Outlook > > clients (I believe it's always Outlook) containing things like > > www.ncl.ac.uk (as opposed to properly formed URLs like > > http://www.ncl.ac.uk/) and the phishing detection code. > > > > > > Here's an example (after going passing through MailScanner > - haven't > > yet managed to capture an untouched version) ... > > > > > >> programme has been developed. This is available on the website - > >> > >> MailScanner has detected a possible fraud attempt from "outbind:" > >> claiming to be www.ncl.ac.uk/internal/e2r > >> > > > > I've tried (quite hard) to persuade Outlook to generate messages > > containing outbind hrefs but haven't yet managed so either > it's not as > > simple as I thought or the version/setup of Outlook I'm > using doesn't > > do it. > > > > Does anyone know exactly how to provoke this behaviour (and by > > implication how to avoid it)? > > > > Would it be sensible/possible to treat this sort of URL specially > > (stripping off ^outbind://\d+/ ?) so that the phishing code > is happy > > with it? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.1 (Build 2185) > > iQA/AwUBQt/B6BH2WUcUFbZUEQKyWgCgsc31HuQIyK/iCPOB/dz7pcvaZ/EAn1e1 > YVWmLEiUo41+K6Q5nPtcaf/7 > =xWD3 > -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jul 21 18:56:16 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:23 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > Hi Steve, dod yuou ever resolve this issue with postfix? I am really > keen to fix this. > > I ran the smtpd_recipient_limit = 1 for a few weeks but a number of > hosts start failing to send untill you increase the limit :( > > Any other ideas for fixing this in postfix? > > Heres hoping > Pete > This was discussed earlier without any conclusions and you were a part of the thread.. One possible way i see it being done is a hack to split messages per recipient after being deposited in the hold directory. A separate process will pickup messages from /var/spool/postfix/hold, effectively split them and then put them in another hold directory say /var/spool/postfix/holdms (which can be used as the postfix incoming dir parameter in MS.conf). Perhaps a plugin / custom function that can do this (any perl gurus wanting to work on this?)?? In any case i see an increase in resources used since it'll require: a. resources to effectively split the message and create an unique queue-id for each message. b. logging this split to syslog (IO) c. to move messages (more IO) d. MailScanner to work on more messages This functionality is also a TODO for amavisd-new (check towards the end of this page http://www.ijs.si/software/amavisd/TODO.txt) Your best bet is to try what Ugo is doing.. evaluate exim ;-) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jjohanns at sewanee.edu Thu Jul 21 19:09:19 2005 From: jjohanns at sewanee.edu (JJ) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: Hello, Has anyone installed MailScanner on a Proliant AMD64 server running RedHat EL 3.2 AMD64 version? If so did you run into any problems with the installation? Thanks Johannes Johannsson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 21 19:36:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:23 2006 Subject: Phishing detection and outbind: Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've added it, it will be in the next release. Paul Haldane wrote: >4.43.2-1 (it's the systems that Quentin looks after - I just happen to be interested in this particular question :->). > >Paul > > > >>-----Original Message----- >>From: Julian Field >>Sent: 21 July 2005 16:40 >>To: MailScanner mailing list >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>What version of MailScanner are you using? >> >>On 21 Jul 2005, at 11:53, Paul Haldane wrote: >> >> >> >>>We've got an issue (I don't like to call it a problem because >>>MailScanner is doing the right thing :->) with messages >>> >>> >>from Outlook >> >> >>>clients (I believe it's always Outlook) containing things like >>>www.ncl.ac.uk (as opposed to properly formed URLs like >>>http://www.ncl.ac.uk/) and the phishing detection code. >>> >>> >>>Here's an example (after going passing through MailScanner >>> >>> >>- haven't >> >> >>>yet managed to capture an untouched version) ... >>> >>> >>> >>> >>>>programme has been developed. This is available on the website - >>>> >>>>MailScanner has detected a possible fraud attempt from "outbind:" >>>>claiming to be www.ncl.ac.uk/internal/e2r >>>> >>>> >>>> >>>I've tried (quite hard) to persuade Outlook to generate messages >>>containing outbind hrefs but haven't yet managed so either >>> >>> >>it's not as >> >> >>>simple as I thought or the version/setup of Outlook I'm >>> >>> >>using doesn't >> >> >>>do it. >>> >>>Does anyone know exactly how to provoke this behaviour (and by >>>implication how to avoid it)? >>> >>>Would it be sensible/possible to treat this sort of URL specially >>>(stripping off ^outbind://\d+/ ?) so that the phishing code >>> >>> >>is happy >> >> >>>with it? >>> >>> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store PGP >>footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.1 (Build 2185) >> >>iQA/AwUBQt/B6BH2WUcUFbZUEQKyWgCgsc31HuQIyK/iCPOB/dz7pcvaZ/EAn1e1 >>YVWmLEiUo41+K6Q5nPtcaf/7 >>=xWD3 >>-----END PGP SIGNATURE----- >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 21 19:50:12 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JJ wrote: > Hello, > > Has anyone installed MailScanner on a Proliant AMD64 server running RedHat > EL 3.2 AMD64 version? If so did you run into any problems with the > installation? > > Thanks > Johannes Johannsson > Hmmm, I think the first question to ask, is... Is there a 64-bit version of MailScanner? I doubt so. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 21 20:21:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: >JJ wrote: > > >>Hello, >> >>Has anyone installed MailScanner on a Proliant AMD64 server running RedHat >>EL 3.2 AMD64 version? If so did you run into any problems with the >>installation? >> >>Thanks >>Johannes Johannsson >> >> >> > >Hmmm, I think the first question to ask, is... Is there a 64-bit version >of MailScanner? I doubt so. > > As it is written in Perl, this isn't hugely relevant. There are 64-bit builds of Perl, but fundamentally the Perl compiler is a 32-bit program. Also there are only 32-bit virus scanners. I have MailScanner running on an AMD64 system, and it doesn't run much faster than on a 32-bit Xeon system. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Thu Jul 21 20:18:37 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: Don't know RH, but there is a 64bit version of perl, and MailScanner it's perl-interpreted so, there is a MS 64 version (UBUNTU) perl -v: This is perl, v5.8.4 built for x86_64-linux-thread-multi -- Leonardo Helman Pert Consultores Argentina On Thu, Jul 21, 2005 at 02:49:50PM -0400, Ugo Bellavance wrote: > JJ wrote: > > Hello, > > > > Has anyone installed MailScanner on a Proliant AMD64 server running RedHat > > EL 3.2 AMD64 version? If so did you run into any problems with the > > installation? > > > > Thanks > > Johannes Johannsson > > > > Hmmm, I think the first question to ask, is... Is there a 64-bit version > of MailScanner? I doubt so. > > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Jul 21 20:42:52 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Leonardo Helman > Sent: Thursday, July 21, 2005 3:19 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner on RHEL 3.2 AMD64 > > Don't know RH, but there is a 64bit version of perl, and MailScanner > it's perl-interpreted so, there is a MS 64 version > > (UBUNTU) perl -v: This is perl, v5.8.4 built for x86_64-linux-thread-multi > > I just downgraded a Red Hat 3.0 x86_64 system because of perl problems after attempting to update to razor 2.75. I trying to troubleshoot the problem I came across references to others who had had similar problems with x86_64-linux perl. All I found was problems noted. No solutions that worked. I also noticed that the system was not substantially faster that an identical system that was running i686. I don't know if the RH or CentOS x86_64-linux is more stable of faster but I can't recommend the 3.0 x86_64 OS. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From munafo at polito.it Thu Jul 21 20:54:47 2005 From: munafo at polito.it (Maurizio M. Munafo') Date: Thu Jan 12 21:30:23 2006 Subject: Problems with qmail: viruses not blocked Message-ID: On Wed, 2005-07-20 at 11:24, Maurizio M. Munafo' wrote: > I recently started using Mailscanner with Qmail (after using it a long > time on another system with sendmail). > I installed the openprotect extension and everything seemed to work, > i.e. spam, HTML, phishing identification and extention blocking are > working fine, but I did not received any virus notification as an > administrator. > I investigated further the problem and I just realized that the system > seems not to block viruses (and if a virus is blocked is actually > because of the extension filtering). Problem partially solved. My incoming directory was actually passing through a link, so it was not a qmail problem at all. Now I have to understand why administrator notices are still not send. Maurizio -- ______ / Maurizio M. Munafo' / dMMMMMMMMb dMMMMb / Dip. di Elettronica - Politecnico di Torino / dMP"dMP"dMP "dMP / Corso Duca degli Abruzzi 24 / dMP dMP dMP dMMK" / I-10129 Torino (Italia) / dMP dMP dMP dMF / Tel: +39 011 5644128 Fax: +39 011 5644099 / dMP dMP dMP dMMMMP" / E-mail: munafo@polito.it /________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Thu Jul 21 20:55:13 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > As it is written in Perl, this isn't hugely relevant. There are 64-bit > builds of Perl, but fundamentally the Perl compiler is a 32-bit program. > Also there are only 32-bit virus scanners. > > I have MailScanner running on an AMD64 system, and it doesn't run much > faster than on a 32-bit Xeon system. > unless you've got more than 4gigs of physical ram, that's largely what I would expect. unlike bus widths, doubling the processor register size doesn't double data thruput, unless your numeric format is larger than the old register size. 64-bit ints are used, mostly for things like file offsets, and Windows uses it for timestamps, but they aren't so pervasive as to be a large percentage of CPU time on a typical machine. (note: scientific simulations, CAD stations, etc could be a large exception to this depending on the application. But most of those use SIMD processor extensions for much their math anyway. Certainly MailScanner isn't in this class.) Your big benefit performance wise is being able to address >4 gigs of ram without using PAE, but that's irrelevant on a box with 4 gigs or less. Unless you're doing big-memory, don't sweat using a 32bit kernel on an AMD 64bit CPU. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Thu Jul 21 22:25:58 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: After my upgrade it seems that the spamassasin side of MS i not working. I have looked at all the configs and everything is as it should be. has anyone had similar trouble? MS 4.42.9 suse 9.1 sendmail thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jjohanns at sewanee.edu Thu Jul 21 22:25:49 2005 From: jjohanns at sewanee.edu (JJ) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: Thanks to everyone who replied to my question. The reason I asked was that I was having all kinds of problems with perl on the rhel 64 bit version. I installed rhel 3.5, updated the perl version and installed MailScanner Spamassassin and Clamav without any problems so I think I'll stay with this setup. Again, thanks to all for very good information Johannes > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: Thursday, July 21, 2005 2:22 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner on RHEL 3.2 AMD64 > > Ugo Bellavance wrote: > > >JJ wrote: > > > > > >>Hello, > >> > >>Has anyone installed MailScanner on a Proliant AMD64 server running > >>RedHat EL 3.2 AMD64 version? If so did you run into any > problems with > >>the installation? > >> > >>Thanks > >>Johannes Johannsson > >> > >> > >> > > > >Hmmm, I think the first question to ask, is... Is there a 64-bit > >version of MailScanner? I doubt so. > > > > > As it is written in Perl, this isn't hugely relevant. There > are 64-bit builds of Perl, but fundamentally the Perl > compiler is a 32-bit program. > Also there are only 32-bit virus scanners. > > I have MailScanner running on an AMD64 system, and it doesn't > run much faster than on a 32-bit Xeon system. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Jul 21 22:45:30 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Thursday, July 21, 2005 5:26 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Spamassasin seems not to work. > > After my upgrade it seems that the spamassasin side of MS i not working. > > I have looked at all the configs and everything is as it should be. has > anyone had similar trouble? > > MS 4.42.9 > suse 9.1 > sendmail > > thanks > > Lance > What does running spamassassin -D -p /etc/MailScanner/spam.prefs.conf Tell you? Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Thu Jul 21 23:52:09 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: Hi Steve, this is what it does then stops debug: SpamAssassin version 3.0.4 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/sbin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/games', keeping. debug: PATH included '/opt/gnome/bin', keeping. debug: PATH included '/opt/kde3/bin', keeping. debug: Final PATH set to: /sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin Thanks Lance On Thu, 2005-07-21 at 22:45, Stephen Swaney wrote: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Lance Haig > > Sent: Thursday, July 21, 2005 5:26 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Spamassasin seems not to work. > > > > After my upgrade it seems that the spamassasin side of MS i not working. > > > > I have looked at all the configs and everything is as it should be. has > > anyone had similar trouble? > > > > MS 4.42.9 > > suse 9.1 > > sendmail > > > > thanks > > > > Lance > > > > What does running > > spamassassin -D -p /etc/MailScanner/spam.prefs.conf > > Tell you? > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 22 00:14:33 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve goofed.. add --lint to that command line, or SA will sit there waiting for a message. Alternatively you can redirect an email of your own in, such as this: spamassassin -D -p /etc/MailScanner/spam.prefs.conf Hi Steve, > > this is what it does then stops > On Thu, 2005-07-21 at 22:45, Stephen Swaney wrote: > >>What does running >> >> spamassassin -D -p /etc/MailScanner/spam.prefs.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jul 22 00:29:02 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:23 2006 Subject: MCP & quarantine Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quentin Campbell wrote: >Steve > >Thanks for that. It is now working. Serves me right for not checking the... > > >>>To that end I changed the MCP action from "delete" to >>> >>> >>"quarantine". The >> >> >>>logs indicate that the action is now "quarantine" but I am seeing >>>nothing under /var/spool/MailScanner/quarantine. >>> > That means I can have a "high spam actions" setting of "delete this piece of crap" and a "non spam" actions set to "deliver to the stupid user" and since "deliver" and "delete" are valid actions, it will ignore the rest? Makes for an interesting log... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jul 22 00:37:49 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: Just tried again and also found I don't have a spam.prefs.conf file just spam.assassin.prefs.conf so I used that. Nothing seems wrong with the lint perhaps you can find something. Thanks Lance ################result########################### debug: SpamAssassin version 3.0.4 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/sbin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/games', keeping. debug: PATH included '/opt/gnome/bin', keeping. debug: PATH included '/opt/kde3/bin', keeping. debug: Final PATH set to: /sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin debug: diag: module installed: DBI, version 1.41 debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.01 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module installed: Razor2::Client::Agent, version 2.67 debug: diag: module installed: Storable, version 2.09 debug: diag: module installed: URI, version 1.19 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf debug: config: read file /etc/mail/spamassassin/70_sare_random.cf debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/mail/spamassassin/german-spam.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8fbc260) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8fa9bbc) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8ffe290) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8fbc260) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8fa9bbc) implements 'parse_config' debug: bayes: 19270 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks debug: bayes: 19270 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen debug: bayes: found bayes db version 3 debug: Score set 3 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8fbc260) implements 'parsed_metadata' debug: dns_available set to yes in config file, skipping test debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8fa9bbc)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ffe290)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8fa9bbc)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ffe290)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ffe290)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ffe290)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ffe290)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ffe290)) debug: running body-text per-line regexp tests; score so far=-3.174 debug: running uri tests; score so far=-3.174 debug: bayes corpus size: nspam = 4243, nham = 15030 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1121988778 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: cannot use bayes on this message; not enough usable tokens found debug: bayes: not scoring message, returning undef debug: bayes: 19270 untie-ing debug: bayes: 19270 untie-ing db_toks debug: bayes: 19270 untie-ing db_seen debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8fbc260)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: No /root/.razor/razor-agent.conf found, skipping. Razor-Log: No razor-agent.conf found, using defaults. Jul 22 00:33:02.794900 check[19270]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout Jul 22 00:33:02.797036 check[19270]: [ 5] computed razorhome=/root/.razor, conf=, ident=/root/.razor/identity Jul 22 00:33:02.798707 check[19270]: [ 8] Client supported_engines: 4 8 Jul 22 00:33:02.800672 check[19270]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 Jul 22 00:33:02.803038 check[19270]: [ 5] read_file: 1 items read from /root/.razor/servers.discovery.lst Jul 22 00:33:02.805013 check[19270]: [ 5] read_file: 2 items read from /root/.razor/servers.nomination.lst Jul 22 00:33:02.806846 check[19270]: [ 5] read_file: 1 items read from /root/.razor/servers.catalogue.lst Jul 22 00:33:02.808651 check[19270]: [ 9] Assigning defaults to joy.cloudmark.com Jul 22 00:33:02.809916 check[19270]: [ 9] Assigning defaults to folly.cloudmark.com Jul 22 00:33:02.811033 check[19270]: [ 9] Assigning defaults to shock.cloudmark.com Jul 22 00:33:02.814153 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.thrill.cloudmark.com.conf Jul 22 00:33:02.816821 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.thrill.cloudmark.com.conf Jul 22 00:33:02.819498 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.pride.cloudmark.com.conf Jul 22 00:33:02.822057 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.pride.cloudmark.com.conf Jul 22 00:33:02.824581 check[19270]: [ 5] read_file: 15 items read from /root/.razor/server.stress.cloudmark.com.conf Jul 22 00:33:02.839563 check[19270]: [ 5] read_file: 15 items read from /root/.razor/server.stress.cloudmark.com.conf Jul 22 00:33:02.842432 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf Jul 22 00:33:02.845038 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf Jul 22 00:33:02.847624 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.wonder.cloudmark.com.conf Jul 22 00:33:02.850161 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.wonder.cloudmark.com.conf Jul 22 00:33:02.853221 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.robust.cloudmark.com.conf Jul 22 00:33:02.855846 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.robust.cloudmark.com.conf Jul 22 00:33:02.858448 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf Jul 22 00:33:02.861008 check[19270]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf Jul 22 00:33:02.862539 check[19270]: [ 5] 95552 seconds before closest server discovery Jul 22 00:33:02.863892 check[19270]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5084; computed min_cf=6, Server se: C8 Jul 22 00:33:02.865319 check[19270]: [ 8] Computed supported_engines: 4 8 Jul 22 00:33:02.866386 check[19270]: [ 8] Using next closest server shock.cloudmark.com:2703, cached info srl 5084 Jul 22 00:33:02.867421 check[19270]: [ 8] mail 1 has no subject Jul 22 00:33:02.869160 check[19270]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 Jul 22 00:33:02.870452 check[19270]: [ 6] computing sigs for mail 1.0, len 1339 Jul 22 00:33:02.877244 check[19270]: [ 6] Engine (8) didn't produce a signature for mail 1.0 Jul 22 00:33:02.879086 check[19270]: [ 6] skipping whitelist file (empty?): /root/.razor/razor-whitelist Jul 22 00:33:02.880338 check[19270]: [ 5] Connecting to shock.cloudmark.com ... Jul 22 00:33:03.515837 check[19270]: [ 8] Connection established Jul 22 00:33:03.516488 check[19270]: [ 4] shock.cloudmark.com >> 36 server greeting: sn=C&srl=5084&a=l&a=cg&ep4=7542-10 Jul 22 00:33:03.517436 check[19270]: [ 4] shock.cloudmark.com << 25 Jul 22 00:33:03.517773 check[19270]: [ 6] cn=razor-agents&cv=2.67 Jul 22 00:33:03.519596 check[19270]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5084; computed min_cf=6, Server se: C8 Jul 22 00:33:03.520225 check[19270]: [ 8] Computed supported_engines: 4 8 Jul 22 00:33:03.520590 check[19270]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA Jul 22 00:33:03.522929 check[19270]: [ 5] mail 1.0 e8 got no sig Jul 22 00:33:03.523424 check[19270]: [ 8] preparing 1 queries Jul 22 00:33:03.523932 check[19270]: [ 8] sending 1 batches Jul 22 00:33:03.524309 check[19270]: [ 4] shock.cloudmark.com << 52 Jul 22 00:33:03.524468 check[19270]: [ 6] a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA Jul 22 00:33:03.997409 check[19270]: [ 4] shock.cloudmark.com >> 5 Jul 22 00:33:03.997762 check[19270]: [ 6] response to sent.2 p=0 Jul 22 00:33:03.998678 check[19270]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. Jul 22 00:33:03.998996 check[19270]: [ 7] method 4: mail 1.0: no-contention part, spam=0 Jul 22 00:33:03.999148 check[19270]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam Jul 22 00:33:03.999285 check[19270]: [ 3] mail 1 is not known spam. Jul 22 00:33:03.999463 check[19270]: [ 5] disconnecting from server shock.cloudmark.com Jul 22 00:33:03.999836 check[19270]: [ 4] shock.cloudmark.com << 5 Jul 22 00:33:03.999985 check[19270]: [ 6] a=q debug: Using results from Razor v2.67 debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8fbc260) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-3.174 debug: running full-text regexp tests; score so far=-3.174 debug: Razor2 is available debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 19271: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 debug: leaving helper-app run mode debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 19272: ruid=0 euid=0 debug: DCC: got response: X-DCC-CTc-dcc1-Metrics: mailhost 1030; Body=47377 Fuz1=626960 Fuz2=627516 debug: leaving helper-app run mode debug: Running tests for priority: 500 debug: RBL: success for 1 of 1 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8fbc260) implements 'check_post_dnsbl' debug: running meta tests; score so far=-3.174 debug: running header regexp tests; score so far=-1.948 debug: running body-text per-line regexp tests; score so far=-1.948 debug: running uri tests; score so far=-1.948 debug: running raw-body-text per-line regexp tests; score so far=-1.948 debug: running full-text regexp tests; score so far=-1.948 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.948 debug: running header regexp tests; score so far=-1.948 debug: running body-text per-line regexp tests; score so far=-1.948 debug: running uri tests; score so far=-1.948 debug: running raw-body-text per-line regexp tests; score so far=-1.948 debug: running full-text regexp tests; score so far=-1.948 debug: is spam? score=-1.948 required=5 debug: tests=ALL_TRUSTED,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__SARE_HTML_HAS_MSG,__UNUSABLE_MSGID ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jul 22 00:32:06 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:23 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: >Smirnov, Sergey wrote: > > >>But it should be different in spam and not spam messages >>I changed MailScanner.conf: >> >>Spam Header = X-Spam-Status: >> >>and /etc/MailScanner/reports/en/languages.conf: >> >>Spam = Yes >>NotSpam = No >> >> >> > > Can one insert headers that will give Thunderbird or Outlook a clue about "spam" or "nonspam", without setting up rules? I know Outlook2k3 has a "junk mail" feature, and so does Thunderbird. I don't use it since I have MailScanner for that; but it would be good to implement something that would "tell" or "suggest" O2k3 and TB that a message is in fact (or isn't) spam. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Fri Jul 22 01:49:14 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >I just downgraded a Red Hat 3.0 x86_64 system because of perl problems after >attempting to update to razor 2.75. I trying to troubleshoot the problem I >came across references to others who had had similar problems with >x86_64-linux perl. All I found was problems noted. No solutions that worked. > > >I also noticed that the system was not substantially faster that an >identical system that was running i686. > >I don't know if the RH or CentOS x86_64-linux is more stable of faster but I >can't recommend the 3.0 x86_64 OS. > > > Is there an option to select the architecture during installation of Centos 4.1 or RHEL? If so, would you recommend choosing the i686 architecture on an AMD64 chip? Is there also an athlon choice or do 32 bit athlons use the 686 architecure in recent kernels? Mark Nienberg ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 22 10:31:26 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote on Fri, 22 Jul 2005 00:37:49 +0100: > Nothing seems wrong with the lint perhaps you can find something Seems so. You may want to flesh out this statement then: "it seems that the spamassasin side of MS i not working." And: do you use *that* prefs file in MailScanner.conf, or do you use a different one? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Fri Jul 22 10:45:50 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Kai, Thanks for the help. I am using the perf file I tested with in my mailscanner.conf My initial statement was not clear I admit. I do not see any mention in my log of email being scanned and sent through Spamassassin. It just shows that the mail was scanned bu the Virus tools. I have recieved some spam to my mailbox and on looking at ther header I noticed that there was no line for spamassassin. This would normaly be there. I hve looked at the system and cannot determine why this would be. Therefore I have asked the list if anyone perhaps has had the same issue and / or knows of ways I can test this and perhaps fix it. Thanks Lance Kai Schaetzl wrote: Lance Haig wrote on Fri, 22 Jul 2005 00:37:49 +0100: Nothing seems wrong with the lint perhaps you can find something Seems so. You may want to flesh out this statement then: "it seems that the spamassasin side of MS i not working." And: do you use *that* prefs file in MailScanner.conf, or do you use a different one? Kai ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 22 11:38:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:23 2006 Subject: How to add X-Spam-Status? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22 Jul 2005, at 00:32, Alex Neuman van der Hans wrote: > Ugo Bellavance wrote: > > >> Smirnov, Sergey wrote: >> >> >> >>> But it should be different in spam and not spam messages >>> I changed MailScanner.conf: >>> >>> Spam Header = X-Spam-Status: >>> >>> and /etc/MailScanner/reports/en/languages.conf: >>> >>> Spam = Yes >>> NotSpam = No >>> >>> >>> >>> >> >> >> > Can one insert headers that will give Thunderbird or Outlook a clue > about "spam" or "nonspam", without setting up rules? I know Outlook2k3 > has a "junk mail" feature, and so does Thunderbird. I don't use it > since > I have MailScanner for that; but it would be good to implement > something > that would "tell" or "suggest" O2k3 and TB that a message is in > fact (or > isn't) spam. Please read the comments immediately above the spam actions settings. It clearly describes a "header" spam action which will do what you want. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQuDMmBH2WUcUFbZUEQJoWQCdH+ywcXsl6DwTVPrP7O+HYJbEWAYAnjHM E35FU4EAyAVEImGPd6g0u9iZ =njD/ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 22 14:17:35 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:23 2006 Subject: Spamassasin seems not to work. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi Kai, > > Thanks for the help. > > I am using the perf file I tested with in my mailscanner.conf > > My initial statement was not clear I admit. I do not see any mention in > my log of email being scanned and sent through Spamassassin. It just > shows that the mail was scanned bu the Virus tools. > > I have recieved some spam to my mailbox and on looking at ther header I > noticed that there was no line for spamassassin. This would normaly be > there. > > I hve looked at the system and cannot determine why this would be. > > Therefore I have asked the list if anyone perhaps has had the same issue > and / or knows of ways I can test this and perhaps fix it. > 1- Please avoid top posting What do you have for these settings in MailScanner.conf ? Always Include SpamAssassin Report Log Spam -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 22 14:19:03 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:23 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JJ wrote: > Thanks to everyone who replied to my question. > The reason I asked was that I was having all kinds of problems with perl on > the rhel 64 bit version. > > I installed rhel 3.5, updated the perl version and installed MailScanner > Spamassassin and Clamav without any problems so I think I'll stay with this > setup. You reinstalled the 64- or 32-bit version? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 22 14:22:34 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:23 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "KOI8-R" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans wrote: > Ugo Bellavance wrote: > > >>Smirnov, Sergey wrote: >> >> >> >>>But it should be different in spam and not spam messages >>>I changed MailScanner.conf: >>> >>>Spam Header = X-Spam-Status: >>> >>>and /etc/MailScanner/reports/en/languages.conf: >>> >>>Spam = Yes >>>NotSpam = No >>> >>> >>> >> >> >> > > Can one insert headers that will give Thunderbird or Outlook a clue > about "spam" or "nonspam", without setting up rules? I know Outlook2k3 > has a "junk mail" feature, and so does Thunderbird. I don't use it since > I have MailScanner for that; but it would be good to implement something > that would "tell" or "suggest" O2k3 and TB that a message is in fact (or > isn't) spam. > Maybe this would help, for T-bird. http://www.eyrich-net.org/mozilla/X-Mozilla-Status.html?en I don't know for O2k3. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 22 14:42:54 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:24 2006 Subject: Spamassasin seems not to work. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote on Fri, 22 Jul 2005 10:45:50 +0100: > My initial statement was not clear I admit. I do not see any mention in > my log of email being scanned and sent through Spamassassin. It just > shows that the mail was scanned bu the Virus tools. There should be something like this when spam is found: Jul 22 13:53:55 n8 MailScanner[30280]: New Batch: Scanning 1 messages, 5265 bytes Jul 22 13:53:59 n8 MailScanner[30280]: Spam Checks: Found 1 spam messages Jul 22 13:53:59 n8 MailScanner[30280]: Virus and Content Scanning: Starting The "Spam Checks" line will be missing when it's ham. > I have recieved some spam to my mailbox and on looking at ther header I > noticed that there was no line for spamassassin. This would normaly be > there. Only if it got detected as spam. Have you double-checked in the MailScanner.conf that Mailscanner should "Use Spamassassin" and do Sapm Tests? Sorry, I don't have the exact option names memorize, but if you walk thru the file it should be clear which ones I mean. Apart from that I strongly suggest installing Mailwatch (mailwatch.sf.net) this will make monitoring your Mailscanner installation *much* more easier. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Jul 22 14:50:54 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: MailScanner mailing list wrote: > Alex Neuman van der Hans wrote: >> Ugo Bellavance wrote: >> >> >>> Smirnov, Sergey wrote: >>> >>> >>> >>>> But it should be different in spam and not spam messages I changed >>>> MailScanner.conf: >>>> >>>> Spam Header = X-Spam-Status: >>>> >>>> and /etc/MailScanner/reports/en/languages.conf: >>>> >>>> Spam = Yes >>>> NotSpam = No >>>> >>>> >>>> >>> >>> >>> >> >> Can one insert headers that will give Thunderbird or Outlook a clue >> about "spam" or "nonspam", without setting up rules? I know >> Outlook2k3 has a "junk mail" feature, and so does Thunderbird. I >> don't use it since I have MailScanner for that; but it would be good >> to implement something that would "tell" or "suggest" O2k3 and TB >> that a message is in fact (or isn't) spam. >> > > Maybe this would help, for T-bird. > > http://www.eyrich-net.org/mozilla/X-Mozilla-Status.html?en > > I don't know for O2k3. That Thunderbird / Mozilla Mail bug was fixed ages ago: https://bugzilla.mozilla.org/show_bug.cgi?id=196749 It is a BAD idea to be able to add headers to messages indictating that they are ham, not spam. If you don't understand why, imagine thousands of spam emails flooding your inbox just because they contain the magical header (which they all would, if such an exploit were possible). Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jjohanns at sewanee.edu Fri Jul 22 14:56:09 2005 From: jjohanns at sewanee.edu (JJ) Date: Thu Jan 12 21:30:24 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: I reinstalled the 32 bit version. Johannes > You reinstalled the 64- or 32-bit version? > > -- > Ugo > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Jul 22 14:47:29 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:24 2006 Subject: MailScanner on RHEL 3.2 AMD64 Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Friday, July 22, 2005 9:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner on RHEL 3.2 AMD64 > > JJ wrote: > > Thanks to everyone who replied to my question. > > The reason I asked was that I was having all kinds of problems with perl > on > > the rhel 64 bit version. > > > > I installed rhel 3.5, updated the perl version and installed > MailScanner > > Spamassassin and Clamav without any problems so I think I'll stay with > this > > setup. > > You reinstalled the 64- or 32-bit version? I reinstalled the 32 bit version. `uname -a` now shows: Linux mtaxx.xxxx.net 2.4.21-32.0.1.ELsmp #1 SMP Wed May 25 14:47:46 EDT 2005 i686 athlon i386 GNU/Linux > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 22 15:15:11 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Randal, Phil wrote: > MailScanner mailing list wrote: > >>Alex Neuman van der Hans wrote: >> >>>Ugo Bellavance wrote: >>> >>> >>> >>>>Smirnov, Sergey wrote: >>>> >>>> >>>> >>>> >>>>>But it should be different in spam and not spam messages I changed >>>>>MailScanner.conf: >>>>> >>>>>Spam Header = X-Spam-Status: >>>>> >>>>>and /etc/MailScanner/reports/en/languages.conf: >>>>> >>>>>Spam = Yes >>>>>NotSpam = No >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>Can one insert headers that will give Thunderbird or Outlook a clue >>>about "spam" or "nonspam", without setting up rules? I know >>>Outlook2k3 has a "junk mail" feature, and so does Thunderbird. I >>>don't use it since I have MailScanner for that; but it would be good >>>to implement something that would "tell" or "suggest" O2k3 and TB >>>that a message is in fact (or isn't) spam. >>> >> >>Maybe this would help, for T-bird. >> >>http://www.eyrich-net.org/mozilla/X-Mozilla-Status.html?en >> >>I don't know for O2k3. > > > That Thunderbird / Mozilla Mail bug was fixed ages ago: > https://bugzilla.mozilla.org/show_bug.cgi?id=196749 > > It is a BAD idea to be able to add headers to messages indictating that > they are ham, not spam. If you don't understand why, imagine thousands > of spam emails flooding your inbox just because they contain the magical > header (which they all would, if such an exploit were possible). Makes sense... > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jul 22 18:35:29 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > > Please read the comments immediately above the spam actions settings. > It clearly describes a "header" spam action which will do what you want. I know that, Julian... That's what we've been talking about on this thread. It's not the "how", it's the "with what" we're trying to find out. I'm just asking if anybody knows what the "magic header" would be for Mozilla/TB/O2K3 to tell a default configuration that a message is in fact spam without resorting to changing the headers. That way even a default MUA configuration would "understand" when a message is spam and send it to a junk folder. It would be more transparent to the end users, and would make the system "appear" to be "intelligent" to the "uneducated". ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Jul 22 18:42:20 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Randal, Phil wrote: >That Thunderbird / Mozilla Mail bug was fixed ages ago: >https://bugzilla.mozilla.org/show_bug.cgi?id=196749 > > > I read the bugzilla entry and I think it's good that MailScanner already by default gets rid of these headers. This means we could add them back using the "header" action, so that they would be marked as "junk" in Thunderbird if our server thinks they are junk. What I don't understand is: 1. Since this bug was "resolved", does it mean Thunderbird will ignore "added" headers? Would make all of this pointless. 2. If it will honor these headers, what would be the value for "this is junk"? I've changed the status on messages and gone to "view source" and both headers look the same. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 22 18:46:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans wrote: > Julian Field wrote: > > >> >>Please read the comments immediately above the spam actions settings. >>It clearly describes a "header" spam action which will do what you want. > > > I know that, Julian... That's what we've been talking about on this > thread. It's not the "how", it's the "with what" we're trying to find out. > > I'm just asking if anybody knows what the "magic header" would be for > Mozilla/TB/O2K3 to tell a default configuration that a message is in > fact spam without resorting to changing the headers. That way even a > default MUA configuration would "understand" when a message is spam and > send it to a junk folder. It would be more transparent to the end users, > and would make the system "appear" to be "intelligent" to the "uneducated". AFIAK there is no such magic bullet header supported by Thunderbird in it's default setup. I doubt that O2k3 has any such feature either. You're going to have to create a rule that checks a header and moves the offending messages to junk. I don't think anyone has a standard "If this appears, auto-junk it without further consideration" header. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jason.Burzenski at AMERICANHM.COM Fri Jul 22 19:36:45 2005 From: Jason.Burzenski at AMERICANHM.COM (Jason.Burzenski@AMERICANHM.COM) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: We are suddenly (within the past hour) seeing dozens of reports from users about messages coming in with an attachment 1.txt (wich is 80b and empty). There is always a 1 in the body and nothing else. The source address is always forged and most of them seem to be coming from large ISP user IP pools. Here is a sample header: Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by x.americanhm.com with SMTP (x) id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400 Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net [217.185.106.150]) by x.americanhm.com (8.12.10/8.12.10) with SMTP id j6MHmr22028595 for ; Fri, 22 Jul 2005 13:48:55 -0400 Date: Fri, 22 Jul 2005 19:59:41 +0100 To: "Mg" From: "Mg" Subject: 1 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------elrddgzjoshelqmabgkc" X-SAMS-Information: Please contact the ISP for more information X-SAMS: Found to be clean X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) X-MailScanner-From: mg@ales.com.ec ----------elrddgzjoshelqmabgkc Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit ----------elrddgzjoshelqmabgkc Content-Type: application/octet-stream; name="1.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="1.txt" ----------elrddgzjoshelqmabgkc-- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Jul 22 20:07:28 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Jason.Burzenski@AMERICANHM.COM > Sent: Friday, July 22, 2005 2:37 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Tons of 1.txt messages > > We are suddenly (within the past hour) seeing dozens of reports from users > about messages coming in with an attachment 1.txt (wich is 80b and empty). > There is always a 1 in the body and nothing else. The source address is > always forged and most of them seem to be coming from large ISP user IP > pools. > Here is a sample header: > > Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by > x.americanhm.com with SMTP (x) > id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400 > Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net > [217.185.106.150]) > by x.americanhm.com (8.12.10/8.12.10) with SMTP id j6MHmr22028595 > for ; Fri, 22 Jul 2005 13:48:55 -0400 > Date: Fri, 22 Jul 2005 19:59:41 +0100 > To: "Mg" > From: "Mg" > Subject: 1 > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------elrddgzjoshelqmabgkc" > X-SAMS-Information: Please contact the ISP for more information > X-SAMS: Found to be clean > X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, > BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) > X-MailScanner-From: mg@ales.com.ec > > ----------elrddgzjoshelqmabgkc > Content-Type: text/html; charset="us-ascii" > Content-Transfer-Encoding: 7bit > > ----------elrddgzjoshelqmabgkc > Content-Type: application/octet-stream; name="1.txt" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename="1.txt" > > ----------elrddgzjoshelqmabgkc-- Thanks for the information. You might want to block attachments with a filename of 1.txt. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From giulio.cervera at EDSPA.IT Fri Jul 22 20:07:29 2005 From: giulio.cervera at EDSPA.IT (Giulio Cervera) Date: Thu Jan 12 21:30:24 2006 Subject: Skip spam matching bot sender and recipient domains? Message-ID: [ The following text is in the "ISO-8859-15" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There is a way to skip a spam check if mail come from a list of domains and is directed to a specific domain? -- *Giulio Cervera* EDS PA SpA Via Atanasio Soldati 80 00155 Roma (Italy) tel: +39 06 22739 270 fax: +39 06 22739 233 e-mail: giulio.cervera@edspa.it ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Jul 22 20:14:05 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:24 2006 Subject: Skip spam matching bot sender and recipient domains? Message-ID: On Fri, 2005-07-22 at 21:07 +0200, Giulio Cervera wrote: > There is a way to skip a spam check if mail come from a list of domains > and is directed to a specific domain? Yes. You can do it via a ruleset. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jason.Burzenski at AMERICANHM.COM Fri Jul 22 20:48:57 2005 From: Jason.Burzenski at AMERICANHM.COM (Jason.Burzenski@AMERICANHM.COM) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: > Thanks for the information. You might want to block > attachments with a filename of 1.txt. > > Steve I was wondering if anyone else was seeing this or if am I just being singled out? ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at GARDRAIL.COM Fri Jul 22 20:50:31 2005 From: mailscanner at GARDRAIL.COM (Bill) Date: Thu Jan 12 21:30:24 2006 Subject: How do i minimize logging when mailscanner restarts itself? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I get the following logs every 20 seconds or so... this really adds up to be alot of space taken up with the number of messages I recieve. I've turned off the virus scanning, but for one reason or another it continues to generate log entries.... Is there a way I can minimize this chatter? Jul 22 02:43:25 hub MailScanner[7951]: MailScanner E-Mail Virus Scanner version 4.43.8 starting... Jul 22 02:43:25 hub MailScanner[7951]: Read 182 hostnames from the phishing whitelist Jul 22 02:43:26 hub MailScanner[7951]: Enabling SpamAssassin auto-whitelist functionality... Jul 22 02:43:27 hub MailScanner[7951]: Using locktype = flock ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yoloits at YCOE.ORG Fri Jul 22 20:53:39 2005 From: yoloits at YCOE.ORG (Jay Ehrhart) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just started seeing it today and a lot of it ----- Original Message ----- From: Jason.Burzenski@AMERICANHM.COM To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, July 22, 2005 12:48 PM Subject: Re: Tons of 1.txt messages > Thanks for the information. You might want to block > attachments with a filename of 1.txt. > > Steve I was wondering if anyone else was seeing this or if am I just being singled out? ;) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at gmail.com Thu Jul 21 14:38:28 2005 From: dl6mpg at gmail.com (Uwe) Date: Thu Jan 12 21:30:24 2006 Subject: Filename Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, that it ... I had a "allow .exe" entry in front of the before the deny rule in the file. Thanks Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Jul 22 20:58:01 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:24 2006 Subject: Skip spam matching bot sender and recipient domains? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Giulio Cervera > Sent: Friday, July 22, 2005 3:07 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Skip spam matching bot sender and recipient domains? > > There is a way to skip a spam check if mail come from a list of domains > and is directed to a specific domain? > > > -- > > *Giulio Cervera* > Sure. In MailScanner.conf, simply set Spam Checks = To a rule set that uses: From: xxx.com and To: yyy.org no From: yyy.org and To: xxx.com no FromOrTo: default yes Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Jul 22 21:04:03 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:24 2006 Subject: How do i minimize logging when mailscanner restarts itself? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Bill > Sent: Friday, July 22, 2005 3:51 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: How do i minimize logging when mailscanner restarts itself? > > I get the following logs every 20 seconds or so... this really adds up to > be alot of > space taken up with the number of messages I recieve. I've turned off the > virus > scanning, but for one reason or another it continues to generate log > entries.... > > Is there a way I can minimize this chatter? > > > > > > Jul 22 02:43:25 hub MailScanner[7951]: MailScanner E-Mail Virus Scanner > version 4.43.8 > starting... > Jul 22 02:43:25 hub MailScanner[7951]: Read 182 hostnames from the > phishing whitelist > Jul 22 02:43:26 hub MailScanner[7951]: Enabling SpamAssassin auto- > whitelist > functionality... > Jul 22 02:43:27 hub MailScanner[7951]: Using locktype = flock If a MailScanner is starting every 20 seconds you have a bigger problem than logging. Try finding out why MailScanner is staring so often. What is Restart Every = Set to? What does setting Debug = yes And restarting MailScanner report? Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 22 20:55:26 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:24 2006 Subject: How do i minimize logging when mailscanner restarts itself? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bill wrote: > I get the following logs every 20 seconds or so... this really adds up to be alot of > space taken up with the number of messages I recieve. I've turned off the virus > scanning, but for one reason or another it continues to generate log entries.... > > Is there a way I can minimize this chatter? > Are you restarting MailScanner every 20 second? The default is 2 hours, IIRC. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bpumphrey at WOODMACLAW.COM Fri Jul 22 21:16:34 2005 From: bpumphrey at WOODMACLAW.COM (Billy A. Pumphrey) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: I just started seeing it today and a lot of it ----- Original Message ----- From: Jason.Burzenski@AMERICANHM.COM To: MAILSCANNER@JISCMAIL.AC.UK Sent: Friday, July 22, 2005 12:48 PM Subject: Re: Tons of 1.txt messages > Thanks for the information. You might want to block > attachments with a filename of 1.txt. > > Steve I have got 6 total today, 2 which were spam, 1 which were high spam, and 3 which passed through ok. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Fri Jul 22 21:19:19 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: Seeing the here as well Regards Michael Baird > We are suddenly (within the past hour) seeing dozens of reports from > users about messages coming in with an attachment 1.txt (wich is 80b > and empty). There is always a 1 in the body and nothing else. The > source address is always forged and most of them seem to be coming > from large ISP user IP pools. > > Here is a sample header: > > Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by > x.americanhm.com with SMTP (x) > id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400 > Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net > [217.185.106.150]) > by x.americanhm.com (8.12.10/8.12.10) with SMTP id > j6MHmr22028595 > for ; Fri, 22 Jul 2005 13:48:55 -0400 > Date: Fri, 22 Jul 2005 19:59:41 +0100 > To: "Mg" > From: "Mg" > Subject: 1 > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------elrddgzjoshelqmabgkc" > X-SAMS-Information: Please contact the ISP for more information > X-SAMS: Found to be clean > X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, > BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) > X-MailScanner-From: mg@ales.com.ec > > ----------elrddgzjoshelqmabgkc > Content-Type: text/html; charset="us-ascii" > Content-Transfer-Encoding: 7bit > > ----------elrddgzjoshelqmabgkc > Content-Type: application/octet-stream; name="1.txt" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename="1.txt" > > ----------elrddgzjoshelqmabgkc-- > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 22 21:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans wrote on Fri, 22 Jul 2005 12:35:29 -0500: > I'm just asking if anybody knows what the "magic header" would be for > Mozilla/TB/O2K3 to tell a default configuration that a message is in > fact spam without resorting to changing the headers. There isn't one. As Phil explained it's susceptible to "DoS attacks". Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jul 22 21:30:28 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Baird wrote: >Seeing the here as well > >Regards >Michael Baird > > > >>We are suddenly (within the past hour) seeing dozens of reports from >>users about messages coming in with an attachment 1.txt (wich is 80b >>and empty). There is always a 1 in the body and nothing else. The >>source address is always forged and most of them seem to be coming >>from large ISP user IP pools. >> >>Here is a sample header: >> >>Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by >>x.americanhm.com with SMTP (x) >> id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400 >>Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net >>[217.185.106.150]) >> by x.americanhm.com (8.12.10/8.12.10) with SMTP id >>j6MHmr22028595 >> for ; Fri, 22 Jul 2005 13:48:55 -0400 >>Date: Fri, 22 Jul 2005 19:59:41 +0100 >>To: "Mg" >>From: "Mg" >>Subject: 1 >>Message-ID: >>MIME-Version: 1.0 >>Content-Type: multipart/mixed; >> boundary="--------elrddgzjoshelqmabgkc" >>X-SAMS-Information: Please contact the ISP for more information >>X-SAMS: Found to be clean >>X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, >> BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) >>X-MailScanner-From: mg@ales.com.ec >> >>----------elrddgzjoshelqmabgkc >>Content-Type: text/html; charset="us-ascii" >>Content-Transfer-Encoding: 7bit >> >>----------elrddgzjoshelqmabgkc >>Content-Type: application/octet-stream; name="1.txt" >>Content-Transfer-Encoding: base64 >>Content-Disposition: attachment; filename="1.txt" >> >>----------elrddgzjoshelqmabgkc-- >> >> So what are they? I guess they are Spam as they are unsolicited but I guess they are not a virus (Or are they the outcasting from a virus)? I don't remember reading any reports about this type of file. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 22 21:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] wrote on Fri, 22 Jul 2005 14:36:45 -0400: > Subject: 1 well, got a few of these already some days ago, all where detected as high scoring spam. If your's aren't detected you need some extra rules from SARE or a newer SA version. And it also seems your Bayes DB is poisoned. BTW: please fill in your name. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jul 22 21:33:24 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Baird wrote: >Seeing the here as well > >Regards >Michael Baird > > > >>We are suddenly (within the past hour) seeing dozens of reports from >>users about messages coming in with an attachment 1.txt (wich is 80b >>and empty). There is always a 1 in the body and nothing else. The >>source address is always forged and most of them seem to be coming >>from large ISP user IP pools. >> >>Here is a sample header: >> >>Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by >>x.americanhm.com with SMTP (x) >> id PKVMXV6N; Fri, 22 Jul 2005 13:53:18 -0400 >>Received: from betru.net (frnk-d9b96a96.pool.mediaWays.net >>[217.185.106.150]) >> by x.americanhm.com (8.12.10/8.12.10) with SMTP id >>j6MHmr22028595 >> for ; Fri, 22 Jul 2005 13:48:55 -0400 >>Date: Fri, 22 Jul 2005 19:59:41 +0100 >>To: "Mg" >>From: "Mg" >>Subject: 1 >>Message-ID: >>MIME-Version: 1.0 >>Content-Type: multipart/mixed; >> boundary="--------elrddgzjoshelqmabgkc" >>X-SAMS-Information: Please contact the ISP for more information >>X-SAMS: Found to be clean >>X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, >> BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) >>X-MailScanner-From: mg@ales.com.ec >> >>----------elrddgzjoshelqmabgkc >>Content-Type: text/html; charset="us-ascii" >>Content-Transfer-Encoding: 7bit >> >>----------elrddgzjoshelqmabgkc >>Content-Type: application/octet-stream; name="1.txt" >>Content-Transfer-Encoding: base64 >>Content-Disposition: attachment; filename="1.txt" >> >>----------elrddgzjoshelqmabgkc-- >> >> Wonder if the front end to the list server is fighting them off too: Jul 22 21:30:38 cro-mx1 postfix/smtp[97720]: 06B3833C4C: host kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient disk space; try again later (in reply to MAIL FROM command) Oops! :-( Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nbawa at REISYS.COM Fri Jul 22 21:44:47 2005 From: nbawa at REISYS.COM (Narpender Bawa) Date: Thu Jan 12 21:30:24 2006 Subject: Attachment Question Message-ID: An internal user sent an email message that contained a number of attachments (.pdf, .txt, and .zip). The .zip file had a javascript (.js) file, so the mail scanner quarantined the .zip file which is OK. However, the recepient did not get the remaining attachments, even the ones that passed the scanning. Is it possible to configure the mail scanner to allow delivery of rest of the attached files and quarantine only the ones that have a problem? On a different note, is it possible to quarantine a (.pif or .scr or .js) file contained in a .zip file and allow delivery of the rest of the files contained in the same .zip file. Any help in this regard will be highly appreciated. Thank you, Narpender ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Jul 22 21:36:59 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:24 2006 Subject: How do i minimize logging when mailscanner restarts itself? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Friday, July 22, 2005 3:55 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: How do i minimize logging when mailscanner restarts itself? > > Bill wrote: > > I get the following logs every 20 seconds or so... this really adds up > to be alot of > > space taken up with the number of messages I recieve. I've turned off > the virus > > scanning, but for one reason or another it continues to generate log > entries.... > > > > Is there a way I can minimize this chatter? > > > > Are you restarting MailScanner every 20 second? The default is 2 hours, > IIRC. > > -- > Ugo > Ugo, Usually you're right on but I can't let you get away with this one even if it is late on a Friday :) Default is Restart Every = 14400 14400 seconds / 60 = 240 minutes / 60 = 4 hours. Have a good weekend all Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Fri Jul 22 22:13:59 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Alex Neuman van der Hans wrote: > > >>Julian Field wrote: >> >> >> >> >>>Please read the comments immediately above the spam actions settings. >>>It clearly describes a "header" spam action which will do what you want. >>> >>> >>I know that, Julian... That's what we've been talking about on this >>thread. It's not the "how", it's the "with what" we're trying to find out. >> >>I'm just asking if anybody knows what the "magic header" would be for >>Mozilla/TB/O2K3 to tell a default configuration that a message is in >>fact spam without resorting to changing the headers. That way even a >>default MUA configuration would "understand" when a message is spam and >>send it to a junk folder. It would be more transparent to the end users, >>and would make the system "appear" to be "intelligent" to the "uneducated". >> >> > > >AFIAK there is no such magic bullet header supported by Thunderbird in it's >default setup. > >I doubt that O2k3 has any such feature either. > >You're going to have to create a rule that checks a header and moves the >offending messages to junk. I don't think anyone has a standard "If this >appears, auto-junk it without further consideration" header. > > Too bad... :( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Fri Jul 22 22:51:37 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: >Alex Neuman van der Hans wrote on Fri, 22 Jul 2005 12:35:29 -0500: > > > >>I'm just asking if anybody knows what the "magic header" would be for >>Mozilla/TB/O2K3 to tell a default configuration that a message is in >>fact spam without resorting to changing the headers. >> >> > >There isn't one. As Phil explained it's susceptible to "DoS attacks". > >Kai > > > At least the reverse is. Legit mail wouldn't have the header "this is spam", and MS would take out the "this is not spam" headers if told. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Fri Jul 22 23:17:56 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > Michael Baird wrote: > >> Seeing the here as well >> >> Regards >> Michael Baird >> >> >> >>> We are suddenly (within the past hour) seeing dozens of reports from >>> users about messages coming in with an attachment 1.txt (wich is 80b >>> and empty). There is always a 1 in the body and nothing else. The >>> source address is always forged and most of them seem to be coming >>> from large ISP user IP pools. >>> Here is a sample header: >>> >>> Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by >>> x.americanhm.com with SMTP (x) id PKVMXV6N; Fri, 22 Jul 2005 >>> 13:53:18 -0400 Received: from betru.net >>> (frnk-d9b96a96.pool.mediaWays.net >>> [217.185.106.150]) by x.americanhm.com (8.12.10/8.12.10) with >>> SMTP id >>> j6MHmr22028595 for ; Fri, 22 Jul 2005 >>> 13:48:55 -0400 Date: Fri, 22 Jul 2005 19:59:41 +0100 To: "Mg" >>> From: "Mg" Subject: 1 >>> Message-ID: MIME-Version: 1.0 >>> Content-Type: multipart/mixed; >>> boundary="--------elrddgzjoshelqmabgkc" X-SAMS-Information: Please >>> contact the ISP for more information X-SAMS: Found to be clean >>> X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, >>> BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) >>> X-MailScanner-From: mg@ales.com.ec >>> >>> ----------elrddgzjoshelqmabgkc Content-Type: text/html; >>> charset="us-ascii" Content-Transfer-Encoding: 7bit >>> >>> ----------elrddgzjoshelqmabgkc Content-Type: >>> application/octet-stream; name="1.txt" Content-Transfer-Encoding: >>> base64 Content-Disposition: attachment; filename="1.txt" >>> >>> ----------elrddgzjoshelqmabgkc-- >>> >> > Wonder if the front end to the list server is fighting them off too: > > Jul 22 21:30:38 cro-mx1 postfix/smtp[97720]: 06B3833C4C: host > kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient disk > space; try again later (in reply to MAIL FROM command) > > Oops! :-( > > Drew > What would be the proper regexp on filename.rules.conf to stop it? I'm guessing \1.txt$ would kill any file that "ends with" 1.txt, and 1.txt would stop any file "which contains" 1.txt in the filename. Would it be correct to say then, just 1.txt$ instead? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jul 22 23:32:40 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:24 2006 Subject: Attachment Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Narpender Bawa spake the following on 7/22/2005 1:44 PM: > An internal user sent an email message that contained a number of > attachments (.pdf, .txt, and .zip). The .zip file had a javascript (.js) > file, so the mail scanner quarantined the .zip file which is OK. However, > the recepient did not get the remaining attachments, even the ones that > passed the scanning. Is it possible to configure the mail scanner to allow > delivery of rest of the attached files and quarantine only the ones that > have a problem? On a different note, is it possible to quarantine a (.pif > or .scr or .js) file contained in a .zip file and allow delivery of the rest > of the files contained in the same .zip file. > > Any help in this regard will be highly appreciated. > > Thank you, > > Narpender > MailScanner doesn't fix archive files, it just unpacks the attachments so they can be scanned. You can only allow or deny files, or tell it to not check in archives. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at AXINT.NET Fri Jul 22 23:35:37 2005 From: cstone at AXINT.NET (Chris Stone) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Friday 22 July 2005 04:17 pm, Alex Neuman van der Hans wrote: > > What would be the proper regexp on filename.rules.conf to stop it? I'm > guessing \1.txt$ would kill any file that "ends with" 1.txt, and 1.txt > would stop any file "which contains" 1.txt in the filename. Would it be > correct to say then, just 1.txt$ instead? > this is what I added and it's working great: ^1\.txt$ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Fri Jul 22 21:14:02 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:30:24 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Where would the actual disclaimer be placed? On 6/16/05, Rakesh wrote: Rainer Blaes wrote: > Dear experts, > we are using the "Sign clean message" feature to add our firm's > Disclaimer/footer to each mail. > It's working quite well but has of course the effect that also the > incoming mails carry this text. > Is there any way within Mailscanner.conf to restrict the Disclaimer > attachment only to our outgoing mail? > > Many thanks in advance! Oh boy you have got a really big disclaimer :-) the solution to your prob Sign Clean Messages = %rules-dir%/disclaimer.rules In disclaimer.rules if you want to put disclaimers for outgoing mails only then From: yourdomain.com And To: yourdomain.com no FromOrTo: default yes In this mails having from address as "yourdomain.com" to "yourdomain.com" will not have disclaimers, but from "yourdomain.com" to "yahoo.com" will have disclaimer. Incase of Multiple Recipients, the default rules will apply.... i.e. disclaimer will be attached provided you have Use Default Rules With Multiple Recipients = yes Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Fri Jul 22 22:05:52 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:30:24 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-2022-JP" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Disregard! %reports$B!](Bdir%/inline.sig.txt On 7/22/05, Devon Harding wrote: Where would the actual disclaimer be placed? On 6/16/05, Rakesh < rakesh@netcore.co.in> wrote: Rainer Blaes wrote: > Dear experts, > we are using the "Sign clean message" feature to add our firm's > Disclaimer/footer to each mail. > It's working quite well but has of course the effect that also the > incoming mails carry this text. > Is there any way within Mailscanner.conf to restrict the Disclaimer > attachment only to our outgoing mail? > > Many thanks in advance! Oh boy you have got a really big disclaimer :-) the solution to your prob Sign Clean Messages = %rules-dir%/disclaimer.rules In disclaimer.rules if you want to put disclaimers for outgoing mails only then From: yourdomain.com And To: yourdomain.com no FromOrTo: default yes In this mails having from address as " yourdomain.com" to "yourdomain.com" will not have disclaimers, but from " yourdomain.com" to "yahoo.com" will have disclaimer. Incase of Multiple Recipients, the default rules will apply.... i.e. disclaimer will be attached provided you have Use Default Rules With Multiple Recipients = yes Rakesh ---------------------------------------------------------- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html ---------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/ ) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jgouveia at gmail.com Fri Jul 22 23:32:05 2005 From: jgouveia at gmail.com ([ISO-8859-1] João Gouveia) Date: Thu Jan 12 21:30:24 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ^1\.txt$ should be fine. JG On 7/22/05, Alex Neuman van der Hans wrote: > Drew Marshall wrote: > > > Michael Baird wrote: > > > >> Seeing the here as well > >> > >> Regards > >> Michael Baird > >> > >> > >> > >>> We are suddenly (within the past hour) seeing dozens of reports from > >>> users about messages coming in with an attachment 1.txt (wich is 80b > >>> and empty). There is always a 1 in the body and nothing else. The > >>> source address is always forged and most of them seem to be coming > >>> from large ISP user IP pools. > >>> Here is a sample header: > >>> > >>> Received: from x.americanhm.com (sams2.americanhm.com [x.x.x.x]) by > >>> x.americanhm.com with SMTP (x) id PKVMXV6N; Fri, 22 Jul 2005 > >>> 13:53:18 -0400 Received: from betru.net > >>> (frnk-d9b96a96.pool.mediaWays.net > >>> [217.185.106.150]) by x.americanhm.com (8.12.10/8.12.10) with > >>> SMTP id > >>> j6MHmr22028595 for ; Fri, 22 Jul 2005 > >>> 13:48:55 -0400 Date: Fri, 22 Jul 2005 19:59:41 +0100 To: "Mg" > >>> From: "Mg" Subject: 1 > >>> Message-ID: MIME-Version: 1.0 > >>> Content-Type: multipart/mixed; > >>> boundary="--------elrddgzjoshelqmabgkc" X-SAMS-Information: Please > >>> contact the ISP for more information X-SAMS: Found to be clean > >>> X-SAMS-SpamCheck: not spam, SpamAssassin (score=-4.48, required 4.4, > >>> BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32) > >>> X-MailScanner-From: mg@ales.com.ec > >>> > >>> ----------elrddgzjoshelqmabgkc Content-Type: text/html; > >>> charset="us-ascii" Content-Transfer-Encoding: 7bit > >>> > >>> ----------elrddgzjoshelqmabgkc Content-Type: > >>> application/octet-stream; name="1.txt" Content-Transfer-Encoding: > >>> base64 Content-Disposition: attachment; filename="1.txt" > >>> > >>> ----------elrddgzjoshelqmabgkc-- > >>> > >> > > Wonder if the front end to the list server is fighting them off too: > > > > Jul 22 21:30:38 cro-mx1 postfix/smtp[97720]: 06B3833C4C: host > > kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient disk > > space; try again later (in reply to MAIL FROM command) > > > > Oops! :-( > > > > Drew > > > What would be the proper regexp on filename.rules.conf to stop it? I'm > guessing \1.txt$ would kill any file that "ends with" 1.txt, and 1.txt > would stop any file "which contains" 1.txt in the filename. Would it be > correct to say then, just 1.txt$ instead? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nbawa at REISYS.COM Sat Jul 23 12:41:11 2005 From: nbawa at REISYS.COM (Narpender Bawa) Date: Thu Jan 12 21:30:24 2006 Subject: Attachment Question Message-ID: Scott, Thanks very much for you answer to my second question. But i am still looking for an answer to the first where three file attachments (one a .pdf, another a .doc and the third a .zip) were sent. The mail scanner found problem with the .zip file and it quarantined it but did not deliver even the other two attachments (.pdf and .doc files). Thanks, Narpender On Fri, 22 Jul 2005, Scott Silva wrote: > Narpender Bawa spake the following on 7/22/2005 1:44 PM: > > An internal user sent an email message that contained a number of > > attachments (.pdf, .txt, and .zip). The .zip file had a javascript (.js) > > file, so the mail scanner quarantined the .zip file which is OK. However, > > the recepient did not get the remaining attachments, even the ones that > > passed the scanning. Is it possible to configure the mail scanner to allow > > delivery of rest of the attached files and quarantine only the ones that > > have a problem? On a different note, is it possible to quarantine a (.pif > > or .scr or .js) file contained in a .zip file and allow delivery of the rest > > of the files contained in the same .zip file. > > > > Any help in this regard will be highly appreciated. > > > > Thank you, > > > > Narpender > > > MailScanner doesn't fix archive files, it just unpacks the attachments > so they can be scanned. You can only allow or deny files, or tell it to > not check in archives. > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 23 13:29:39 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:24 2006 Subject: OT / SARE: 70_sare_specific.cf lint error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Anyone else notice a lint error for 70_sare_specific.cf?? the error goes like this: # /usr/bin/spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint . [skip] . Failed to compile body SpamAssassin tests, skipping: (Illegal declaration of anonymous subroutine at /etc/mail/spamassassin/70_sare_specific.cf, rule __SARE_LOTTO_GREENCARD, line 13. ) . [skip] . lint: 1 issues detected. please rerun with debug enabled for more information. The actual test in 70_..cf causing this is body __SARE_LOTTO_LOTTERY /\blott(?:o|ery)/i body __SARE_LOTTO_GREENCARD /green ?card/i meta SARE_LOTTO_GREENCARD __SARE_LOTTO_LOTTERY && __SARE_LOTTO_GREENCARD describe SARE_LOTTO_GREENCARD Greencard lottery score SARE_LOTTO_GREENCARD 1.006 Any tips apart from commenting out this test? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 23 13:41:39 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:24 2006 Subject: OT / SARE: 70_sare_specific.cf lint error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] solved.. see below Dhawal Doshy wrote: > Hi, > > Anyone else notice a lint error for 70_sare_specific.cf?? the error goes > like this: > > # /usr/bin/spamassassin -x -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint > . > [skip] > . > Failed to compile body SpamAssassin tests, skipping: > (Illegal declaration of anonymous subroutine at > /etc/mail/spamassassin/70_sare_specific.cf, rule __SARE_LOTTO_GREENCARD, > line 13. > ) > . My screw up.. a new body check rule that i added in another .cf file caused this error. sorry for the false alarm. Time to read Matt's rule writing guide.. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 23 15:07:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:24 2006 Subject: Attachment Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This should only happen if the virus is not a "Non-Forging Virus". If it is a "Silent Virus" then the whole message will be thrown away. If you put the virus name (or just a part of it such as "OF97/") in the "Non-Forging Viruses" list in MailScanner.conf, then the rest of the message will be delivered, including the uninfected attachments. The string to put in the "Non-Forging Viruses" setting differs between different scanners as they use different naming schemes. OF97/ is common to the names of Microsoft Office 97 viruses given by Sophos. Your scanner will probably need something else, perhaps just "WM97" or similar. MailScanner does always try to deliver as much of the message as it can. And I just checked this and it is working fine. Most other virus scanners will always throw away the whole message whatever was wrong with it. MailScanner is better than that and will attempt to deliver a clean version of the message if at all possible, controlled of course by the configuration settings you use. Narpender Bawa wrote: >Scott, Thanks very much for you answer to my second question. But i am >still looking for an answer to the first where three file attachments (one >a .pdf, another a .doc and the third a .zip) were sent. The mail scanner >found problem with the .zip file and it quarantined it but did not deliver >even the other two attachments (.pdf and .doc files). > >Thanks, > >Narpender > > >On Fri, 22 Jul 2005, Scott Silva wrote: > > > >>Narpender Bawa spake the following on 7/22/2005 1:44 PM: >> >> >>>An internal user sent an email message that contained a number of >>>attachments (.pdf, .txt, and .zip). The .zip file had a javascript (.js) >>>file, so the mail scanner quarantined the .zip file which is OK. However, >>>the recepient did not get the remaining attachments, even the ones that >>>passed the scanning. Is it possible to configure the mail scanner to allow >>>delivery of rest of the attached files and quarantine only the ones that >>>have a problem? On a different note, is it possible to quarantine a (.pif >>>or .scr or .js) file contained in a .zip file and allow delivery of the rest >>>of the files contained in the same .zip file. >>> >>>Any help in this regard will be highly appreciated. >>> >>>Thank you, >>> >>>Narpender >>> >>> >>> >>MailScanner doesn't fix archive files, it just unpacks the attachments >>so they can be scanned. You can only allow or deny files, or tell it to >>not check in archives. >> >> >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 23 16:04:18 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:24 2006 Subject: OT / SARE: 70_sare_specific.cf lint error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A follow-up to my previous mail(s) SpamAssassin doesn't understand Rule Names that start with a number, i had to change my rule_name from '2nd_xx' to 'Second_xx'. I couldn't find this documented on the SA site or Wiki (though there are some documented limitations on rule_names like being 22 characters long etc..) While there are limitations in rule_names, SA started throwing errors that were absolutely not related to the actual problem. If someone can confirm this behaviour, then we could possibly report it to the SA bugzilla. - dhawal Dhawal Doshy wrote: > solved.. see below > > Dhawal Doshy wrote: > >> Hi, >> >> Anyone else notice a lint error for 70_sare_specific.cf?? the error >> goes like this: >> >> # /usr/bin/spamassassin -x -D -p >> /etc/MailScanner/spam.assassin.prefs.conf --lint >> . >> [skip] >> . >> Failed to compile body SpamAssassin tests, skipping: >> (Illegal declaration of anonymous subroutine at >> /etc/mail/spamassassin/70_sare_specific.cf, rule >> __SARE_LOTTO_GREENCARD, line 13. >> ) >> . > > > My screw up.. a new body check rule that i added in another .cf file > caused this error. sorry for the false alarm. > > Time to read Matt's rule writing guide.. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 23 16:20:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:24 2006 Subject: OT / SARE: 70_sare_specific.cf lint error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I could well believe it. Each rule is turned into a Perl function. So rule names are governed by the restrictions applied by Perl on what makes a valid function name. Function names cannot start with a number. No point reporting it to SA Bugzilla, it is beyond their control. Dhawal Doshy wrote: > A follow-up to my previous mail(s) > > SpamAssassin doesn't understand Rule Names that start with a number, i > had to change my rule_name from '2nd_xx' to 'Second_xx'. I couldn't > find this documented on the SA site or Wiki (though there are some > documented limitations on rule_names like being 22 characters long etc..) > > While there are limitations in rule_names, SA started throwing errors > that were absolutely not related to the actual problem. > > If someone can confirm this behaviour, then we could possibly report > it to the SA bugzilla. > > - dhawal > > Dhawal Doshy wrote: > >> solved.. see below >> >> Dhawal Doshy wrote: >> >>> Hi, >>> >>> Anyone else notice a lint error for 70_sare_specific.cf?? the error >>> goes like this: >>> >>> # /usr/bin/spamassassin -x -D -p >>> /etc/MailScanner/spam.assassin.prefs.conf --lint >>> . >>> [skip] >>> . >>> Failed to compile body SpamAssassin tests, skipping: >>> (Illegal declaration of anonymous subroutine at >>> /etc/mail/spamassassin/70_sare_specific.cf, rule >>> __SARE_LOTTO_GREENCARD, line 13. >>> ) >>> . >> >> >> >> My screw up.. a new body check rule that i added in another .cf file >> caused this error. sorry for the false alarm. >> >> Time to read Matt's rule writing guide.. >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 23 16:43:52 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:24 2006 Subject: OT / SARE: 70_sare_specific.cf lint error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Agreed, but shouldn't it error out gracefully / meaningfully rather than a clueless error pointing to an altogether different rule(set)? - dhawal Julian Field wrote: > I could well believe it. Each rule is turned into a Perl function. So > rule names are governed by the restrictions applied by Perl on what > makes a valid function name. Function names cannot start with a number. > No point reporting it to SA Bugzilla, it is beyond their control. > > Dhawal Doshy wrote: > >> A follow-up to my previous mail(s) >> >> SpamAssassin doesn't understand Rule Names that start with a number, i >> had to change my rule_name from '2nd_xx' to 'Second_xx'. I couldn't >> find this documented on the SA site or Wiki (though there are some >> documented limitations on rule_names like being 22 characters long etc..) >> >> While there are limitations in rule_names, SA started throwing errors >> that were absolutely not related to the actual problem. >> >> If someone can confirm this behaviour, then we could possibly report >> it to the SA bugzilla. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 23 18:01:14 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> Alex Neuman van der Hans wrote: >> >>> I'm just asking if anybody knows what the "magic header" would be for >>> Mozilla/TB/O2K3 to tell a default configuration that a message is in >>> fact spam without resorting to changing the headers. >>> Here's how you could possibly add a magic-header to thunderbird: 1. Download this: http://downloads.mozdev.org/bayesjunktool/bayesjunktool-0.2.1.jar 2. Locate your thunderbird custom training data file using this: http://kb.mozillazine.org/Profile_folder OR start with a new file. 3. Run the jar file and open the training.dat file, manually add the tokens / header (say X-Spam-Status=spam and X-Spam-Status=ham for bad and good tokens respectively) that you want to be detected as Junk / Not-Junk. 4. Test it out pretty well 5. Use some distribution system at your facility to use this as the starter training data for all thunderbird users. 6. Ask management for a raise.. and send me and Julian some of it. Let us know how it works out anyways. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sat Jul 23 19:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:24 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote on Sat, 23 Jul 2005 22:31:14 +0530: > 5. Use some distribution system at your facility to use this as the > starter training data for all thunderbird users. Wouldn't it be easier to just distribute the changes users have to do now manually? (Add some rule filing certain headers to folder spam.) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgbmtom at SPAMCOP.NET Sun Jul 24 03:17:08 2005 From: cgbmtom at SPAMCOP.NET (Tom Carroll) Date: Thu Jan 12 21:30:24 2006 Subject: PostFix/Pipe problem Message-ID: Hello. I am noew to this list, so I hope this is the right place for me to find help. I am using ClarkConnect 3.1 Home as my Gateway server (recently switched from SME Server). I followed several how-to documents posted to the ClarkConnect website as well as the MailScanner documentation to set up a comprehensive anti-spam/antivirus mail system. I have had numerous problems with my setup and still cannot receive or send any mail through the system. I have solved several issues, but now I am having one that I have not been able to find a solution for. I have searched Google, MailScanner documentation, this list, and the ClarkConnect forums. I am desperate now... I have the following software: ClarkConnect v3.1 (Home) built on CentOS 4 (running in Gateway mode) PostFix v2.1.5 MailScanner v4.43.8 SpamAssassin v3.0.4 Perl v5.8.5 My Hardware: Dell PowerEdge 500SC 2 gigbytes of RAM 80gb HDA 300gb HDB---- CD-ROM HDC |---- Raid1 300gb HDD---- Intel Pro 100 NIC x 2 My network layout is: Cable modem -> CC Server -> LinkSys 8PS -> WinXPP w/SP2 x 4 I review my logs and I can see that PostFix is receiving the mail, MailScanner is processing it via SpamAssassin and ClamAv, and then PostFix is choking on an error and not delivering the mail. Here's and excerpt of my maillog: (Sorry for the length) Jul 23 12:04:56 CWServer MailScanner[30437]: MailScanner E-Mail Virus Scanner version 4.43.8 starting... Jul 23 12:04:57 CWServer MailScanner[30437]: Read 182 hostnames from the phishing whitelist Jul 23 12:04:59 CWServer MailScanner[30437]: Using locktype = flock Jul 23 12:05:00 CWServer MailScanner[30437]: New Batch: Scanning 22 messages, 79465 bytes Jul 23 12:05:00 CWServer MailScanner[30437]: MCP Checks completed at 79465 bytes per second Jul 23 12:05:00 CWServer MailScanner[30437]: Spam Checks: Starting Jul 23 12:05:02 CWServer MailScanner[30437]: RBL checks: 1724261012A.B66F9 found in SBL+XBL, CBL, DSBL, spamcop.net Jul 23 12:05:02 CWServer MailScanner[30437]: Message 1724261012A.B66F9 from 200.67.169.246 (lavwson_22@hotmail.com) to carrollweb.net is spam, SBL+XBL, CBL, DSBL, spamcop.net Jul 23 12:05:05 CWServer MailScanner[30437]: RBL checks: E70C361011B.14DBE found in SORBS-DNSBL Jul 23 12:05:05 CWServer MailScanner[30437]: Message E70C361011B.14DBE from 141.156.34.118 (wkqolxwqdmmp@kneu.kiev.ua) to carrollweb.net is spam, SORBS-DNSBL Jul 23 12:05:07 CWServer MailScanner[30585]: MailScanner E-Mail Virus Scanner version 4.43.8 starting... Jul 23 12:05:08 CWServer MailScanner[30585]: Read 182 hostnames from the phishing whitelist Jul 23 12:05:11 CWServer MailScanner[30585]: Using locktype = flock Jul 23 12:05:12 CWServer MailScanner[30437]: Message 9ABD161010D.C272E from 66.75.162.133 (carrollt534@hawaii.rr.com) to carrollweb.net is not spam, SpamAssassin (score=0.991, required 5, FROM_ENDS_IN_NUMS 0.52, HTML_90_100 0.19, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28) Jul 23 12:05:16 CWServer MailScanner[30437]: Message CFFFF6100FB.5BCAA from 67.134.185.3 (ironport@aristotle.net) to carrollweb.net is not spam, SpamAssassin (score=1.924, required 5, EXCUSE_3 0.10, EXCUSE_7 0.15, HTML_IMAGE_RATIO_04 0.18, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 0.10, HTML_TAG_EXIST_TBODY 0.23, MIME_HTML_ONLY 1.16, MSGID_FROM_MTA_HEADER 0.00) Jul 23 12:05:18 CWServer MailScanner[30437]: Message E5664610105.7B5D7 from 66.75.162.133 (cgbmtom@spamcop.net) to carrollweb.net is not spam, SpamAssassin (score=0.19, required 5, HTML_90_100 0.19, HTML_MESSAGE 0.00) Jul 23 12:05:18 CWServer MailScanner[30592]: MailScanner E-Mail Virus Scanner version 4.43.8 starting... Jul 23 12:05:19 CWServer MailScanner[30592]: Read 182 hostnames from the phishing whitelist Jul 23 12:05:22 CWServer MailScanner[30592]: Using locktype = flock Jul 23 12:05:23 CWServer MailScanner[30437]: Message 00CF5610109.6854D from 216.127.132.18 (iq-1q-dq07222005171317-1q-kq-0722issue-1q-pir_navl-1q-lnbcg-3q-carrollweb-2 q-net@return1.gliq.com) to carrollweb.net is not spam, SpamAssassin (score=0, required 5, autolearn=not spam) Jul 23 12:05:26 CWServer MailScanner[30437]: Message 8862B6100FE.9F3B2 from 192.168.1.161 (^H^H^H^¿^¿^¿ <@carrollweb.net) to carrollweb.net is not spam, SpamAssassin (score=-0.756, required 5, autolearn=not spam, ALL_TRUSTED -2.82, FROM_ILLEGAL_CHARS 0.05, HEAD_ILLEGAL_CHARS 2.02) Jul 23 12:05:28 CWServer MailScanner[30437]: Message 80003610103.6C33C from 192.168.1.161 (tom@carrollweb.net) to carrollweb.net is not spam, SpamAssassin (score=-2.345, required 5, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28) Jul 23 12:05:29 CWServer MailScanner[30437]: RBL checks: 0554261011C.C1E2D found in SBL+XBL, CBL, DSBL, spamcop.net Jul 23 12:05:29 CWServer MailScanner[30437]: Message 0554261011C.C1E2D from 210.206.219.137 (nathaniel_akins@churchgate.com) to carrollweb.net is spam, SBL+XBL, CBL, DSBL, spamcop.net Jul 23 12:05:29 CWServer MailScanner[30602]: MailScanner E-Mail Virus Scanner version 4.43.8 starting... Jul 23 12:05:30 CWServer MailScanner[30602]: Read 182 hostnames from the phishing whitelist Jul 23 12:05:30 CWServer MailScanner[30437]: RBL checks: B0B3A610121.A14FA found in SORBS-DNSBL, CBL, DSBL, spamcop.net Jul 23 12:05:30 CWServer MailScanner[30437]: Message B0B3A610121.A14FA from 69.240.239.166 (concessions@comcast.net) to carrollweb.net is spam, SORBS-DNSBL, CBL, DSBL, spamcop.net Jul 23 12:05:32 CWServer MailScanner[30437]: Message 3CCC7610118.737F2 from 66.75.162.135 (cgbmtom@spamcop.net) to carrollweb.net is not spam, SpamAssassin (score=0.19, required 5, HTML_90_100 0.19, HTML_MESSAGE 0.00) Jul 23 12:05:34 CWServer MailScanner[30602]: Using locktype = flock Jul 23 12:05:36 CWServer MailScanner[30437]: Message E3F15610113.410AF from 65.125.54.186 (bo-byj301xavsdrjebffz896bvfdu1jx0@b.info.redhat.com) to carrollweb.net is not spam, SpamAssassin (score=0.028, required 5, autolearn=not spam, HTML_60_70 0.03, HTML_MESSAGE 0.00) Jul 23 12:05:37 CWServer MailScanner[30437]: RBL checks: E7C39610124.C30E6 found in SBL+XBL, CBL, spamcop.net Jul 23 12:05:37 CWServer MailScanner[30437]: Message E7C39610124.C30E6 from 83.132.128.137 (salmdomonkos@gastonassoc.com) to carrollweb.net is spam, SBL+XBL, CBL, spamcop.net Jul 23 12:05:38 CWServer MailScanner[30437]: Message 264E561011D.B7E24 from 127.0.0.1 (root@carrollweb.net) to tom,carrollweb.net is not spam, SpamAssassin (score=-2.82, required 5, autolearn=not spam, ALL_TRUSTED -2.82) Jul 23 12:05:39 CWServer MailScanner[30437]: RBL checks: E0910610120.D3BA5 found in SORBS-DNSBL, CBL, DSBL, spamcop.net Jul 23 12:05:39 CWServer MailScanner[30437]: Message E0910610120.D3BA5 from 69.240.239.166 (caren.windsor@comcast.net) to carrollweb.net is spam, SORBS-DNSBL, CBL, DSBL, spamcop.net Jul 23 12:05:40 CWServer MailScanner[30614]: MailScanner E-Mail Virus Scanner version 4.43.8 starting... Jul 23 12:05:41 CWServer MailScanner[30437]: Message 58667610108.9B2E1 from 192.168.1.161 (tom@carrollweb.net) to spamcop.net is not spam, SpamAssassin (score=-2.345, required 5, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28) Jul 23 12:05:41 CWServer MailScanner[30614]: Read 182 hostnames from the phishing whitelist Jul 23 12:05:42 CWServer MailScanner[30437]: Message AE02B610114.12537 from 66.75.162.135 (tcarroll2@hawaii.rr.com) to carrollweb.net is not spam, SpamAssassin (score=0.475, required 5, HTML_90_100 0.19, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28) Jul 23 12:05:43 CWServer MailScanner[30437]: RBL checks: 4481A610125.B3CB8 found in SBL+XBL, SORBS-DNSBL, CBL, DSBL, spamcop.net Jul 23 12:05:43 CWServer MailScanner[30437]: Message 4481A610125.B3CB8 from 24.51.192.137 (frecedmanl@hotmail.com) to carrollweb.net is spam, SBL+XBL, SORBS-DNSBL, CBL, DSBL, spamcop.net Jul 23 12:05:44 CWServer MailScanner[30614]: Using locktype = flock Jul 23 12:05:45 CWServer MailScanner[30437]: Message C744E610117.A8301 from 66.75.162.135 (carrollt534@hawaii.rr.com) to carrollweb.net is not spam, SpamAssassin (score=0.991, required 5, FROM_ENDS_IN_NUMS 0.52, HTML_90_100 0.19, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28) Jul 23 12:05:49 CWServer MailScanner[30437]: Message 33063610123.C1DB6 from 66.133.182.165 (wvlwolf@frontiernet.net) to carrollweb.net is not spam, SpamAssassin (score=3.402, required 5, MISSING_SUBJECT 1.57, RCVD_IN_BL_SPAMCOP_NET 1.83) Jul 23 12:05:50 CWServer MailScanner[30437]: RBL checks: 5E00A610101.28B36 found in SBL+XBL, CBL, DSBL, spamcop.net Jul 23 12:05:50 CWServer MailScanner[30437]: Message 5E00A610101.28B36 from 200.21.87.180 (avhytoveo@mora.se) to carrollweb.net is spam, SBL+XBL, CBL, DSBL, spamcop.net Jul 23 12:05:51 CWServer MailScanner[30437]: Message F0ACF610126.DFC6F from 127.0.0.1 (root@carrollweb.net) to tom,carrollweb.net is not spam, SpamAssassin (score=-2.82, required 5, autolearn=not spam, ALL_TRUSTED -2.82) Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Checks: Found 8 spam messages Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message 1724261012A.B66F9 actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message E70C361011B.14DBE actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message 0554261011C.C1E2D actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message B0B3A610121.A14FA actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message E7C39610124.C30E6 actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message E0910610120.D3BA5 actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message 4481A610125.B3CB8 actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Actions: message 5E00A610101.28B36 actions are deliver Jul 23 12:05:51 CWServer MailScanner[30437]: Spam Checks completed at 1558 bytes per second Jul 23 12:05:52 CWServer pop3-login: Login: tom [192.168.1.161] Jul 23 12:05:55 CWServer MailScanner[30437]: Virus and Content Scanning: Starting Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing F0ACF610126.DFC6F msg-30437-32.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 33063610123.C1DB6 msg-30437-29.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E70C361011B.14DBE 1.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E70C361011B.14DBE msg-30437-2.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 4481A610125.B3CB8 msg-30437-26.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 3CCC7610118.737F2 msg-30437-15.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 3CCC7610118.737F2 msg-30437-14.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E3F15610113.410AF msg-30437-17.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E3F15610113.410AF msg-30437-16.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 0554261011C.C1E2D msg-30437-12.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing CFFFF6100FB.5BCAA msg-30437-5.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 80003610103.6C33C msg-30437-10.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 80003610103.6C33C msg-30437-11.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 1724261012A.B66F9 msg-30437-1.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 00CF5610109.6854D msg-30437-8.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E5664610105.7B5D7 msg-30437-6.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E5664610105.7B5D7 msg-30437-7.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E0910610120.D3BA5 msg-30437-21.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E0910610120.D3BA5 hues2.gif Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 58667610108.9B2E1 msg-30437-22.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 58667610108.9B2E1 msg-30437-23.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing AE02B610114.12537 msg-30437-24.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing AE02B610114.12537 msg-30437-25.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing C744E610117.A8301 msg-30437-27.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing C744E610117.A8301 msg-30437-28.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 9ABD161010D.C272E msg-30437-4.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 9ABD161010D.C272E msg-30437-3.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E7C39610124.C30E6 msg-30437-18.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing E7C39610124.C30E6 msg-30437-19.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 264E561011D.B7E24 msg-30437-20.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 5E00A610101.28B36 msg-30437-30.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 5E00A610101.28B36 msg-30437-31.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing 8862B6100FE.9F3B2 msg-30437-9.txt Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing B0B3A610121.A14FA pioneered7.gif Jul 23 12:05:57 CWServer MailScanner[30437]: Filename Checks: Allowing B0B3A610121.A14FA msg-30437-13.html (no rule matched) Jul 23 12:05:57 CWServer MailScanner[30437]: tag found in message 1724261012A.B66F9 from lavwson_22@hotmail.com Jul 23 12:05:57 CWServer MailScanner[30437]: tag found in message CFFFF6100FB.5BCAA from ironport@aristotle.net Jul 23 12:05:57 CWServer MailScanner[30437]: tag found in message B0B3A610121.A14FA from concessions@comcast.net Jul 23 12:05:57 CWServer MailScanner[30437]: tag found in message E3F15610113.410AF from bo-byj301xavsdrjebffz896bvfdu1jx0@b.info.redhat.com Jul 23 12:05:57 CWServer MailScanner[30437]: tag found in message E7C39610124.C30E6 from salmdomonkos@gastonassoc.com Jul 23 12:05:57 CWServer MailScanner[30437]: tag found in message E0910610120.D3BA5 from caren.windsor@comcast.net Jul 23 12:05:57 CWServer MailScanner[30437]: tag found in message 5E00A610101.28B36 from avhytoveo@mora.se Jul 23 12:05:57 CWServer MailScanner[30437]: Virus Scanning completed at 13244 bytes per second Jul 23 12:05:57 CWServer MailScanner[30437]: Content Checks: Detected and have disarmed HTML message in CFFFF6100FB.5BCAA from ironport@aristotle.net Jul 23 12:05:57 CWServer MailScanner[30437]: Requeue: 1724261012A.B66F9 to 39A745FC76F Jul 23 12:05:57 CWServer MailScanner[30437]: Requeue: E70C361011B.14DBE to 32F2F5FC7FC Jul 23 12:05:57 CWServer MailScanner[30437]: Requeue: 9ABD161010D.C272E to 0D1BB5FC7FD Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: CFFFF6100FB.5BCAA to 123405FC7FE Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: E5664610105.7B5D7 to 828805FC7FF Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 00CF5610109.6854D to 7CF535FC801 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 8862B6100FE.9F3B2 to E1D4F5FC802 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 80003610103.6C33C to A22255FC803 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 0554261011C.C1E2D to 473815FC804 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: B0B3A610121.A14FA to 7C00A5FC806 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 3CCC7610118.737F2 to 121445FC807 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: E3F15610113.410AF to 43B1D5FC808 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: E7C39610124.C30E6 to A4A1D5FC809 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 264E561011D.B7E24 to BF67A5FC80A Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: E0910610120.D3BA5 to C4A2E5FC80B Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 58667610108.9B2E1 to 7E8255FC80C Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: AE02B610114.12537 to 050055FC80D Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 4481A610125.B3CB8 to 837375FC80E Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: C744E610117.A8301 to AA9EC5FC80F Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 33063610123.C1DB6 to D60355FC810 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: 5E00A610101.28B36 to C4D625FC811 Jul 23 12:05:58 CWServer MailScanner[30437]: Requeue: F0ACF610126.DFC6F to 9AD805FC812 Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 39A745FC76F: from=, size=1792, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 32F2F5FC7FC: from=, size=1178, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: D60355FC810: from=, size=2268, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 0D1BB5FC7FD: from=, size=2672, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 050055FC80D: from=, size=2668, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 9AD805FC812: from=, size=959, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: A22255FC803: from=, size=2387, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: AA9EC5FC80F: from=, size=2680, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: A4A1D5FC809: from=, size=4956, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 43B1D5FC808: from=, size=18201, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 473815FC804: from=, size=1555, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 7CF535FC801: from=, size=4398, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 7C00A5FC806: from=, size=3214, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 7E8255FC80C: from=, size=2395, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: C4A2E5FC80B: from=, size=4035, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: C4D625FC811: from=, size=8193, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer MailScanner[30437]: Uninfected: Delivered 22 messages Jul 23 12:05:58 CWServer MailScanner[30437]: Virus Processing completed at 79465 bytes per second Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 121445FC807: from=, size=2683, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 123405FC7FE: from=, size=5756, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: E1D4F5FC802: from=, size=654, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: BF67A5FC80A: from=, size=959, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 828805FC7FF: from=, size=2669, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer postfix/qmgr[22236]: 837375FC80E: from=, size=1321, nrcpt=1 (queue active) Jul 23 12:05:58 CWServer MailScanner[30437]: Disinfection completed at 79465 bytes per second Jul 23 12:05:58 CWServer MailScanner[30437]: Batch completed at 1370 bytes per second (79465 / 58) Jul 23 12:05:58 CWServer postfix/local[30658]: warning: open active 9AD805FC812: No such file or directory Jul 23 12:05:58 CWServer postfix/local[30658]: warning: open active BF67A5FC80A: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 32F2F5FC7FC: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active D60355FC810: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 0D1BB5FC7FD: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 050055FC80D: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active A22255FC803: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active AA9EC5FC80F: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active A4A1D5FC809: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 43B1D5FC808: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 473815FC804: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 7CF535FC801: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 7C00A5FC806: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 7E8255FC80C: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active C4A2E5FC80B: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active C4D625FC811: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 121445FC807: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 123405FC7FE: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active E1D4F5FC802: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 828805FC7FF: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30661]: warning: open active 837375FC80E: No such file or directory Jul 23 12:05:58 CWServer postfix/pipe[30659]: warning: open active 39A745FC76F: No such file or directory I can see the files, such as the last one (39A745FC76F) in the /var/spool/postfix/deferred/3/ directory. I have no idea why the mail is going to the deferred directories as the mail queues for the users exist in the /var/spool/mail directory and the permissions on each user file is set to "postfix:postfix rwx------". I appreciate any insight any of you may have. Thank you in advance! Tom Carroll ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Jul 24 10:06:37 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:24 2006 Subject: PostFix/Pipe problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tom Carroll wrote: >Hello. I am noew to this list, so I hope this is the right place for me to >find help. > > We'll do what we can :-) >Jul 23 12:05:58 CWServer postfix/pipe[30659]: warning: open active >39A745FC76F: No such file or directory > > I have seen something similar previously with a ClarkConnect system. They set it up for use with Amavis (Or spamd, I forget) and you are not running that so Postfix is trying to pipe the mail to a non-existent daemon. Check your master.cf for something like filter or similar and comment it out. Once you have found that look for a corresponding entry in main.cf and comment that out also. Then reload Postfix. >I can see the files, such as the last one (39A745FC76F) in the >/var/spool/postfix/deferred/3/ directory. I have no idea why the mail is >going to the deferred directories as the mail queues for the users exist in >the /var/spool/mail directory and the permissions on each user file is set >to "postfix:postfix rwx------". > > It's because as far as Postfix is concerned, the mail has not got to a delivery stage yet, hence it's deferred the mail. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgbmtom at SPAMCOP.NET Sun Jul 24 10:51:08 2005 From: cgbmtom at SPAMCOP.NET (Tom Carroll) Date: Thu Jan 12 21:30:24 2006 Subject: PostFix/Pipe problem Message-ID: First of all Drew, let me thank you for responding. I have been posting messages on the ClarkConnect forums all day and no one has jumped in once to offer any suggestions. It's nice to know someone is willing to suggest something! :) On Saturday, July 23, 2005 11:07 PM Drew Marshall wrote: > Tom Carroll wrote: > > >Hello. I am noew to this list, so I hope this is the right place for me > to > >find help. > > > > > We'll do what we can :-) > > > > >Jul 23 12:05:58 CWServer postfix/pipe[30659]: warning: open active > >39A745FC76F: No such file or directory > > > > > I have seen something similar previously with a ClarkConnect system. > They set it up for use with Amavis (Or spamd, I forget) and you are not > running that so Postfix is trying to pipe the mail to a non-existent > daemon. Check your master.cf for something like filter or similar and > comment it out. Once you have found that look for a corresponding entry > in main.cf and comment that out also. Then reload Postfix. Right you are. ClarkConnect comes setup and ready to run SpamAssassin. However, I was on a fresh install and I chose not to install the cc-SpamAssassin module as suggested by the how-to on the CC forum. There is a filter entry in the master.cf file, but it is commented out. Here's my master.cf: # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #smtp inet n - n - - smtpd -o content_filter=ccfilter: #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr #tlsmgr fifo - - n 300 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil # # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # maildrop. See the Postfix MAILDROP_README file for details. # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient #ccfilter unix - n n - - pipe # flags=R user=filter argv=/usr/bin/ccfilterspam -f ${sender} -- ${recipient} # ========================================================================== I went in and commented out the last two lines just to be sure and I moved all my deferred mail back into the incoming queue, and it immediately went back into the deferred queue after I restarted MailScanner. :( > >I can see the files, such as the last one (39A745FC76F) in the > >/var/spool/postfix/deferred/3/ directory. I have no idea why the mail is > >going to the deferred directories as the mail queues for the users exist > in > >the /var/spool/mail directory and the permissions on each user file is > set > >to "postfix:postfix rwx------". > > > > > It's because as far as Postfix is concerned, the mail has not got to a > delivery stage yet, hence it's deferred the mail. What would cause the mail to be deferred? Is there something I need to change? My system has only five users (one of them being root) and we get maybe 20 to 30 e-mails a day that are valid e-mails. It's the other thousand or two that are spam and viruses. Another peculiarity is that I do receive the crond.hourly e-mails showing that ClamAv is up to date, so I am thinking it has to do with external mail, but I am not able to check that theory because I cannot get my mail server to respond on port 25... Thanks for any suggestions Tom ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Jul 24 15:01:34 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:24 2006 Subject: PostFix/Pipe problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sun, July 24, 2005 10:51, Tom Carroll wrote: > First of all Drew, let me thank you for responding. I have been posting > messages on the ClarkConnect forums all day and no one has jumped in once > to > offer any suggestions. It's nice to know someone is willing to suggest > something! :) A pleasure! > > Right you are. ClarkConnect comes setup and ready to run SpamAssassin. > However, I was on a fresh install and I chose not to install the > cc-SpamAssassin module as suggested by the how-to on the CC forum. There > is > a filter entry in the master.cf file, but it is commented out. > > Here's my master.cf: > > # > ========================================================================== > # service type private unpriv chroot wakeup maxproc command + args > # (yes) (yes) (yes) (never) (100) > # > ========================================================================== > #smtp inet n - n - - smtpd -o > content_filter=ccfilter: This is the problem, firstly you have turned off smtp, which is hy you can't get a port 25 reponse. Uncomment this line but remove the -o content_filter=ccfilter part i.e. your top line should read: smtp inet n - n - - smtpd > #smtps inet n - n - - smtpd > # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes > #submission inet n - n - - smtpd > # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o > smtpd_etrn_restrictions=reject > #628 inet n - n - - qmqpd > pickup fifo n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr fifo n - n 300 1 qmgr > #qmgr fifo n - n 300 1 oqmgr > #tlsmgr fifo - - n 300 1 tlsmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > proxymap unix - - n - - proxymap > smtp unix - - n - - smtp > relay unix - - n - - smtp > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 > showq unix n - n - - showq > error unix - - n - - error > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > # > # Interfaces to non-Postfix software. Be sure to examine the manual > # pages of the non-Postfix software to find out what options it wants. > # > # maildrop. See the Postfix MAILDROP_README file for details. > # > maildrop unix - n n - - pipe > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} > # > # The Cyrus deliver program has changed incompatibly, multiple times. > # > old-cyrus unix - n n - - pipe > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} > ${user} > # Cyrus 2.1.5 (Amos Gouaux) > # Also specify in main.cf: cyrus_destination_recipient_limit=1 > cyrus unix - n n - - pipe > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m > ${extension} ${user} > uucp unix - n n - - pipe > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail > ($recipient) > ifmail unix - n n - - pipe > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) > bsmtp unix - n n - - pipe > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop > $recipient > #ccfilter unix - n n - - pipe > # flags=R user=filter argv=/usr/bin/ccfilterspam -f ${sender} -- > ${recipient} > # > ========================================================================== > > I went in and commented out the last two lines just to be sure and I moved > all my deferred mail back into the incoming queue, and it immediately went > back into the deferred queue after I restarted MailScanner. :( The rest is fine. Change that line and reload Postfix (in fact better still stop and start it as that should re-queue the deferred mail automatically). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajd at ADAVIES.NET Sun Jul 24 18:45:56 2005 From: ajd at ADAVIES.NET (Alan Davies) Date: Thu Jan 12 21:30:24 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm new to this forum. I've recently starting have problems with SPAM and found MailScanner as a solution. However . . . I'm having problems and am looking for some help. I've been over the FAQ page and didn't find anything of use. I'm trying to install mailscanner to a RAQ 4 with a standard RAQ RH OS and patches. It's running PERL 5. It seems to run the install fine, but when I try to start the services it gives me the following error. Any help is appreciated. [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop Shutting down Mail Service: sendmail ok [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop Shutting down Mail Service: ERROR! [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/MailScanner start Starting MailScanner daemons: incoming sendmail: ok outgoing sendmail: ok MailScanner: Can't locate Net/CIDR.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Config.pm line 34. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Config.pm line 34. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. ok [root MailScanner-4.43.8-1]# Thanks in advance, Alan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgbmtom at SPAMCOP.NET Sun Jul 24 19:03:42 2005 From: cgbmtom at SPAMCOP.NET (Tom Carroll) Date: Thu Jan 12 21:30:24 2006 Subject: PostFix/Pipe problem Message-ID: On Sunday, July 24, 2005 4:02 AM Drew Marshall wrote: > ========================================================================== > > # service type private unpriv chroot wakeup maxproc command + args > > # (yes) (yes) (yes) (never) (100) > > # > > > ========================================================================== > > #smtp inet n - n - - smtpd -o > > content_filter=ccfilter: > > This is the problem, firstly you have turned off smtp, which is hy you > can't get a port 25 reponse. Uncomment this line but remove the -o > content_filter=ccfilter part i.e. your top line should read: > > smtp inet n - n - - smtpd > > > The rest is fine. Change that line and reload Postfix (in fact better > still stop and start it as that should re-queue the deferred mail > automatically). Okay, my smtp server is now responding, but I still have one problem. The mail that I moved back into the incoming queue is returned to the deferred queue. I also have files in the defer queue as well that are not being delivered. Here's another excerpt of my logs: ==================== Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: premature end-of-input on private/ccfilter socket while reading input attribute name Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: private/ccfilter socket: malformed response Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: transport ccfilter failure -- see a previous warning/fatal/panic logfile record for the problem description Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: premature end-of-input on private/ccfilter socket while reading input attribute name Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: private/ccfilter socket: malformed response Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: transport ccfilter failure -- see a previous warning/fatal/panic logfile record for the problem description Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: premature end-of-input on private/ccfilter socket while reading input attribute name Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: private/ccfilter socket: malformed response Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: transport ccfilter failure -- see a previous warning/fatal/panic logfile record for the problem description Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: premature end-of-input on private/ccfilter socket while reading input attribute name Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: private/ccfilter socket: malformed response Jul 24 07:44:40 CWServer postfix/qmgr[24932]: warning: transport ccfilter failure -- see a previous warning/fatal/panic logfile record for the problem description ==================== These errors are only occurring on the mail that is in the defer queue, not any new mail. All new mail is being processed correctly. Here's one of the files I found in the defer queue I mentioned above. ==================== : delivery temporarily suspended: unknown mail transport error recipient=piglet@carrollweb.net offset=337 status=4.0.0 action=delayed reason=delivery temporarily suspended: unknown mail transport error ==================== I have done a grep of nearly every file on my system and I cannot find any other config file that has the ccfilter string in it except the master.cf, and it is commented out. I had a moment of clarity and decided to grep the deferred queue, and low-and-behold, each message in the deferred queue has a ccfilter entry in it. Any idea why? Can I manually edit each message and delete that string so it can be delivered to its destination? At least the system is working now and any new mail coming into the system is now being processed accordingly whether it is inbound or outbound, so I thank you for that! :) I really do appreciate you taking time to help me. Tom ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jul 24 19:56:02 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:24 2006 Subject: postfix problem Message-ID: I decided to give postfix a try after relying on sendmail for many years. I've got everything working on a gateway MS box, but I keep getting this error: Jul 24 13:47:57 avenger MailScanner[23165]: New Batch: Scanning 1 messages, 1281 bytes Jul 24 13:47:57 avenger MailScanner[23165]: Spam Checks: Starting Jul 24 13:47:57 avenger MailScanner[23165]: Could not open Bayes rebuild lock file /tmp/MS.bayes.rebuild.lock, Permission denied Jul 24 13:47:57 avenger MailScanner[23165]: At start of SA checks could not open /tmp/MS.bayes.rebuild.lock, Permissions of /tmp are: drwxrwxrwt 5 root root 4096 Jul 24 13:47 tmp I also have this: Jul 24 13:46:59 avenger postfix/postsuper[23137]: warning: bogus file name: hold/razor-agent.log Is this a problem and if so, what do I need to do to correct it? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jul 24 19:59:28 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:24 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: You can try installing Net:CIDR from CPAN: perl -MCPAN -e shell install Net::CIDR Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alan Davies Sent: Sunday, July 24, 2005 12:46 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Hi, I'm new to this forum. I've recently starting have problems with SPAM and found MailScanner as a solution. However . . . I'm having problems and am looking for some help. I've been over the FAQ page and didn't find anything of use. I'm trying to install mailscanner to a RAQ 4 with a standard RAQ RH OS and patches. It's running PERL 5. It seems to run the install fine, but when I try to start the services it gives me the following error. Any help is appreciated. [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop Shutting down Mail Service: sendmail ok [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop Shutting down Mail Service: ERROR! [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/MailScanner start Starting MailScanner daemons: incoming sendmail: ok outgoing sendmail: ok MailScanner: Can't locate Net/CIDR.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Config.pm line 34. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Config.pm line 34. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. ok [root MailScanner-4.43.8-1]# Thanks in advance, Alan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jul 24 20:12:29 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:24 2006 Subject: postfix problem Message-ID: I answered one of my own questions: -rw------- 1 root root 64 Jul 24 12:52 MS.bayes.rebuild.lock already existed from (I assume) earlier when I was still running sendmail on this box. I deleted that lock file and the error went away. I'll keep plugging on the razor-agent.log file Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: Sunday, July 24, 2005 1:56 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: postfix problem I decided to give postfix a try after relying on sendmail for many years. I've got everything working on a gateway MS box, but I keep getting this error: Jul 24 13:47:57 avenger MailScanner[23165]: New Batch: Scanning 1 messages, 1281 bytes Jul 24 13:47:57 avenger MailScanner[23165]: Spam Checks: Starting Jul 24 13:47:57 avenger MailScanner[23165]: Could not open Bayes rebuild lock file /tmp/MS.bayes.rebuild.lock, Permission denied Jul 24 13:47:57 avenger MailScanner[23165]: At start of SA checks could not open /tmp/MS.bayes.rebuild.lock, Permissions of /tmp are: drwxrwxrwt 5 root root 4096 Jul 24 13:47 tmp I also have this: Jul 24 13:46:59 avenger postfix/postsuper[23137]: warning: bogus file name: hold/razor-agent.log Is this a problem and if so, what do I need to do to correct it? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sun Jul 24 21:31:28 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:24 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alan Davies wrote on Sun, 24 Jul 2005 10:45:56 -0700: > [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop > Shutting down Mail Service: ERROR! that's obviously not an MS error ;-) > [root MailScanner-4.43.8-1]# /etc/rc.d/init.d/MailScanner start > Starting MailScanner daemons: > incoming sendmail: ok > outgoing sendmail: ok > MailScanner: Can't locate Net/CIDR.pm in You don't seem to have it installed, so: install it! (Net::CIDR). Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgbmtom at SPAMCOP.NET Sun Jul 24 22:52:24 2005 From: cgbmtom at SPAMCOP.NET (Tom Carroll) Date: Thu Jan 12 21:30:24 2006 Subject: PostFix/Pipe Problem - SOLUTION Message-ID: I figured out my problem after surfing on Google some more. I found that someone who was trying to use amvis was having some similar log entries in their maillog concerning the transport error. They found two entries in their main.cf file. "Local_Transport = Local" and "Virtual_Transport = Virtual". They commented out/removed the "Local_Transport" entry and their setup worked fine. There were no transport entries in my main.cf file to start with. I shut down mailscanner and added the "Virtual_Transport = Virtual" into the main.cf and restarted and the forced the requeue of all the mail using "postsuper -r ALL" command. Nothing weird showed up in the log, but I couldn't see the mail anywhere. It looked like it went off into the bit-bucket. So, I shutdown mailscanner again and changed the entry in main.cf to "Local_Transport = Local", restarted MailScanner and requeued again with postsuper. All my mail was delivered to their queues. It appears everything is working now. I have no idea why ccfilter was being used because I never had that filter installed. I will monitor it and if this is the fix I will ask that the How-to be updated after someone can test this theory... Thanks for all your help! Tom ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgbmtom at SPAMCOP.NET Mon Jul 25 01:31:41 2005 From: cgbmtom at SPAMCOP.NET (Tom Carroll) Date: Thu Jan 12 21:30:24 2006 Subject: MailScanner functionality Message-ID: Alright, I suppose I can ask my questions here since this is where the experts are. I am curious as to the function chain of MailScanner. Here's my optional MTA and mail handling system, and I do not know if MailScanner can work in this way or not (I have read the docs). SMTP session begins. SMTP server checks ip for open relays. If open relay = true SMTP server rejects mail from open relay SMTP server checks for local user If local user = false SMTP server rejects message for non-local user SMTP server checks for acceptance of mail from ip or tld If ip or tld on reject list = true SMTP server rejects message with message of how to reach postmaster SMTP server accepts message Process for spam If message = spam Process in accordance with rules Process for virus If virus = true Process in accordance with rules Deliver message I run my own mail server with my own domain through dyndns. I have two pre-teen children who have begun playing online games and chatting with friends. I see the number of spam messages increasing and I want to put a stop to the majority of the risk of having the system accepting dangerous e-mails. Since this is my server and I am only serving to my family, I want to block certain tld's from sending mail to us. I know the political backlash I can get for stating this, but this system is private, therefore I do not have to accept something if I do not want it. Can mailscanner do this for me? I believe PostFix can, but it appears my server is currently accepting everything that is sent to it, processing it and then sending out a bounce message. I do not want to receive anything on my server until I determine it is something I want. I do not know if MailScanner is able to be the sentry at the front door that I need. To me it appears it is the sentry in the lobby rejecting the unwanted after it has already entered the lobby. Bad for security... Thank you! Tom ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Jul 25 01:45:27 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:24 2006 Subject: MailScanner functionality Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://www.fsl.com/whitepapers/Fortress_SMGateway_Architecture_Diagram.pdf Steve has documented the procees above. Checkoutthe FAQ, MAQ and Wiki on the www.mailscanner.info To achieve what you want postfix can be configured to accept mail only for valid users. In the wiki there are some pointers to using recipient lists (which you can create manually for the small environment you have) which are essentially lists of usernames or emails that postfix will accept emails for, if the email is addressed to some one not in the list, it will be rejected. Pete Tom Carroll wrote: > Alright, I suppose I can ask my questions here since this is where the > experts are. > > I am curious as to the function chain of MailScanner. > > Here's my optional MTA and mail handling system, and I do not know if > MailScanner can work in this way or not (I have read the docs). > > SMTP session begins. > SMTP server checks ip for open relays. > If open relay = true > SMTP server rejects mail from open relay > SMTP server checks for local user > If local user = false > SMTP server rejects message for non-local user > SMTP server checks for acceptance of mail from ip or tld > If ip or tld on reject list = true > SMTP server rejects message with message of how to reach postmaster > SMTP server accepts message > Process for spam > If message = spam > Process in accordance with rules > Process for virus > If virus = true > Process in accordance with rules > Deliver message > > I run my own mail server with my own domain through dyndns. I have two > pre-teen children who have begun playing online games and chatting with > friends. I see the number of spam messages increasing and I want to put a > stop to the majority of the risk of having the system accepting dangerous > e-mails. > > Since this is my server and I am only serving to my family, I want to block > certain tld's from sending mail to us. I know the political backlash I can > get for stating this, but this system is private, therefore I do not have to > accept something if I do not want it. > > Can mailscanner do this for me? I believe PostFix can, but it appears my > server is currently accepting everything that is sent to it, processing it > and then sending out a bounce message. I do not want to receive anything on > my server until I determine it is something I want. I do not know if > MailScanner is able to be the sentry at the front door that I need. To me > it appears it is the sentry in the lobby rejecting the unwanted after it has > already entered the lobby. Bad for security... > > Thank you! > > Tom > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Mon Jul 25 01:54:25 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:24 2006 Subject: MailScanner functionality Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tom Carroll wrote: > I am curious as to the function chain of MailScanner. > > ... > > Can mailscanner do this for me? I believe PostFix can Most of what you describe is the job of the MTA and MS does not affect the operation of your MTA in any way. If you're confident with Postfix then use it as your MTA together with MS. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jul 25 02:07:26 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:24 2006 Subject: MailScanner functionality Message-ID: On Sun, 2005-07-24 at 14:31 -1000, Tom Carroll wrote: > > I run my own mail server with my own domain through dyndns. I have two > pre-teen children who have begun playing online games and chatting with > friends. I see the number of spam messages increasing and I want to put a > stop to the majority of the risk of having the system accepting dangerous > e-mails. > > Since this is my server and I am only serving to my family, I want to block > certain tld's from sending mail to us. I know the political backlash I can > get for stating this, but this system is private, therefore I do not have to > accept something if I do not want it. > > Can mailscanner do this for me? I believe PostFix can, but it appears my > server is currently accepting everything that is sent to it, processing it > and then sending out a bounce message. I do not want to receive anything on > my server until I determine it is something I want. I do not know if > MailScanner is able to be the sentry at the front door that I need. To me > it appears it is the sentry in the lobby rejecting the unwanted after it has > already entered the lobby. Bad for security... You can configure postfix to block directly and then use MailScanner for dealing with everything else ie. stop mail from certain countries at the MTA level and the check the content of the mail that gets past your initial blocks. I put this together after doing something vaguely similar: http://www.mneylon.com/blog/archives/2005/02/05/dnsbls-in-postfix/ HTH Michele -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Phone: 1850 927 280 Intl: +353 (0)59 9183072 Fax: +353 (0)59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Mon Jul 25 08:30:15 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:30:24 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.86.2 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] for information > > > -----Original Message----- > > From: clamav-announce-bounces@lists.clamav.net > > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf > > Of Luca Gibelli > > Sent: Monday, July 25, 2005 2:44 AM > > To: ClamAV Announce > > Subject: [Clamav-announce] announcing ClamAV 0.86.2 > > > > > > Dear ClamAV users, > > > > release 0.86.2 is available for download. > > Changes in this release include fixes for three possible > > integer overflows > > in libclamav, improved scanning of Cabinet and FSG compressed > > files, better > > database handling in clamav-milter, and others. > > > > We recommend that you upgrade your installation. > > > > -- > > The ClamAV team (http://www.clamav.net/team.html) > > > > -- > > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner > > PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 > > 5EFC 5582 > > PGP Key Available on: Key Servers || > > http://www.clamav.net/gpg/luca.gpg > > _______________________________________________ > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jul 25 09:18:12 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:24 2006 Subject: postfix problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sun, July 24, 2005 20:12, Mike Kercher wrote: > I answered one of my own questions: > > -rw------- 1 root root 64 Jul 24 12:52 MS.bayes.rebuild.lock > > already existed from (I assume) earlier when I was still running sendmail > on > this box. I deleted that lock file and the error went away. I'll keep > plugging on the razor-agent.log file Mike You need to tell razor where to log, other wise it logs to the home directory of user it is running as (The Postfix queue directory). There have been several posts to the list about this so it would be worth searching the list to fix it as it has been known to cause Postfix to stall. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 25 09:26:32 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:24 2006 Subject: Disclaimer only for outgoing mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: > Where would the actual disclaimer be placed? > > On 6/16/05, *Rakesh* > wrote: > > Rainer Blaes wrote: > > > Dear experts, > > we are using the "Sign clean message" feature to add our firm's > > Disclaimer/footer to each mail. > > It's working quite well but has of course the effect that also the > > incoming mails carry this text. > > Is there any way within Mailscanner.conf to restrict the Disclaimer > > attachment only to our outgoing mail? > > > > Many thanks in advance! > > Oh boy you have got a really big disclaimer :-) > > the solution to your prob > > Sign Clean Messages = %rules-dir%/disclaimer.rules > > In disclaimer.rules if you want to put disclaimers for outgoing mails > only then > > From: yourdomain.com And To: yourdomain.com > no > FromOrTo: default yes > > > In this mails having from address as "yourdomain.com > " to > "yourdomain.com " will not have disclaimers, > but from "yourdomain.com " > to "yahoo.com " will have disclaimer. > > Incase of Multiple Recipients, the default rules will apply.... i.e. > disclaimer will be attached provided you have > > Use Default Rules With Multiple Recipients = yes > > Rakesh > Devon this is in reports/en/inline.sig.html and inline.sig.txt. If you are not using English as the language then replace 'en' with 'fr' or whatever you need. -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jul 25 09:28:01 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:24 2006 Subject: PostFix/Pipe Problem - SOLUTION Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Sun, July 24, 2005 22:52, Tom Carroll wrote: > I figured out my problem after surfing on Google some more. I found that > someone who was trying to use amvis was having some similar log entries in > their maillog concerning the transport error. > > They found two entries in their main.cf file. "Local_Transport = Local" > and > "Virtual_Transport = Virtual". They commented out/removed the > "Local_Transport" entry and their setup worked fine. > > There were no transport entries in my main.cf file to start with. I shut > down mailscanner and added the "Virtual_Transport = Virtual" into the > main.cf and restarted and the forced the requeue of all the mail using > "postsuper -r ALL" command. Nothing weird showed up in the log, but I > couldn't see the mail anywhere. It looked like it went off into the > bit-bucket. So, I shutdown mailscanner again and changed the entry in > main.cf to "Local_Transport = Local", restarted MailScanner and requeued > again with postsuper. All my mail was delivered to their queues. > > It appears everything is working now. I have no idea why ccfilter was > being > used because I never had that filter installed. > > I will monitor it and if this is the fix I will ask that the How-to be > updated after someone can test this theory... > > Thanks for all your help! Tom Just to cover your confusion. The local delivery agent is the process used to deliver mail to local mail files (Either Maildir or UNIX style mailbox). In your instance your users are 'local' (i.e. they have their mailboxes hosted on the local machine). If you ever host domains where your box is just a gateway (See the wiki for further details) then you will be using the virtual delivery agent which requires you to explicity define both the user and the domain that Postfix will accept. Further reading on this can be done here http://www.postfix.org/OVERVIEW.html#delivering which explains it much better ;-) Glad things are working now. Enjoy! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Mon Jul 25 10:33:02 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:30:24 2006 Subject: Bogus MS 'critical update' Message-ID: I have just had a bogus Microsoft update slip through the net. Is there a rule to combat these? In any case, here's the info in case it's of use: From: MS Technical Services [fdgekwamzwrzj@technet.com] Subject line: "Newest Microsoft Critical Pack" The attachment was "Upgrade9591.exe" Here's the body, minus HTML formatting: Microsoft All Products | Support | Search | Microsoft.com Guide Microsoft Home MS Customer this is the latest version of security update, the "July 2005, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to continue keeping your computer secure from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your computer. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Choose Yes on displayed dialog box. How to use You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us. Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. ---------------------------------------------------------------------------- ---- The names of the actual companies and products mentioned herein are the trademarks of their respective owners. Contact Us | Legal | TRUSTe C2005 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jul 25 11:30:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:24 2006 Subject: Bogus MS 'critical update' Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nigel kendrick wrote: > I have just had a bogus Microsoft update slip through the net. Is there a > rule to combat these? In any case, here's the info in case it's of use: > > > From: MS Technical Services [fdgekwamzwrzj@technet.com] > Subject line: "Newest Microsoft Critical Pack" > The attachment was "Upgrade9591.exe" > > Here's the body, minus HTML formatting: > > Microsoft All Products | Support | Search | Microsoft.com Guide > Microsoft Home > > MS Customer > > this is the latest version of security update, the "July 2005, Cumulative > Patch" update which eliminates all known security vulnerabilities affecting > MS Internet Explorer, MS Outlook and MS Outlook Express as well as three > newly discovered vulnerabilities. Install now to continue keeping your > computer secure from these vulnerabilities, the most serious of which could > allow an malicious user to run executable on your computer. This update > includes the functionality of all previously released patches. > > > System requirements Windows 95/98/Me/2000/NT/XP > This update applies to MS Internet Explorer, version 4.01 and later > MS Outlook, version 8.00 and later > MS Outlook Express, version 4.01 and later > Recommendation Customers should install the patch at the earliest > opportunity. > How to install Run attached file. Choose Yes on displayed dialog box. > How to use You don't need to do anything after installing this item. > > Microsoft Product Support Services and Knowledge Base articles can be found > on the Microsoft Technical Support web site. For security-related > information about Microsoft products, please visit the Microsoft Security > Advisor web site, or Contact Us. > > Thank you for using Microsoft products. > > Please do not reply to this message. It was sent from an unmonitored e-mail > address and we are unable to respond to any replies. > Nigel what's the attachment and what Anti-virus are you running. By defauly MS should block .exe's so have you 'tweaked' the filetype scanning on your system?? -- -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Mon Jul 25 12:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:24 2006 Subject: MailScanner functionality Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tom Carroll wrote on Sun, 24 Jul 2005 14:31:41 -1000: > Can mailscanner do this for me? No, your MTA (mail server) is responsible for that. All that I know can do this. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Mon Jul 25 12:15:31 2005 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:30:24 2006 Subject: Bogus MS 'critical update' - PANIC OVER Message-ID: >Nigel > >what's the attachment and what Anti-virus are you running. By defauly MS >should block .exe's so have you 'tweaked' the filetype scanning on your >system?? Duh - this was picked up by Outlook from a third party mail server, but due to a rules error on my part it ended up in the wrong inbox folder and I didn't notice that it didn't come through our server. I have just sent myself an .exe and it was blocked. Getting another strong coffee right now... Thanks Nigel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jul 25 14:20:26 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:24 2006 Subject: postfix problem Message-ID: I found the answer to that one yesterday too. For some reason, when I install razor, it doesn't create the /etc/razor directory (which is where razor looks for its files by default). I moved everything from /root/.razor to /etc/razor and modified the razor-agent.conf for logging and the problem went away. Thanks! Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: Monday, July 25, 2005 3:18 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: postfix problem On Sun, July 24, 2005 20:12, Mike Kercher wrote: > I answered one of my own questions: > > -rw------- 1 root root 64 Jul 24 12:52 MS.bayes.rebuild.lock > > already existed from (I assume) earlier when I was still running > sendmail on this box. I deleted that lock file and the error went > away. I'll keep plugging on the razor-agent.log file Mike You need to tell razor where to log, other wise it logs to the home directory of user it is running as (The Postfix queue directory). There have been several posts to the list about this so it would be worth searching the list to fix it as it has been known to cause Postfix to stall. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jul 25 14:27:53 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:24 2006 Subject: postfix problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: > I found the answer to that one yesterday too. For some reason, when I > install razor, it doesn't create the /etc/razor directory (which is where > razor looks for its files by default). I moved everything from /root/.razor > to /etc/razor and modified the razor-agent.conf for logging and the problem > went away. > > Thanks! > > Mike > It *might* make an annoying guest appearance again, to solve the problem permanently add the following to: spam.assassin.prefs.conf ======================== razor_config /etc/razor/razor-agent.conf /etc/razor/razor-agent.conf ============================ razorhome = /etc/razor - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jul 25 14:31:19 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:30:24 2006 Subject: postfix problem Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy > Sent: Monday, July 25, 2005 15:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: postfix problem > > Mike Kercher wrote: > > I found the answer to that one yesterday too. For some > reason, when I > > install razor, it doesn't create the /etc/razor directory (which is > > where razor looks for its files by default). I moved > everything from > > /root/.razor to /etc/razor and modified the razor-agent.conf for > > logging and the problem went away. > > > > Thanks! > > > > Mike > > > > It *might* make an annoying guest appearance again, to solve > the problem permanently add the following to: > > spam.assassin.prefs.conf > ======================== > razor_config /etc/razor/razor-agent.conf > > /etc/razor/razor-agent.conf > ============================ > razorhome = /etc/razor > > - dhawal Dhawal, I strong object and vote AGAINST making this change to the standard spam.assassin.prefs.conf. This change will break at ANY system, where razor does not have it's standard configuration files in /etc/razor, like FreeBSD or Solaris. Probably more systems are affected as well. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jul 25 14:48:15 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:25 2006 Subject: postfix problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, July 25, 2005 14:31, Adri Koppes wrote: >> >> It *might* make an annoying guest appearance again, to solve >> the problem permanently add the following to: >> >> spam.assassin.prefs.conf >> =======================> razor_config /etc/razor/razor-agent.conf >> >> /etc/razor/razor-agent.conf >> ===========================> razorhome = /etc/razor >> >> - dhawal > > Dhawal, > > I strong object and vote AGAINST making this change to the standard > spam.assassin.prefs.conf. > This change will break at ANY system, where razor does not have it's > standard configuration files in /etc/razor, like FreeBSD or Solaris. > Probably more systems are affected as well. > > Adri. Adri I don't think that's what Dhawal meant. Individuals should change their spam.assasin.prefs.conf to match the above (If the paths are applicable). I don't think he was suggesting the default file should be changed. There are not enough of us Postfix & MailScanner users out there for world domination (Yet!). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jul 25 14:50:26 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:25 2006 Subject: postfix problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Adri Koppes wrote: >> >>It *might* make an annoying guest appearance again, to solve >>the problem permanently add the following to: >> >>spam.assassin.prefs.conf >>======================== >>razor_config /etc/razor/razor-agent.conf >> >>/etc/razor/razor-agent.conf >>============================ >>razorhome = /etc/razor >> >>- dhawal > > > Dhawal, > > I strong object and vote AGAINST making this change to the standard > spam.assassin.prefs.conf. > This change will break at ANY system, where razor does not have it's > standard configuration files in /etc/razor, like FreeBSD or Solaris. > Probably more systems are affected as well. > > Adri. > I don't intend making this a standard at all, rather i was suggesting that this be specific to Mike's setup. for instance mine is: razor_config /etc/mail/spamassassin/.razor/razor-agent.conf and razorhome = /etc/mail/spamassassin/.razor - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jul 25 14:53:41 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:30:25 2006 Subject: postfix problem Message-ID: > On Mon, July 25, 2005 14:31, Adri Koppes wrote: > >> > >> It *might* make an annoying guest appearance again, to solve the > >> problem permanently add the following to: > >> > >> spam.assassin.prefs.conf > >> =======================> razor_config /etc/razor/razor-agent.conf > >> > >> /etc/razor/razor-agent.conf > >> ===========================> razorhome = /etc/razor > >> > >> - dhawal > > > > Dhawal, > > > > I strong object and vote AGAINST making this change to the standard > > spam.assassin.prefs.conf. > > This change will break at ANY system, where razor does not > have it's > > standard configuration files in /etc/razor, like FreeBSD or Solaris. > > Probably more systems are affected as well. > > > > Adri. > > Adri > > I don't think that's what Dhawal meant. Individuals should > change their spam.assasin.prefs.conf to match the above (If > the paths are applicable). > I don't think he was suggesting the default file should be > changed. There are not enough of us Postfix & MailScanner > users out there for world domination (Yet!). > > Drew Drew, For individual users, this will solve their problem. Perhaps this should be added to the FAQ or Wiki, but certainly not as a standard. The change can be made either in spam.assassin.prefs.conf or in the spamassassin local.cf, depending on whether you like it to apply only when MailScanner uses SpamAssassin or systemwide for all use of SpamAssassin. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Mon Jul 25 14:54:44 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:30:25 2006 Subject: postfix problem Message-ID: > Adri Koppes wrote: > >> > >>It *might* make an annoying guest appearance again, to solve the > >>problem permanently add the following to: > >> > >>spam.assassin.prefs.conf > >>======================== > >>razor_config /etc/razor/razor-agent.conf > >> > >>/etc/razor/razor-agent.conf > >>============================ > >>razorhome = /etc/razor > >> > >>- dhawal > > > > > > Dhawal, > > > > I strong object and vote AGAINST making this change to the standard > > spam.assassin.prefs.conf. > > This change will break at ANY system, where razor does not > have it's > > standard configuration files in /etc/razor, like FreeBSD or Solaris. > > Probably more systems are affected as well. > > > > Adri. > > > > I don't intend making this a standard at all, rather i was > suggesting that this be specific to Mike's setup. > > for instance mine is: > razor_config /etc/mail/spamassassin/.razor/razor-agent.conf > and > razorhome = /etc/mail/spamassassin/.razor > > - dhawal Dhawal, Sorry I misunderstood you. I'm glad we're on the same line here. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jul 25 14:54:47 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:25 2006 Subject: postfix problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: > > Adri > > I don't think that's what Dhawal meant. Individuals should change their > spam.assasin.prefs.conf to match the above (If the paths are applicable). > I don't think he was suggesting the default file should be changed. There > are not enough of us Postfix & MailScanner users out there for world > domination (Yet!). talking of world domination!! i liked the IPBlock documentation on the old faq-o-matic where it talked about world domination. http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Mon Jul 25 14:59:36 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:25 2006 Subject: Bogus MS 'critical update' - PANIC OVER Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nigel kendrick wrote: >>Nigel >> >>what's the attachment and what Anti-virus are you running. By defauly MS >>should block .exe's so have you 'tweaked' the filetype scanning on your >>system?? >> >> > >Duh - this was picked up by Outlook from a third party mail server, but due >to a rules error on my part it ended up in the wrong inbox folder and I >didn't notice that it didn't come through our server. > >I have just sent myself an .exe and it was blocked. > >Getting another strong coffee right now... > >Thanks > >Nigel > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > In any case the grammatical errors and inconsistent writing style should have given it away as bogus... :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Jul 25 15:36:28 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:25 2006 Subject: PostFix/Pipe problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] (snip) > I have done a grep of nearly every file on my system and I cannot find any > other config file that has the ccfilter string in it except the master.cf, > and it is commented out. I had a moment of clarity and decided to grep the > deferred queue, and low-and-behold, each message in the deferred queue has a > ccfilter entry in it. Any idea why? Can I manually edit each message and > delete that string so it can be delivered to its destination? > (snip) Ok, that's an artefact from the initial (wrong) config then. I assume you've tried "postsuper -r ALL" without success? If so, all I can think of that would potentially "fix" things for those messages would be to manually (hex-)edit the files... A PITA, if you ask me:). Or just read them with postcat and "recreate the messages" from that (shouldn't be _too_ complicated a shell-wrapper:-). DISCLAIMER: I'm just back from vacation, so head might not be screwed on right/tight, nor brain turned on...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Jul 25 16:24:27 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:25 2006 Subject: postfix problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/7/25, Dhawal Doshy : > Drew Marshall wrote: > > (snip) > > There > > are not enough of us Postfix & MailScanner users out there for world > > domination (Yet!). > > talking of world domination!! i liked the IPBlock documentation on the > old faq-o-matic where it talked about world domination. > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/239.html > > - dhawal Yep, it's too little about World Domination in the wiki.... We'll have to do something about that.... Or have Jeff do it (again:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 25 16:26:52 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:25 2006 Subject: Tons of 1.txt messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall wrote: ----elrddgzjoshelqmabgkc-- >>> > > So what are they? I guess they are Spam as they are unsolicited but I > guess they are not a virus (Or are they the outcasting from a virus)? I > don't remember reading any reports about this type of file. > > Drew > Apparently, sent from systems compromised by on of the Bagel trojans, http://isc.sans.org//index.php?up=toptrends -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dstraka at caspercollege.edu Mon Jul 25 16:52:10 2005 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: Does anyone know of a simple script that will produce statistics from the maillog file? I'm interested in seeing estimates of how many spams are identified by MS and how many might be getting through and total incoming mail volume...that sort of stuff. Thanks, Dan Dan Straka Academic Systems Specialist Casper College (307) 268-2399 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgbmtom at SPAMCOP.NET Mon Jul 25 17:26:32 2005 From: cgbmtom at SPAMCOP.NET (Tom Carroll) Date: Thu Jan 12 21:30:25 2006 Subject: PostFix/Pipe problem Message-ID: On Monday, July 25, 2005 4:36 AM Glenn Steen wrote: > (snip) > > I have done a grep of nearly every file on my system and I cannot find > any > > other config file that has the ccfilter string in it except the > master.cf, > > and it is commented out. I had a moment of clarity and decided to grep > the > > deferred queue, and low-and-behold, each message in the deferred queue > has a > > ccfilter entry in it. Any idea why? Can I manually edit each message > and > > delete that string so it can be delivered to its destination? > > > (snip) > Ok, that's an artefact from the initial (wrong) config then. > I assume you've tried "postsuper -r ALL" without success? If so, all I > can think of that would potentially "fix" things for those messages > would be to manually (hex-)edit the files... A PITA, if you ask me:). > Or just read them with postcat and "recreate the messages" from that > (shouldn't be _too_ complicated a shell-wrapper:-). Actually once I found my solution it was a piece of cake! It was an artifact of the old config. > DISCLAIMER: I'm just back from vacation, so head might not be screwed > on right/tight, nor brain turned on...:-) Heh, I know the feeling! Thanks! Tom ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Jul 25 17:28:47 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:25 2006 Subject: Bogus MS 'critical update' - PANIC OVER Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans spake the following on 7/25/2005 6:59 AM: > Nigel kendrick wrote: > > >>>Nigel >>> >>>what's the attachment and what Anti-virus are you running. By defauly MS >>>should block .exe's so have you 'tweaked' the filetype scanning on your >>>system?? >>> >>> >> >>Duh - this was picked up by Outlook from a third party mail server, but due >>to a rules error on my part it ended up in the wrong inbox folder and I >>didn't notice that it didn't come through our server. >> >>I have just sent myself an .exe and it was blocked. >> >>Getting another strong coffee right now... >> >>Thanks >> >>Nigel >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > In any case the grammatical errors and inconsistent writing style should > have given it away as bogus... :) > The biggest giveaway is that Microsoft NEVER mails updates to customers with attachments. They are only pushed through the windows update channels. http://www.microsoft.com/security/incident/authenticate_mail.mspx -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Jul 25 17:31:21 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: > Does anyone know of a simple script that will produce statistics from > the maillog file? I'm interested in seeing estimates of how many spams > are identified by MS and how many might be getting through and total > incoming mail volume...that sort of stuff. > > Thanks, > > Dan > > Dan Straka > Academic Systems Specialist > Casper College > (307) 268-2399 > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:related_software:management See MailWatch, mailscanner-mrtg and vispan (I'm currently writing the mailscanner-mrtg and vispan part). -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jul 25 17:57:03 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: Ugo Bellavance <> scribbled on 25 July 2005 17:31: > > (I'm currently writing the mailscanner-mrtg and vispan part). I'd second Ugo. We've been using Vispan for months and are very happy with the stats Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajd at ADAVIES.NET Mon Jul 25 18:38:19 2005 From: ajd at ADAVIES.NET (Alan Davies) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Mike and Kai, Ok, stay with me, I'm fairly new to Linux. I was able to run cpan and update the version of perl on the system. Of course now when I try to run the ./install.sh it tells me that I have two versions of perl no my system and to "get rid" of any traces in /usr/local. I did that, and it still tells me I have two versions running. I tried to use the ignore-perl switch, it seems to run through the install scripts, and then when I try to start the services is gives me a new error with new Begin Failed messages. Any help is appreciated, Alan ---------------------------------------------- Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. You appear to have 2 versions of Perl installed, the normal one in /usr/bin and one in /usr/local. This often happens if you have used CPAN to install modules. I strongly advise you remove all traces of perl from within /usr/local and then run this script again. If you do not want to do that, and really want to continue, then you will need to run this script as ./install.sh ignore-perl -------------------------------------------------------------- Starting MailScanner daemons: incoming sendmail: ok outgoing sendmail: ok MailScanner: Can't locate bytes.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. ok Mike Kercher wrote: >You can try installing Net:CIDR from CPAN: > >perl -MCPAN -e shell > >install Net::CIDR > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Alan Davies >Sent: Sunday, July 24, 2005 12:46 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS > >Hi, I'm new to this forum. I've recently starting have problems with SPAM >and found MailScanner as a solution. However . . . I'm having problems and >am looking for some help. I've been over the FAQ page and didn't find >anything of use. > >I'm trying to install mailscanner to a RAQ 4 with a standard RAQ RH OS and >patches. It's running PERL 5. It seems to run the install fine, but when I >try to start the services it gives me the following error. >Any help is appreciated. > >[root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop Shutting down >Mail Service: sendmail ok [root MailScanner-4.43.8-1]# >/etc/rc.d/init.d/sendmail stop Shutting down Mail Service: ERROR! >[root MailScanner-4.43.8-1]# /etc/rc.d/init.d/MailScanner start Starting >MailScanner daemons: > incoming sendmail: ok > outgoing sendmail: ok > MailScanner: Can't locate Net/CIDR.pm in @INC (@INC >contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux >/usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux >/usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at >/usr/lib/MailScanner/MailScanner/Config.pm line 34. >BEGIN failed--compilation aborted at >/usr/lib/MailScanner/MailScanner/Config.pm line 34. >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. >ok >[root MailScanner-4.43.8-1]# > >Thanks in advance, >Alan > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jul 25 19:32:15 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: Upgrading perl itself was probably not a good idea on a RAQ as the admin interface/scripts are all perl based. Have you considered a more recent hosting platform? Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Alan Davies Sent: Monday, July 25, 2005 12:38 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Hi Mike and Kai, Ok, stay with me, I'm fairly new to Linux. I was able to run cpan and update the version of perl on the system. Of course now when I try to run the ./install.sh it tells me that I have two versions of perl no my system and to "get rid" of any traces in /usr/local. I did that, and it still tells me I have two versions running. I tried to use the ignore-perl switch, it seems to run through the install scripts, and then when I try to start the services is gives me a new error with new Begin Failed messages. Any help is appreciated, Alan ---------------------------------------------- Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. You appear to have 2 versions of Perl installed, the normal one in /usr/bin and one in /usr/local. This often happens if you have used CPAN to install modules. I strongly advise you remove all traces of perl from within /usr/local and then run this script again. If you do not want to do that, and really want to continue, then you will need to run this script as ./install.sh ignore-perl -------------------------------------------------------------- Starting MailScanner daemons: incoming sendmail: ok outgoing sendmail: ok MailScanner: Can't locate bytes.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. ok Mike Kercher wrote: >You can try installing Net:CIDR from CPAN: > >perl -MCPAN -e shell > >install Net::CIDR > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Alan Davies >Sent: Sunday, July 24, 2005 12:46 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated >OS > >Hi, I'm new to this forum. I've recently starting have problems with >SPAM and found MailScanner as a solution. However . . . I'm having >problems and am looking for some help. I've been over the FAQ page and >didn't find anything of use. > >I'm trying to install mailscanner to a RAQ 4 with a standard RAQ RH OS >and patches. It's running PERL 5. It seems to run the install fine, >but when I try to start the services it gives me the following error. >Any help is appreciated. > >[root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop Shutting >down Mail Service: sendmail ok [root MailScanner-4.43.8-1]# >/etc/rc.d/init.d/sendmail stop Shutting down Mail Service: ERROR! >[root MailScanner-4.43.8-1]# /etc/rc.d/init.d/MailScanner start >Starting MailScanner daemons: > incoming sendmail: ok > outgoing sendmail: ok > MailScanner: Can't locate Net/CIDR.pm in @INC (@INC >contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux >/usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux >/usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at >/usr/lib/MailScanner/MailScanner/Config.pm line 34. >BEGIN failed--compilation aborted at >/usr/lib/MailScanner/MailScanner/Config.pm line 34. >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. >ok >[root MailScanner-4.43.8-1]# > >Thanks in advance, >Alan > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajd at ADAVIES.NET Mon Jul 25 19:46:49 2005 From: ajd at ADAVIES.NET (Alan Davies) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The admin interface seems to be working, so I'm not entirely convinced that perl 5.0 is not what the system is still using, to me it looks like both are installed, but cpan put the install of perl 5.8 in another location. I have not considered moving to a different platform until now. I've heard of people running Debian, but I'm not as familiar with it as RH. Do you have a suggestion? Alan Mike Kercher wrote: >Upgrading perl itself was probably not a good idea on a RAQ as the admin >interface/scripts are all perl based. Have you considered a more recent >hosting platform? > >Mike > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Alan Davies >Sent: Monday, July 25, 2005 12:38 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated >OS > >Hi Mike and Kai, > >Ok, stay with me, I'm fairly new to Linux. I was able to run cpan and >update the version of perl on the system. Of course now when I try to run >the ./install.sh it tells me that I have two versions of perl no my system >and to "get rid" of any traces in /usr/local. I did that, and it still >tells me I have two versions running. I tried to use the ignore-perl >switch, it seems to run through the install scripts, and then when I try to >start the services is gives me a new error with new Begin Failed messages. > >Any help is appreciated, >Alan > >---------------------------------------------- >Good. You have the patch command. > >Good, you have /usr/src/redhat in place. > >Good, unpackaged files will not break the build process. > >You appear to have 2 versions of Perl installed, the normal one in /usr/bin >and one in /usr/local. >This often happens if you have used CPAN to install modules. >I strongly advise you remove all traces of perl from within /usr/local and >then run this script again. > >If you do not want to do that, and really want to continue, then you will >need to run this script as > ./install.sh ignore-perl > >-------------------------------------------------------------- >Starting MailScanner daemons: > incoming sendmail: ok > outgoing sendmail: ok > MailScanner: Can't locate bytes.pm in @INC (@INC >contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux >/usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux >/usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at >/usr/lib/MailScanner/MailScanner/Log.pm line 139. >BEGIN failed--compilation aborted at >/usr/lib/MailScanner/MailScanner/Log.pm line 139. >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. >ok > > >Mike Kercher wrote: > > > >>You can try installing Net:CIDR from CPAN: >> >>perl -MCPAN -e shell >> >>install Net::CIDR >> >>Mike >> >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Alan Davies >>Sent: Sunday, July 24, 2005 12:46 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated >>OS >> >>Hi, I'm new to this forum. I've recently starting have problems with >>SPAM and found MailScanner as a solution. However . . . I'm having >>problems and am looking for some help. I've been over the FAQ page and >>didn't find anything of use. >> >>I'm trying to install mailscanner to a RAQ 4 with a standard RAQ RH OS >>and patches. It's running PERL 5. It seems to run the install fine, >>but when I try to start the services it gives me the following error. >>Any help is appreciated. >> >>[root MailScanner-4.43.8-1]# /etc/rc.d/init.d/sendmail stop Shutting >>down Mail Service: sendmail ok [root MailScanner-4.43.8-1]# >>/etc/rc.d/init.d/sendmail stop Shutting down Mail Service: ERROR! >>[root MailScanner-4.43.8-1]# /etc/rc.d/init.d/MailScanner start >>Starting MailScanner daemons: >> incoming sendmail: ok >> outgoing sendmail: ok >> MailScanner: Can't locate Net/CIDR.pm in @INC (@INC >>contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux >>/usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux >>/usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at >>/usr/lib/MailScanner/MailScanner/Config.pm line 34. >>BEGIN failed--compilation aborted at >>/usr/lib/MailScanner/MailScanner/Config.pm line 34. >>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. >>ok >>[root MailScanner-4.43.8-1]# >> >>Thanks in advance, >>Alan >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >>------------------------ MailScanner list ------------------------ To >>unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >>archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >> >> > >------------------------ MailScanner list ------------------------ To >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jul 25 19:53:10 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: On Mon, 2005-07-25 at 11:46 -0700, Alan Davies wrote: > The admin interface seems to be working, so I'm not entirely convinced > that perl 5.0 is not what the system is still using, to me it looks like > both are installed, but cpan put the install of perl 5.8 in another > location. If both versions of Perl are installed then your RAQ should work fine > > I have not considered moving to a different platform until now. I've > heard of people running Debian, but I'm not as familiar with it as RH. > Do you have a suggestion? I'd recommend DirectAdmin as a control panel Distro-wise you might consider Centos Michele -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Phone: 1850 927 280 Intl: +353 (0)59 9183072 Fax: +353 (0)59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Mon Jul 25 20:08:39 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele Neylon :: Blacknight Sent: Monday, July 25, 2005 1:53 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS On Mon, 2005-07-25 at 11:46 -0700, Alan Davies wrote: > The admin interface seems to be working, so I'm not entirely convinced > that perl 5.0 is not what the system is still using, to me it looks > like both are installed, but cpan put the install of perl 5.8 in > another location. If both versions of Perl are installed then your RAQ should work fine > > I have not considered moving to a different platform until now. I've > heard of people running Debian, but I'm not as familiar with it as RH. > Do you have a suggestion? I'd recommend DirectAdmin as a control panel Distro-wise you might consider Centos Michele -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Phone: 1850 927 280 Intl: +353 (0)59 9183072 Fax: +353 (0)59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the Agreed...CentOS is a free distro based on RH Enterprise. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Mon Jul 25 20:11:01 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:30:25 2006 Subject: ClamAV Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://www.eweek.com/article2/0,1895,1840437,00.asp -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Mon Jul 25 20:32:05 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:30:25 2006 Subject: per-worker SQL in a Custom Function ? Message-ID: Hi, I've been looking at the MailWatch.pm in mailwatch-1.0.1. (I'm aware of the history, but may not have entirely understood) I got to wondering ... Why not just a have a persistent connection per worker? Through trial and error, it seems to me that if I make my connection $dbh = DBI->connect() then $dbh will be defined for the rest of the lifetime of the thread, but that it will only $dbh->ping for the remainder of the batch. This with only one worker: same pid for different batches, no other workers. I haven't yet figured out what happens at the end of the batch. Can anyone fill me in? Very likely its just something silly in my code. I can post or email it if anyone is interested. Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at TIPPINGMAR.COM Mon Jul 25 23:22:46 2005 From: mark at TIPPINGMAR.COM (Mark Nienberg) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Daniel Straka wrote: >Does anyone know of a simple script that will produce statistics from >the maillog file? I'm interested in seeing estimates of how many spams >are identified by MS and how many might be getting through and total >incoming mail volume...that sort of stuff. > > If you already use logwatch then upgrading to a recent version will give you a mailscanner module for basic stats. -- Mark Nienberg, SE Tipping Mar + associates 1906 Shattuck Ave Berkeley, CA 94704 (510) 549-1906 ext 236 http://www.tippingmar.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Mon Jul 25 23:35:22 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There is a program called Vispan that will even block spammers via the iptables or /etc/access it also creates pages of stats, virus, spam which rules sets , amount of mail etc etc etc .. http://www.while.homeunix.net/mailstats/ ----- Original Message ----- From: "Mark Nienberg" To: Sent: Monday, July 25, 2005 3:22 PM Subject: Re: maillog analysis tool? > Daniel Straka wrote: > > >Does anyone know of a simple script that will produce statistics from > >the maillog file? I'm interested in seeing estimates of how many spams > >are identified by MS and how many might be getting through and total > >incoming mail volume...that sort of stuff. > > > > > If you already use logwatch then upgrading to a recent version will give > you a mailscanner module for basic stats. > > -- > Mark Nienberg, SE > Tipping Mar + associates > 1906 Shattuck Ave > Berkeley, CA 94704 > (510) 549-1906 ext 236 > http://www.tippingmar.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Tue Jul 26 07:41:09 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: Is a check on a valid SMIME signature possible within MS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all together, I am in the process of evaluation on Mailscanner and am very much excited about the abilities. As our company is using S/MIME Signatures to verify the identity of senders that are allowed to send mail to certain mailinglists, I wonder wether it was possible to integrate these checks into MailScanner. Does anybody know about an extension, that could be helpfull?? Thanks Norbert -------------------------------------- IS-Teledata AG Stollwerckstr. 7 D-51149 Köln Germany [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From KevinS at BMRB.CO.UK Tue Jul 26 10:10:11 2005 From: KevinS at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:30:25 2006 Subject: Is a check on a valid SMIME signature possible within MS Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You might be better off doing that in your underlying MTA if possible (maybe with a milter or similar) ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Norbert Schmidt Sent: 26 July 2005 07:41 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Is a check on a valid SMIME signature possible within MS Hi all together, I am in the process of evaluation on Mailscanner and am very much excited about the abilities. As our company is using S/MIME Signatures to verify the identity of senders that are allowed to send mail to certain mailinglists, I wonder wether it was possible to integrate these checks into MailScanner. Does anybody know about an extension, that could be helpfull?? Thanks Norbert -------------------------------------- IS-Teledata AG Stollwerckstr. 7 D-51149 Köln Germany ================================================================= BMRB http://www.bmrb.co.uk This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accept no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jul 26 10:57:45 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:25 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kai Schaetzl wrote: > Dhawal Doshy wrote on Sat, 23 Jul 2005 22:31:14 +0530: > > >>5. Use some distribution system at your facility to use this as the >>starter training data for all thunderbird users. > > > Wouldn't it be easier to just distribute the changes users have to do now > manually? (Add some rule filing certain headers to folder spam.) > > Kai > Am certain that i am absolutely unsure.. what i suggested was a result of some googling around the thunderbird forums. I haven't tried this at home and neither would i want to. I was just trying to spam someone with unsolicited advice. Alex: did you try this? can you post your feedback? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 26 13:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Parsons wrote on Mon, 25 Jul 2005 15:35:22 -0700: > http://www.while.homeunix.net/mailstats/ is 2.0.2 the latest version? When I look at the example page that says it got produced by 2.0.3 which links back to the 2.0.2 page under the URL above. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 26 13:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alan Davies wrote on Mon, 25 Jul 2005 10:38:19 -0700: > You appear to have 2 versions of Perl installed, > the normal one in /usr/bin and one in /usr/local. If they are in two distinct directories, that's good. You can run *this* perl or *that* perl. You should have the old Perl at /usr/bin/perl and the new one at /usr/local/perl or /usr/local/bin/perl. Is it like this? If so that means you have to call the "second" perl with the complete path if you want to use it. Or you can put a symlink at /usr/bin/perl2 f.i. to call it that way or replace the original /usr/bin/perl (which could break other things on your RAQ, though, so I wouldn't do that). > This often happens if you have used CPAN to install modules. > I strongly advise you remove all traces of perl from > within /usr/local and then run this script again. > > If you do not want to do that, and really want to continue, > then you will need to run this script as > ./install.sh ignore-perl Hm, I don't know what that does but it seems to ignore the "second" perl, so it doesn't make a difference that you installed a newer one. ;-) I don't know how to tell MailScanner to use a specific Perl. Julian might be able to tell this. Or it's explained somewhere in the install documents, I never had this problem, so I don't know. > MailScanner: Can't locate bytes.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux > /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux > /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScanner/Log.pm line 139. As you can see, that's still all the "old" directories, so your freshly installed Perl doesn't get used. You obviously installed Net::CIDR, so that MailScanner doesn't bark anymore about this. Now you hit the next missing module or file. I don't know what "bytes.pm" is. You have to identify which package it belongs to. Did you install all MailScanner prerequisites? This are at least all the rpm packages coming in the rpm distribution files. Either install these rpms (if advisable on your RAQ, I don't know) or install the modules via CPAN. (You can get info about the modules within the cpan shell with "m modulename", "b bundlename" etc., very easy. For identification of modules or even contained files you can search the database at cpan.perl.org. Each time you hit a missing module/file you have to check if you can install it. With some of them there won't be any other choice of renewing the Perl installation as well. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Tue Jul 26 13:33:47 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2.0.2 is the latest released version - I am still working on 2.0.3 -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl Sent: 26 July 2005 13:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: maillog analysis tool? Philip Parsons wrote on Mon, 25 Jul 2005 15:35:22 -0700: > http://www.while.homeunix.net/mailstats/ is 2.0.2 the latest version? When I look at the example page that says it got produced by 2.0.3 which links back to the 2.0.2 page under the URL above. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Tue Jul 26 13:54:35 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:30:25 2006 Subject: MCP on a per domain basis Message-ID: This page (http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/) seems to suggest that there is no way for MCP to be used based on a supplied ruleset. Am I right in thinking this? If so are there any plans for adding this as a feature? If not can anyone point me to the right place? Many thanks, Richard ----------------------- This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Tue Jul 26 13:57:16 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: Is a check on a valid SMIME signature possible within MS Message-ID: Hi, I am using postfix as MTA, as far as I know, a milter is a sendmail technology. I couldn't find a tool that does something similar with postfix. As MS does check on encryption, I thought it should be possible to check on smime signatures too, because it's all sort of open-ssl stuff. Maybe it would be possible to attach this functionality through the custom stuff... Any ideas?? Norbert MailScanner mailing list wrote on 26.07.2005 11:10:11: > You might be better off doing that in your underlying MTA if possible > (maybe with a milter or similar) > Norbert Schmidt wrote: > As our company is using S/MIME Signatures to verify the identity of > senders that are allowed to send mail to certain mailinglists, I wonder > wether it was possible to integrate these checks into MailScanner. > > Does anybody know about an extension, that could be helpfull?? [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Tue Jul 26 13:58:37 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does Vispan support postfix? David While wrote: > 2.0.2 is the latest released version - I am still working on 2.0.3 > > -------------------------------------------- > David While BSc CEng MBCS CITP > Department of Computing & Information > University of Central England > Tel: 0121 331 6211 > -------------------------------------------- > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl > Sent: 26 July 2005 13:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog analysis tool? > > Philip Parsons wrote on Mon, 25 Jul 2005 15:35:22 -0700: > > >>http://www.while.homeunix.net/mailstats/ > > > is 2.0.2 the latest version? When I look at the example page that says it > got produced by 2.0.3 which links back to the 2.0.2 page under the URL > above. > > Kai > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Tue Jul 26 14:00:08 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: Vispan is generic as far a possible and works mostly on MailScanner log entries. The only stats that wouldn't work are the number of mails rejected since this is MTA specific. -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell Sent: 26 July 2005 13:59 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: maillog analysis tool? Does Vispan support postfix? David While wrote: > 2.0.2 is the latest released version - I am still working on 2.0.3 > > -------------------------------------------- > David While BSc CEng MBCS CITP > Department of Computing & Information > University of Central England > Tel: 0121 331 6211 > -------------------------------------------- > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl > Sent: 26 July 2005 13:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog analysis tool? > > Philip Parsons wrote on Mon, 25 Jul 2005 15:35:22 -0700: > > >>http://www.while.homeunix.net/mailstats/ > > > is 2.0.2 the latest version? When I look at the example page that says it > got produced by 2.0.3 which links back to the 2.0.2 page under the URL > above. > > Kai > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Jul 26 14:04:39 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:25 2006 Subject: Is a check on a valid SMIME signature possible within MS Message-ID: > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Norbert Schmidt > Sent: 26 July 2005 07:41 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Is a check on a valid SMIME signature possible within MS > > > > Hi all together, > > I am in the process of evaluation on Mailscanner and am very much excited > about the abilities. > As our company is using S/MIME Signatures to verify the identity of > senders that are allowed to send mail to certain mailinglists, I wonder > wether it was possible to integrate these checks into MailScanner. > > Does anybody know about an extension, that could be helpfull?? > > Thanks > > Norbert > How have you implemented these checks currently? Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Jul 26 15:01:28 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:25 2006 Subject: off topic: postfix and email to multiple recipients Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Pete Russell wrote: > >> Hi Steve, dod yuou ever resolve this issue with postfix? I am really >> keen to fix this. >> >> I ran the smtpd_recipient_limit = 1 for a few weeks but a number of >> hosts start failing to send untill you increase the limit :( >> >> Any other ideas for fixing this in postfix? >> >> Heres hoping >> Pete >> > > This was discussed earlier without any conclusions and you were a part > of the thread.. Yeah i know, thats why i raised it again. > > One possible way i see it being done is a hack to split messages per > recipient after being deposited in the hold directory. A separate > process will pickup messages from /var/spool/postfix/hold, effectively > split them and then put them in another hold directory say > /var/spool/postfix/holdms (which can be used as the postfix incoming dir > parameter in MS.conf). Perhaps a plugin / custom function that can do > this (any perl gurus wanting to work on this?)?? > > In any case i see an increase in resources used since it'll require: > a. resources to effectively split the message and create an unique > queue-id for each message. > b. logging this split to syslog (IO) > c. to move messages (more IO) > d. MailScanner to work on more messages > > This functionality is also a TODO for amavisd-new (check towards the end > of this page http://www.ijs.si/software/amavisd/TODO.txt) > > Your best bet is to try what Ugo is doing.. evaluate exim ;-) > Personally i dont have a huge volume so i can deal with the extra load. I think that http://memberwebs.com/nielsen/software/proxsmtp/postfix.html instructions with content filter that does nothing, combined with the correct 'transport'_destination_recipient_limit=1 would allow postfix to receive bulk addressed email on smtpd, content filter, returned to the queue as individual messages? Yes, i am off to install exim (and RTFM)on my notebook now :( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Tue Jul 26 15:00:15 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David, I do not understand, I have Vispan v2.02 running on Postfix v2.1 and the stats appear to be updating correctly. Why do you say the "mails rejected" stats do not work? thanks Brad >>> David While 7/26/2005 8:00:08 AM >>> Vispan is generic as far a possible and works mostly on MailScanner log entries. The only stats that wouldn't work are the number of mails rejected since this is MTA specific. -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell Sent: 26 July 2005 13:59 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: maillog analysis tool? Does Vispan support postfix? David While wrote: > 2.0.2 is the latest released version - I am still working on 2.0.3 > > -------------------------------------------- > David While BSc CEng MBCS CITP > Department of Computing & Information > University of Central England > Tel: 0121 331 6211 > -------------------------------------------- > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl > Sent: 26 July 2005 13:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog analysis tool? > > Philip Parsons wrote on Mon, 25 Jul 2005 15:35:22 -0700: > > >>http://www.while.homeunix.net/mailstats/ > > > is 2.0.2 the latest version? When I look at the example page that says it > got produced by 2.0.3 which links back to the 2.0.2 page under the URL > above. > > Kai > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Tue Jul 26 15:04:53 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: Sorry - my mistake!! Wrong MTA Wherever possible Vispan uses the MailScanner log entries. The only MTA specific log entries it uses are the rejected mail entries. Hence it currently only supports Sendmail and Postfix - I was thinking of Exim when I wrote the reply!! So to answer the original question - yes it supports Postfix! -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Brad Beckenhauer Sent: 26 July 2005 15:00 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: maillog analysis tool? David, I do not understand, I have Vispan v2.02 running on Postfix v2.1 and the stats appear to be updating correctly. Why do you say the "mails rejected" stats do not work? thanks Brad >>> David While 7/26/2005 8:00:08 AM >>> Vispan is generic as far a possible and works mostly on MailScanner log entries. The only stats that wouldn't work are the number of mails rejected since this is MTA specific. -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing & Information University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Pete Russell Sent: 26 July 2005 13:59 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: maillog analysis tool? Does Vispan support postfix? David While wrote: > 2.0.2 is the latest released version - I am still working on 2.0.3 > > -------------------------------------------- > David While BSc CEng MBCS CITP > Department of Computing & Information > University of Central England > Tel: 0121 331 6211 > -------------------------------------------- > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Kai Schaetzl > Sent: 26 July 2005 13:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: maillog analysis tool? > > Philip Parsons wrote on Mon, 25 Jul 2005 15:35:22 -0700: > > >>http://www.while.homeunix.net/mailstats/ > > > is 2.0.2 the latest version? When I look at the example page that says it > got produced by 2.0.3 which links back to the 2.0.2 page under the URL > above. > > Kai > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sailer at BNL.GOV Tue Jul 26 15:12:23 2005 From: sailer at BNL.GOV (Tim Sailer) Date: Thu Jan 12 21:30:25 2006 Subject: maillog analysis tool? Message-ID: On Tue, Jul 26, 2005 at 03:04:53PM +0100, David While wrote: > Sorry - my mistake!! Wrong MTA > > Wherever possible Vispan uses the MailScanner log entries. The only MTA > specific log entries it uses are the rejected mail entries. Hence it > currently only supports Sendmail and Postfix - I was thinking of Exim > when I wrote the reply!! I have hacked up Vispan to work with Exim. THe only thing that doesn't work is the 'delay' graph. I should clean things up and push them back upstream. If anyone wants the raw code, drop me email privately. Tim -- Tim Sailer Information and Special Technologies Program Office of CounterIntelligence Brookhaven National Laboratory (631) 344-3001 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajd at ADAVIES.NET Tue Jul 26 19:44:10 2005 From: ajd at ADAVIES.NET (Alan Davies) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I need some help deciphering what this message means and how to correct it. The last situation I was in was with having two instances of perl installed. I've managed to remove the 2nd instance and am no longer recieving the warning about two instances when I run install.sh. The install seems to run fine, but when I try to start the service I'm getting the message below. Regards, Alan Starting MailScanner daemons: incoming sendmail: ok outgoing sendmail: ok MailScanner: Can't locate bytes.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Log.pm line 139. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 68. ok [root MailScanner-4.43.8-1]# ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jul 26 15:35:50 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:25 2006 Subject: Is a check on a valid SMIME signature possible within MS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/7/26, Norbert Schmidt : > > Hi, > > I am using postfix as MTA, as far as I know, a milter is a sendmail > technology. I couldn't find a tool that does something similar with postfix. > As MS does check on encryption, I thought it should be possible to check on > smime signatures too, because it's all sort of open-ssl stuff. > Maybe it would be possible to attach this functionality through the custom > stuff... > > Any ideas?? > > Norbert > I'm sure you've seen the "Addon" thing on www.postfix.org (the Z1 whatchamacallit), which seems to be the "official" postfix recommendation:/. If you'd like to hack something up for yourself, I'd imagine the postfix filter options would be the way to go. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Jul 26 22:45:18 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:25 2006 Subject: How to add X-Spam-Status? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Kai Schaetzl wrote: > >> Dhawal Doshy wrote on Sat, 23 Jul 2005 22:31:14 +0530: >> >> >>> 5. Use some distribution system at your facility to use this as the >>> starter training data for all thunderbird users. >> >> >> >> Wouldn't it be easier to just distribute the changes users have to do >> now manually? (Add some rule filing certain headers to folder spam.) >> >> Kai >> > > Am certain that i am absolutely unsure.. what i suggested was a result > of some googling around the thunderbird forums. I haven't tried this > at home and neither would i want to. I was just trying to spam someone > with unsolicited advice. > > Alex: did you try this? can you post your feedback? > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! You can add any header you like, and use rules for it. I would like to have a "magic header" that would tell my MUA that the message is likely to be spam so that, without any effort on the end-user's part, it would be moved to the junk mail folder. Unfortunately there seems to be no such magic header. It does, however, work well if you set a rule at the MUA - and you can avoid the {Spam?} subject mangling which looks weird (or bad) to some users. An example rule for TBird at http://nkpanama.com/x-spam-status.gif is what I've had to set up. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Jul 27 02:25:56 2005 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:25 2006 Subject: Way OT: Linux Distro questions... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dear list, Most of the time SME's rely on a single piece of equipment to do more than one thing. MailScanner often shares the same box with an SME's mail, web, firewall and vpn functions. An increasing number of my clients want to have an easier way to stop some layer7 protocols at the gateway - and unless you force upon them a lot of restrictions (no IP forwarding except for a few specific cases), it becomes a bit cumbersome, inconvenient, or too restrictive. Has anybody here on the list had success with any small-footprint, GPL (and free as in beer) distros that have built-in layer7 filtering? I know you can implement layer7 filtering with a few kernel tweaks on most regular distros, but since there are stores downtown selling refurbished Dell PIIs and PIIIs for less than $150 that could probably do the job (provided I add a $5 NIC to the mix), I'd like to be able to pop a cd into a cheap PC and have it do the filtering while leaving the heavy-duty work (separating spam from ham, archiving mail, and keeping viruses at bay) to the mailscanner boxen. I'm setting the "reply-to:" to my address so I don't clutter up the list unnecessarily... thanks for your time! Regards, Alex Neuman van der Hans ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jul 27 02:37:26 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:25 2006 Subject: Way OT: Linux Distro questions... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ipcop has a module/contrib for this. Never used it, just noticed when whe i was considering using ipcop (i never did). Alex Neuman van der Hans wrote: > Dear list, > > Most of the time SME's rely on a single piece of equipment to do more > than one thing. MailScanner often shares the same box with an SME's > mail, web, firewall and vpn functions. > > An increasing number of my clients want to have an easier way to stop > some layer7 protocols at the gateway - and unless you force upon them a > lot of restrictions (no IP forwarding except for a few specific cases), > it becomes a bit cumbersome, inconvenient, or too restrictive. > > Has anybody here on the list had success with any small-footprint, GPL > (and free as in beer) distros that have built-in layer7 filtering? I > know you can implement layer7 filtering with a few kernel tweaks on most > regular distros, but since there are stores downtown selling refurbished > Dell PIIs and PIIIs for less than $150 that could probably do the job > (provided I add a $5 NIC to the mix), I'd like to be able to pop a cd > into a cheap PC and have it do the filtering while leaving the > heavy-duty work (separating spam from ham, archiving mail, and keeping > viruses at bay) to the mailscanner boxen. > > I'm setting the "reply-to:" to my address so I don't clutter up the list > unnecessarily... thanks for your time! > > Regards, > > Alex Neuman van der Hans > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kfliong at WOFS.COM Wed Jul 27 03:25:54 2005 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:30:25 2006 Subject: mailscanner site down? Message-ID: Hi, I am trying to download latest version of mailscanner but unable to connect to mailscanner.info site. Cannot also connect to www.sng.ecs.soton.ac.uk either. Something wrong? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Jul 26 21:31:29 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:25 2006 Subject: Problem Getting MailScanner running on Cobalt RAQ 4 w/ updated OS Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since your mail program doesn't provide decent threading information, I don't know if you read my last mail or not, but that one contains the answer to your question. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Wed Jul 27 08:17:20 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: Is a check on a valid SMIME signature possible within MS Message-ID: MailScanner mailing list schrieb am 26.07.2005 15:04:39: > > Behalf Of Norbert Schmidt > > Sent: 26 July 2005 07:41 > > Subject: Is a check on a valid SMIME signature possible within MS > > > > > > > > Hi all together, > > > > I am in the process of evaluation on Mailscanner and am very much excited > > about the abilities. > > As our company is using S/MIME Signatures to verify the identity of > > senders that are allowed to send mail to certain mailinglists, I wonder > > wether it was possible to integrate these checks into MailScanner. > > > > Does anybody know about an extension, that could be helpfull?? > > How have you implemented these checks currently? Currently we've got a seperate Mailserver, that uses a homebrew TCL-Script as wrapper around open-ssl to do the checks. But I don't know much about TCL and would like to integrate those checks into MS... Norbert [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Wed Jul 27 09:02:36 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:25 2006 Subject: mailscanner site down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] kfliong wrote: > Hi, > > I am trying to download latest version of mailscanner but unable to > connect to mailscanner.info site. Cannot also connect to > www.sng.ecs.soton.ac.uk either. Something wrong? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Looks like it - wiki is still about ... wiki.mailscanner.info -- -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kfliong at WOFS.COM Wed Jul 27 10:17:28 2005 From: kfliong at WOFS.COM (kfliong) Date: Thu Jan 12 21:30:25 2006 Subject: mailscanner site down? Message-ID: Arh...site is back running....maybe ran some maintenance... At 04:02 PM 7/27/2005, you wrote: >kfliong wrote: >>Hi, >>I am trying to download latest version of mailscanner but unable to >>connect to mailscanner.info site. Cannot also connect to >>www.sng.ecs.soton.ac.uk either. Something wrong? >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>Support MailScanner development - buy the book off the website! > >Looks like it - wiki is still about ... >wiki.mailscanner.info > >-- >-- >Martin Hepworth >Senior Systems Administrator >Solid State Logic Ltd >tel: +44 (0)1865 842300 > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > >__________ NOD32 1.1178 (20050726) Information __________ > >This message was checked by NOD32 antivirus system. >http://www.eset.com > > > > >-- >No virus found in this incoming message. >Checked by AVG Anti-Virus. >Version: 7.0.338 / Virus Database: 267.9.5/58 - Release Date: 7/25/2005 > > >__________ NOD32 1.1178 (20050726) Information __________ > >This message was checked by NOD32 antivirus system. >http://www.eset.com > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Wed Jul 27 12:16:07 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:30:25 2006 Subject: Three-way match headache Message-ID: Hi, I have a scenario whereby we are now looking at customers being able to configure per-user rules, but this has thrown up a headache in how to handle some potential rules for outgoing messages. Taking sender notification, for example, in the old, per-domain only environment it was enough to simply set something like: From: ip.ad.dr.es and From: domain yes but now we effectively need something like: From: ip.ad.dr.es and From: user@domain and To: otherdomain yes which from what I can tell isn't possible in MailScanner, as it doesn't handle three conditions as yet anyway, you can't do multiple lines with a 'continue' like statement, and can't call another ruleset within the existing one (which would have been quite useful in this context actually). Any thoughts? C:> This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From technician at CENPAC.NET.NR Wed Jul 27 09:17:13 2005 From: technician at CENPAC.NET.NR (Jon Leeman) Date: Thu Jan 12 21:30:25 2006 Subject: mailscanner site down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Looks like it - wiki is still about ... > wiki.mailscanner.info > 20:15 Hrs (local Nauru July 27 = UTC + 12) http://www.sng.ecs.soton.ac.uk/mailscanner/index.html is OK from here [203.98.224.0/23] Regards, Jon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Wed Jul 27 12:46:01 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everybody, I've installed kaspersky-5.5 on a debian/sage box together with mailscanner. The scanner is licensed and working and running /etc/MailScanner/wrapper/kaspersky-wrapper /opt/kav/5.5/kav4unix/ /eicar.com.txt gives me a result on stdout with a Scan summary stateing Infected=1 , so the scanner is working, but when sending a tesmail with eicar.com.txt, only clamav and bitdefender messages are integrated into the mail. Did the answer-format change from kaspersky-4.5 to 5.5??? It seems to me that mailscanner main-program ignores or does not understand the output of the wrapper-kaspersky script.... Any help appreciated Norbert -------------------------------------- IS-Teledata AG Stollwerckstr. 7 D-51149 Köln Germany [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From norbert.schmidt at IS-TELEDATA.COM Wed Jul 27 12:46:01 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everybody, I've installed kaspersky-5.5 on a debian/sage box together with mailscanner. The scanner is licensed and working and running /etc/MailScanner/wrapper/kaspersky-wrapper /opt/kav/5.5/kav4unix/ /eicar.com.txt gives me a result on stdout with a Scan summary stateing Infected=1 , so the scanner is working, but when sending a tesmail with eicar.com.txt, only clamav and bitdefender messages are integrated into the mail. Did the answer-format change from kaspersky-4.5 to 5.5??? It seems to me that mailscanner main-program ignores or does not understand the output of the wrapper-kaspersky script.... Any help appreciated Norbert -------------------------------------- IS-Teledata AG Stollwerckstr. 7 D-51149 Köln Germany [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From glenn.steen at gmail.com Wed Jul 27 13:10:34 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/7/27, Norbert Schmidt : > > Hi everybody, > > I've installed kaspersky-5.5 on a debian/sage box together with mailscanner. > > The scanner is licensed and working and running > /etc/MailScanner/wrapper/kaspersky-wrapper > /opt/kav/5.5/kav4unix/ /eicar.com.txt > gives me a result on stdout with a Scan summary stateing Infected=1 , so the > scanner is working, but when sending a tesmail with eicar.com.txt, only > clamav and bitdefender messages are integrated into the mail. > Did the answer-format change from kaspersky-4.5 to 5.5??? > > It seems to me that mailscanner main-program ignores or does not understand > the output of the wrapper-kaspersky script.... > > Any help appreciated > > Norbert Silly question: did you check virus.scanners.conf that the path for kaspersky is correct (third column)? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Jul 27 14:11:07 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Norbert Schmidt wrote: > > Hi everybody, > > > It seems to me that mailscanner main-program ignores or does not > understand the output of the wrapper-kaspersky script.... > What do the logs say? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Wed Jul 27 14:17:08 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: MailScanner mailing list schrieb am 27.07.2005 15:11:07: > Norbert Schmidt wrote: > > > > > Hi everybody, > > > > > > It seems to me that mailscanner main-program ignores or does not > > understand the output of the wrapper-kaspersky script.... > > > What do the logs say? > Which logs to look at?? /var/log/mail.log says nothing about kaspersky I've got clamav kaspersky-4.5 and bitdefender configured, but only get lines of bitdefender and clamav in this logfile... Norbert [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Wed Jul 27 14:14:00 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > 2005/7/27, Norbert Schmidt : > >> >>Hi everybody, >> >>I've installed kaspersky-5.5 on a debian/sage box together with mailscanner. >> >>The scanner is licensed and working and running >>/etc/MailScanner/wrapper/kaspersky-wrapper >>/opt/kav/5.5/kav4unix/ /eicar.com.txt >>gives me a result on stdout with a Scan summary stateing Infected=1 , so the >>scanner is working, but when sending a tesmail with eicar.com.txt, only >>clamav and bitdefender messages are integrated into the mail. >>Did the answer-format change from kaspersky-4.5 to 5.5??? >> >>It seems to me that mailscanner main-program ignores or does not understand >>the output of the wrapper-kaspersky script.... >> >>Any help appreciated >> >>Norbert > > Silly question: did you check virus.scanners.conf that the path for > kaspersky is correct (third column)? Even more silly. Did you edit MailScanner.conf to add kapersky to the list of virus scanners? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Wed Jul 27 13:44:17 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:25 2006 Subject: Version Performance Message-ID: Hi I have been seen a small drop in performance between MS4-37.7/SA-3.02 to MS-4.44-1/SA-3.04 Under very heavy load we had been procesing about 15500 mails per hour, but with the new setup that number gets only to 13400 There where no changes at MTA, or the machine. I only change MS+SA+some perl modules Compress-Zlib, ExtUtils-MakeMaker File-Spec File-Temp IO-stringy MailTools MIME-Base64 Storable Time-HiRes All the surbls/rbls are the same. The other rules are all the same but the default ones. I'm triyng to see where the problem is. (modules? SA? MS?) Has anyone seen this behaviour? Saludos -- Leonardo Helman Pert Consultores Argentina ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Wed Jul 27 14:40:03 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: MailScanner mailing list wrote on 27.07.2005 15:14:00: > Glenn Steen wrote: > > 2005/7/27, Norbert Schmidt : > > > >> > >>Hi everybody, > >> > >>I've installed kaspersky-5.5 on a debian/sage box together with mailscanner. > >> > >>The scanner is licensed and working and running > >>/etc/MailScanner/wrapper/kaspersky-wrapper > >>/opt/kav/5.5/kav4unix/ /eicar.com.txt > >>gives me a result on stdout with a Scan summary stateing Infected=1 , so the > >>scanner is working, but when sending a tesmail with eicar.com.txt, only > >>clamav and bitdefender messages are integrated into the mail. > >>Did the answer-format change from kaspersky-4.5 to 5.5??? > >> > >>It seems to me that mailscanner main-program ignores or does not understand > >>the output of the wrapper-kaspersky script.... > > Silly question: did you check virus.scanners.conf that the path for > > kaspersky is correct (third column)? > > Even more silly. Did you edit MailScanner.conf to add kapersky to the > list of virus scanners? Well I think, I've checked all the silly things... As I wrote above I can see the scanner start and work, but mailscanner doesn't seem to understand the output... Norbert [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Wed Jul 27 14:38:25 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:25 2006 Subject: Version Performance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Leonardo Helman wrote: > Hi I have been seen a small drop in performance > between MS4-37.7/SA-3.02 to MS-4.44-1/SA-3.04 > > Under very heavy load we had been procesing about 15500 mails > per hour, but with the new setup that number gets only to 13400 > > There where no changes at MTA, or the machine. > I only change MS+SA+some perl modules > Compress-Zlib, ExtUtils-MakeMaker File-Spec File-Temp IO-stringy > MailTools MIME-Base64 Storable Time-HiRes > > All the surbls/rbls are the same. > > The other rules are all the same but the default ones. > > I'm triyng to see where the problem is. (modules? SA? MS?) Please start here: http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance and here http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Jul 27 14:54:29 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Norbert Schmidt wrote: > > MailScanner mailing list wrote on > 27.07.2005 15:14:00: > > > Glenn Steen wrote: > > > 2005/7/27, Norbert Schmidt : > > > > > >> > > >>Hi everybody, > > >> > > >>I've installed kaspersky-5.5 on a debian/sage box together with > mailscanner. > > >> > > >>The scanner is licensed and working and running > > >>/etc/MailScanner/wrapper/kaspersky-wrapper > > >>/opt/kav/5.5/kav4unix/ /eicar.com.txt > > >>gives me a result on stdout with a Scan summary stateing > Infected=1 , so the > > >>scanner is working, but when sending a tesmail with eicar.com.txt, > only > > >>clamav and bitdefender messages are integrated into the mail. > > >>Did the answer-format change from kaspersky-4.5 to 5.5??? > > >> > > >>It seems to me that mailscanner main-program ignores or does not > understand > > >>the output of the wrapper-kaspersky script.... > > > > Silly question: did you check virus.scanners.conf that the path for > > > kaspersky is correct (third column)? > > > > Even more silly. Did you edit MailScanner.conf to add kapersky to the > > list of virus scanners? > > Well I think, I've checked all the silly things... As I wrote above I > can see the scanner start and work, but mailscanner doesn't seem to > understand the output... > > Norbert Have you tried to see what the debug output looks like? Can you use a font that doesn't require squinting? Even better, can you use plaintext instead of HTML? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 27 14:49:41 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Norbert Schmidt wrote: >> >> Even more silly. Did you edit MailScanner.conf to add kapersky to the >> list of virus scanners? > > Well I think, I've checked all the silly things... You think or you're sure? What is the output of: grep '^Virus Scanners' /etc/MailScanner/MailScanner.conf ? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From quinting at HSD.CA Wed Jul 27 15:03:14 2005 From: quinting at HSD.CA (Quintin Giesbrecht) Date: Thu Jan 12 21:30:25 2006 Subject: No Virus Scanning Happening Since MS Upgrade to v4.43.8 Message-ID: Virus Scanning is Pointing to a rule (this must be new, because I just had it set to YES) I changed it to YES, but viruses still come through. I have since changed it back to the rule set. If I send an email from the MS box itself which contains a virus, it gets scanned and blocked. Any other mail from any other server that contains a virus does not get scanned and/or detected as a virus. Any ideas? Thanks, Quintin Giesbrecht IT Professional Hanover School Division q@hsd.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Wed Jul 27 15:09:09 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: MailScanner mailing list schrieb am 27.07.2005 15:49:41: > Norbert Schmidt wrote: > >> > >> Even more silly. Did you edit MailScanner.conf to add kapersky to the > >> list of virus scanners? > > > > Well I think, I've checked all the silly things... > > You think or you're sure? > > What is the output of: > > grep '^Virus Scanners' /etc/MailScanner/MailScanner.conf > > ? > I believe :-) The output is: Virus Scanners = clamav kaspersky-4.5 bitdefender Norbert ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From norbert.schmidt at IS-TELEDATA.COM Wed Jul 27 15:11:09 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: MailScanner mailing list schrieb am 27.07.2005 15:54:29: > Norbert Schmidt wrote: > > > > > MailScanner mailing list wrote on > > 27.07.2005 15:14:00: > > > > > Glenn Steen wrote: > > > > 2005/7/27, Norbert Schmidt : > > > > > > > >> > > > >>Hi everybody, > > > >> > > > >>I've installed kaspersky-5.5 on a debian/sage box together with > > mailscanner. > > > >> > > > >>The scanner is licensed and working and running > > > >>/etc/MailScanner/wrapper/kaspersky-wrapper > > > >>/opt/kav/5.5/kav4unix/ /eicar.com.txt > > > >>gives me a result on stdout with a Scan summary stateing > > Infected=1 , so the > > > >>scanner is working, but when sending a tesmail with eicar.com.txt, > > only > > > >>clamav and bitdefender messages are integrated into the mail. > > > >>Did the answer-format change from kaspersky-4.5 to 5.5??? > > > >> > > > >>It seems to me that mailscanner main-program ignores or does not > > understand > > > >>the output of the wrapper-kaspersky script.... > > > > > > Silly question: did you check virus.scanners.conf that the path for > > > > kaspersky is correct (third column)? > > > > > > Even more silly. Did you edit MailScanner.conf to add kapersky to the > > > list of virus scanners? > > > > Well I think, I've checked all the silly things... As I wrote above I > > can see the scanner start and work, but mailscanner doesn't seem to > > understand the output... > > > > Norbert > > Have you tried to see what the debug output looks like? Can you use a > font that doesn't require squinting? Even better, can you use plaintext > instead of HTML? > Sorry about the HTML... I'll use Text now... There is no debug output or I can't find it... The log says nothing about kaspersky... Norbert ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From alex at NKPANAMA.COM Wed Jul 27 15:19:28 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Norbert Schmidt wrote: >>> >>> >>> >>Have you tried to see what the debug output looks like? Can you use a >>font that doesn't require squinting? Even better, can you use plaintext >>instead of HTML? >> >> >There is no debug output or I can't find it... >The log says nothing about kaspersky... > >Norbert > > > Did you check: # Set Debug to "yes" to stop it running as a daemon and just process # one batch of messages and then exit. Debug = no If you have "debug=no" then no debugging will be done. Read the MAQ/FAQ/etc. to check how to do a debug. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at NORCOMCABLE.CA Wed Jul 27 16:01:25 2005 From: lists at NORCOMCABLE.CA (Dan) Date: Thu Jan 12 21:30:25 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > > Hi everybody, > > I've installed kaspersky-5.5 on a debian/sage box together > with mailscanner. > > The scanner is licensed and working and running > /etc/MailScanner/wrapper/kaspersky-wrapper > /opt/kav/5.5/kav4unix/ /eicar.com.txt gives me a result on > stdout with a Scan summary stateing Infected=1 , so the > scanner is working, but when sending a tesmail with > eicar.com.txt, only clamav and bitdefender messages are > integrated into the mail. > Did the answer-format change from kaspersky-4.5 to 5.5??? > > It seems to me that mailscanner main-program ignores or does > not understand the output of the wrapper-kaspersky script.... > > Any help appreciated > > Norbert > > -------------------------------------- > IS-Teledata AG > Stollwerckstr. 7 > D-51149 Köln > Germany > I to went through this. The output and paths are different than the 4.5 wrapper. Since my knowledge of the wrappers are not enough to modify them I just downgraded to 5.0 and all works fine. I installed mine on a Centos3 box. regards, -dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Wed Jul 27 16:23:11 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:30:25 2006 Subject: Three-way match headache Message-ID: Assuming Perl regexp "extended patterns" (I haven't tried) can be used, consider the following two lines in the order presented: From: user@domain andFrom: /^(?!ip\.ad\.dr\.es)$/ no From: user@domain andTo: otherdomain yes The regular expression in the first line basically says to act "no" if the message is from user@domain but NOT from the specified IP address. Good luck. Chuck Foster Sent by: MailScanner mailing list 2005-07-27 07:16 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Three-way match headache Hi, I have a scenario whereby we are now looking at customers being able to configure per-user rules, but this has thrown up a headache in how to handle some potential rules for outgoing messages. Taking sender notification, for example, in the old, per-domain only environment it was enough to simply set something like: From: ip.ad.dr.es and From: domain yes but now we effectively need something like: From: ip.ad.dr.es and From: user@domain and To: otherdomain yes which from what I can tell isn't possible in MailScanner, as it doesn't handle three conditions as yet anyway, you can't do multiple lines with a 'continue' like statement, and can't call another ruleset within the existing one (which would have been quite useful in this context actually). Any thoughts? C:> This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. -- This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.4KB. ] [ Unable to print this part. ] From mailscanner at LISTS.COM.AR Wed Jul 27 15:56:13 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:25 2006 Subject: Version Performance Message-ID: Yes, I'know, I have read them. They are already optimized. But, my question is about leaving everything as is, and only changing MS/SA version. (only a software update) Has anyone noted a performance change? For better or for worse? On Wed, Jul 27, 2005 at 09:38:03AM -0400, Ugo Bellavance wrote: > Leonardo Helman wrote: > > Hi I have been seen a small drop in performance > > between MS4-37.7/SA-3.02 to MS-4.44-1/SA-3.04 > > > > Under very heavy load we had been procesing about 15500 mails > > per hour, but with the new setup that number gets only to 13400 > > > > There where no changes at MTA, or the machine. > > I only change MS+SA+some perl modules > > Compress-Zlib, ExtUtils-MakeMaker File-Spec File-Temp IO-stringy > > MailTools MIME-Base64 Storable Time-HiRes > > > > All the surbls/rbls are the same. > > > > The other rules are all the same but the default ones. > > > > I'm triyng to see where the problem is. (modules? SA? MS?) > > Please start here: > > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance > > and here > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Jul 27 18:33:33 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:25 2006 Subject: Feature request - Emergency mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Julian, Could it be possible to have an email sent to an admin when MailScanner enters in emergency mode (Max Normal Queue Size =). This way, an admin could be warned that the queue length is abnormally long. Thanks, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Jul 27 19:23:15 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:25 2006 Subject: Feature request - Emergency mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: >Hi, > > Julian, > >Could it be possible to have an email sent to an admin when MailScanner >enters in emergency mode (Max Normal Queue Size =). > >This way, an admin could be warned that the queue length is abnormally long. > >Thanks, > > Ugo, I have achieved this through Big Brother. I added an external test that counts the files in mqueue.in and then decides to turn yellow or red. All is reflected on BB's web page. I also configured BB to send an email when thc status turns red or returns to normal. Works like a charm. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From steve.swaney at fsl.com Wed Jul 27 19:33:03 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:25 2006 Subject: Feature request - Emergency mode Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Wednesday, July 27, 2005 1:34 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Feature request - Emergency mode > > Hi, > > Julian, > > Could it be possible to have an email sent to an admin when MailScanner > enters in emergency mode (Max Normal Queue Size =). > > This way, an admin could be warned that the queue length is abnormally > long. > > Thanks, > -- > Ugo One thing to consider with this approach is that the email may not get delivered in a timely fashion unless you make sure to drop it in the outbound queue. Remember the reason you're sending the email is that the incoming queue is backed up :( Also there may be other email problems that have caused the queue to backup and mail in general may be broken. So using mail to monitor mail may not be too robust a solution. The real solution here is to come up with an out of band approach that does not depend on the local mail delivery system at all to warn of problems. Ideally you would have a system that puts a message in the inbound queue and check to make sure it's delivered in a timely fashion. Since you turned me on to monit, (http://www.tildeslash.com/monit/) I know you're monitoring your mail systems for the other typical problems. For the other readers I'll mention that you really need to monitor the health of all critical applications and systems on your gateway to be sure there are no current or impending system problems. Have you thought using monit to check the size of the mailq. You could write a simple cron job script that changes the size of a file if the incoming mailq gets larger than "Max Normal Queue Size =". Then use monit to check for change in the size of that file. Just a thought. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Wed Jul 27 20:36:57 2005 From: KLekas at FOXRIVER.COM (Kosta Lekas) Date: Thu Jan 12 21:30:25 2006 Subject: tnef screwed up my queue Message-ID: I found 2 files, tnef-15701-1.doc and tnef-15961-1.doc in my incoming queue directory /var/spool/postfix/hold. This caused my mailq to become halted. How can I prevent this from happening again? I had the same problem with razor so I stopped using it. Is this a bug, a misconfiguration on my part. Should I set Expand TNEF= no. Your comments/suggestions would be appreciated. Thank-you Kosta Lekas ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Jul 27 20:52:46 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:25 2006 Subject: tnef screwed up my queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kosta Lekas wrote: > I found 2 files, tnef-15701-1.doc and tnef-15961-1.doc in my incoming > queue directory /var/spool/postfix/hold. This caused my mailq to > become halted. How can I prevent this from happening again? I had the > same problem with razor so I stopped using it. Is this a bug, a > misconfiguration on my part. Should I set Expand TNEF= no. Your > comments/suggestions would be appreciated. > > > > Thank-you > > Kosta Lekas > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* Use the "other" tnef decoder... see what happens... it's one of those "YMMV" things... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From deanm at SKYNETMOBILE.COM Wed Jul 27 23:07:48 2005 From: deanm at SKYNETMOBILE.COM (Dean M) Date: Thu Jan 12 21:30:25 2006 Subject: _STARS(*)_ Problem Message-ID: Hi, I have recently installed MailScanner 4.43.8 and almost everything is working great! The problem is the Spam Score subject. I see Spam Score ssssss etc in the header, but if I try and use [Spam Score _STARS(s)_] in the subject I get exactly that attached to any spam messages, rather than [Spam Score ssssssss] Has anyone found the same problem? MailScanner --version Running on Linux smcmail01 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 i686 i686 i386 GNU/Linux This is Fedora Core release 3 (Heidelberg) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.43.8 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jul 28 00:07:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:26 2006 Subject: _STARS(*)_ Problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dean M wrote: > Hi, > I have recently installed MailScanner 4.43.8 and almost everything is > working great! The problem is the Spam Score subject. I see Spam Score > ssssss etc in the header, but if I try and use [Spam Score _STARS(s)_] in > the subject I get exactly that attached to any spam messages, rather than > [Spam Score ssssssss] > Has anyone found the same problem? MailScanner doesn't use SpamAssassin's markup generation, it does it's own. All message tagging options are configured in MailScanner's config files. Anything relating to message tagging that you set it spamassassin's config files (local.cf, etc) will be ignored. (however, options like use_bayes, etc will still be used as they affect how SA calculates scores, and MS does use that part of SA). AFAIK, the _STARS_ bit is a spamassassin option, and isn't supported by MailScanner at all. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Thu Jul 28 00:11:17 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: On Wed, 27 Jul 2005, Stephen Swaney wrote: > This way, an admin could be warned that the queue length is abnormally > > > The real solution here is to come up with an out of band approach that does > not depend on the local mail delivery system at all to warn of problems. Ideally if its critical you know, you should use somthing like mon or even webmin monitoring and the sms plugin/script/command -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From deanm at SKYNETMOBILE.COM Thu Jul 28 00:20:10 2005 From: deanm at SKYNETMOBILE.COM (Dean Maunder) Date: Thu Jan 12 21:30:26 2006 Subject: _STARS(*)_ Problem Message-ID: OK, is there any intent to support this in the future? We have recently moved from having our mail hosted to hosting ourselves and some of my users are complaining as they used to filter on the number of 'ssss' in the subject. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Thursday, 28 July 2005 9:07 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: _STARS(*)_ Problem Dean M wrote: > Hi, > I have recently installed MailScanner 4.43.8 and almost everything is > working great! The problem is the Spam Score subject. I see Spam > Score ssssss etc in the header, but if I try and use [Spam Score > _STARS(s)_] in the subject I get exactly that attached to any spam > messages, rather than [Spam Score ssssssss] Has anyone found the same > problem? MailScanner doesn't use SpamAssassin's markup generation, it does it's own. All message tagging options are configured in MailScanner's config files. Anything relating to message tagging that you set it spamassassin's config files (local.cf, etc) will be ignored. (however, options like use_bayes, etc will still be used as they affect how SA calculates scores, and MS does use that part of SA). AFAIK, the _STARS_ bit is a spamassassin option, and isn't supported by MailScanner at all. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Jul 28 00:23:44 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:26 2006 Subject: tnef screwed up my queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I had exactly the same problem recently and posted it to the list. All my tnef and file settings are default. this problem appears (to me) to have occured only after an upgrade to 4.43.8 Pete Alex Neuman van der Hans wrote: > Kosta Lekas wrote: > >> I found 2 files, tnef-15701-1.doc and tnef-15961-1.doc in my incoming >> queue directory /var/spool/postfix/hold. This caused my mailq to >> become halted. How can I prevent this from happening again? I had the >> same problem with razor so I stopped using it. Is this a bug, a >> misconfiguration on my part. Should I set Expand TNEF= no. Your >> comments/suggestions would be appreciated. >> >> >> >> Thank-you >> >> Kosta Lekas >> >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > Use the "other" tnef decoder... see what happens... it's one of those > "YMMV" things... > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard at AK.PLANET.GEN.NZ Thu Jul 28 05:41:53 2005 From: richard at AK.PLANET.GEN.NZ (Richard Haakma) Date: Thu Jan 12 21:30:26 2006 Subject: Postfix + mailscanner corrupts messages, mailscanner stopping Message-ID: Hi. I have a mail server which is running on OpenBSD 3.7 on a Pentium III computer. It is running postfix-2.2.0-mysql from the OpenBSD packages and currently MailScanner-4.42.9 with Spamassassin 3.0.4 installed with source packages. Pyzor, DCC and Razor are not used. Anti-virus is by Clamav-0.86. I am getting a few messages each day appearing in the corrupt spool. These are accompanied by the message in the maillog: Jul 28 08:24:44 snowy MailScanner[28550]: Requeue: E2FBF50D368.2F7F7 to 3E53B50D344 Jul 28 08:24:44 snowy postfix/qmgr[19243]: 3E53B50D344: from=, size=47189, nrcpt=2 (queue active) Jul 28 08:24:44 snowy postfix/qmgr[19243]: warning: 3E53B50D344: rcpt count mismatch (1) Jul 28 08:24:44 snowy postfix/local[6308]: warning: corrupted queue file: active/3E53B50D344 Jul 28 08:24:44 snowy postfix/qmgr[19243]: warning: saving corrupt file "3E53B50D344" from queue "active" to queue "corrupt" This never seems to happen when there is a big backlog of messages waiting. Maybe there is a race when MailScanner is not overloaded. Is MailScanner trying to open the queue files in the hold queue before Postfix has finished putting them there, due to bad or no locking? I have searched the mailing list archive and found previous reports of a similar nature. I have also found a reference in the CHANGELOG which may refer to this problem in the latest BETA release. Is the fixes for the BETA release likely to fix this problem? Also in the changelog is a reference to a fix for MailScanner going to sleep in version 4.42.9. Unfortunately this seems to be happening to me. The appropriate number of MailScanner processes are in the process list, but it appears that they have stopped doing anything. I have had to use cron to stop and restart MailScanner a few times each day to reduce the inconvenience to users. Is there news of a better fix for this? Regards, RH. -- Do NOT reply to SPAM. Do NOT buy anything that is offered by SPAM. Every time someone buys, the spammers can economically justify sending out thousands more messages. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jul 28 08:51:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:26 2006 Subject: _STARS(*)_ Problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dean Maunder wrote: > OK, is there any intent to support this in the future? We have recently > moved from having our mail hosted to hosting ourselves and some of my > users are complaining as they used to filter on the number of 'ssss' in > the subject. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: Thursday, 28 July 2005 9:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: _STARS(*)_ Problem > > Dean M wrote: > >>Hi, >>I have recently installed MailScanner 4.43.8 and almost everything is >>working great! The problem is the Spam Score subject. I see Spam >>Score ssssss etc in the header, but if I try and use [Spam Score >>_STARS(s)_] in the subject I get exactly that attached to any spam >>messages, rather than [Spam Score ssssssss] Has anyone found the same >>problem? > > > > MailScanner doesn't use SpamAssassin's markup generation, it does it's > own. All message tagging options are configured in MailScanner's config > files. > > Anything relating to message tagging that you set it spamassassin's > config files (local.cf, etc) will be ignored. (however, options like > use_bayes, etc will still be used as they affect how SA calculates > scores, and MS does use that part of SA). > > AFAIK, the _STARS_ bit is a spamassassin option, and isn't supported by > MailScanner at all. > I find filtering by the presence of {Spam?} at the start of the header works for my users. This is normally set if MS thinks its spam. -- -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chuck.foster at STREAMSHIELD.COM Thu Jul 28 09:54:11 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:30:26 2006 Subject: Three-way match headache Message-ID: Hmm, from what I can tell in RuleToRegexp, a /..../ expression is automatically text (ie. domain check) and not IP-based, unfortunately. But it was a nice idea, though with multiple incoming mail servers that could get to be quite a nasty regexp! Assuming Perl regexp "extended patterns" (I haven't tried) can be used, consider the following two lines in the order presented: From: user@domain andFrom: /^(?!ip\.ad\.dr\.es)$/ no From: user@domain andTo: otherdomain yes The regular expression in the first line basically says to act "no" if the message is from user@domain but NOT from the specified IP address. Good luck. From: ip.ad.dr.es and From: user@domain and To: otherdomain yes This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Thu Jul 28 11:28:32 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:26 2006 Subject: Postfix + mailscanner corrupts messages, mailscanner stopping Message-ID: MailScanner mailing list wrote: > I am getting a few messages each day appearing in the corrupt > spool. These are accompanied by the message in the maillog: I've been keeping an eye on this too. Recent releases have certainly had less corrupt messages, but I have now had one again. It's in the form when run through postcat: *** ENVELOPE RECORDS *** (envelope records) *** MESSAGE CONTENTS *** (email headers, excluding mailscanner headers) (envelope records again, slightly different from first time) *** MESSAGE CONTENTS *** (email headers again, still no mailscanner headers) (email body) (mailscanner headers) (email body again) *** HEADER EXTRACTED *** *** MESSAGE FILE END *** The email itself contains some potentially sensitive client info, which I can't really post on-list, though could post off-list, if that helps. root@cyril:/opt/MailScanner# bin/MailScanner -V Running on Linux cyril 2.6.10-Tromix #1 SMP Fri Jan 28 11:23:23 GMT 2005 i686 pentium3 i386 GNU/Linux This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.43.8 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.49 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent 0.15 SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Regards Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at TRADOC.FR Thu Jul 28 11:49:12 2005 From: john at TRADOC.FR (John Wilcock) Date: Thu Jan 12 21:30:26 2006 Subject: Postfix + mailscanner corrupts messages, mailscanner stopping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard Haakma wrote: > I have searched the mailing list archive and found previous reports > of a similar nature. I have also found a reference in the > CHANGELOG which may refer to this problem in the latest BETA > release. Is the fixes for the BETA release likely to fix > this problem? Yes - an improved fix for this was in 4.44.1. As Julian explained to me off-list, what basically happens is if MailScanner sees a postfix file without an end-of-message record it drops the message from the batch and lets the next MailScanner pick it up when it comes along. John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Thu Jul 28 11:51:02 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:26 2006 Subject: kaspersky 5.5 Virusscan Message-ID: MailScanner mailing list schrieb am 27.07.2005 17:01:25: > > > > > > Hi everybody, > > > > I've installed kaspersky-5.5 on a debian/sage box together > > with mailscanner. > > > > It seems to me that mailscanner main-program ignores or does > > not understand the output of the wrapper-kaspersky script.... Dan wrote: > > I to went through this. > The output and paths are different than the 4.5 wrapper. > Since my knowledge of the wrappers are not enough to modify > them I just downgraded to 5.0 and all works fine. > > I installed mine on a Centos3 box. Thanks Dan for the info, I was trying to find kaspersky 5.0 packages, to downgrade, but couldn't find any, so I am lost with my kaspersky 5.5 :-( How or where does MailScanner parse the stdin it gets from the wrapper-script?? I see a "cat $Report" within the wrapper script. This means it sends the content to stdout, which would be stdin of the calling process, so which is the calling process??? Norbert ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Jul 28 13:47:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: _STARS(*)_ Problem Message-ID: I have just added it for you. It will be in the stable release due out this weekend (or the start of next week). You will be able to put _STARS_ in the subject line tag for spam and high-scoring spam, which will be replaced by a string of whatever character you have chosen in the "Spam Score Character" setting. It will have a max length of about 60 so you can't launch a denial-of- service attack by exploiting any bugs when other packages receive messages that have extremely long headers. On 28 Jul 2005, at 00:20, Dean Maunder wrote: > OK, is there any intent to support this in the future? We have > recently > moved from having our mail hosted to hosting ourselves and some of my > users are complaining as they used to filter on the number of > 'ssss' in > the subject. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: Thursday, 28 July 2005 9:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: _STARS(*)_ Problem > > Dean M wrote: > >> Hi, >> I have recently installed MailScanner 4.43.8 and almost everything is >> working great! The problem is the Spam Score subject. I see Spam >> Score ssssss etc in the header, but if I try and use [Spam Score >> _STARS(s)_] in the subject I get exactly that attached to any spam >> messages, rather than [Spam Score ssssssss] Has anyone found the same >> problem? >> > > > MailScanner doesn't use SpamAssassin's markup generation, it does it's > own. All message tagging options are configured in MailScanner's > config > files. > > Anything relating to message tagging that you set it spamassassin's > config files (local.cf, etc) will be ignored. (however, options like > use_bayes, etc will still be used as they affect how SA calculates > scores, and MS does use that part of SA). > > AFAIK, the _STARS_ bit is a spamassassin option, and isn't > supported by > MailScanner at all. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 28 13:53:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: Three-way match headache Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My intention was that if the regexp included no letters, then it would be treated as an IP-based address match pattern. Is this currently true in the code? On 28 Jul 2005, at 09:54, Chuck Foster wrote: Hmm, from what I can tell in RuleToRegexp, a /..../ expression is automatically text (ie. domain check) and not IP-based, unfortunately.   But it was a nice idea, though with multiple incoming mail servers that could get to be quite a nasty regexp!   Assuming Perl regexp "extended patterns" (I haven't tried) can be used, consider the following two lines in the order presented: From: user@domain     andFrom: /^(?!ip\.ad\.dr\.es)$/     no From: user@domain     andTo: otherdomain                 yes The regular expression in the first line basically says to act "no" if the message is from user@domain but NOT from the specified IP address. Good luck.                 From: ip.ad.dr.es and From: user@domain and To: otherdomain   yes This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory.   This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 202bytes. ] [ Unable to print this part. ] From Denis.Beauchemin at USHERBROOKE.CA Thu Jul 28 13:47:17 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:26 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Norbert Schmidt wrote: >MailScanner mailing list schrieb am >27.07.2005 17:01:25: > > > >>>Hi everybody, >>> >>>I've installed kaspersky-5.5 on a debian/sage box together >>>with mailscanner. >>> >>>It seems to me that mailscanner main-program ignores or does >>>not understand the output of the wrapper-kaspersky script.... >>> >>> > >Dan wrote: > > >>I to went through this. >>The output and paths are different than the 4.5 wrapper. >>Since my knowledge of the wrappers are not enough to modify >>them I just downgraded to 5.0 and all works fine. >> >>I installed mine on a Centos3 box. >> >> > >Thanks Dan for the info, > >I was trying to find kaspersky 5.0 packages, to downgrade, but couldn't >find any, so I am lost with my kaspersky 5.5 :-( > >How or where does MailScanner parse the stdin it gets from the >wrapper-script?? >I see a "cat $Report" within the wrapper script. This means it sends the >content to stdout, which would be stdin of the calling process, so which >is the calling process??? > > > Norbert, This is done in /usr/lib/MailScanner/MailScanner/SweepViruses.pm. Look for sub ProcessKaspersky_4_5Output. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Jul 28 13:57:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sending mail to warn about mail not being sent. Hmmm..... On 27 Jul 2005, at 18:33, Ugo Bellavance wrote: > Hi, > > Julian, > > Could it be possible to have an email sent to an admin when > MailScanner > enters in emergency mode (Max Normal Queue Size =). > > This way, an admin could be warned that the queue length is > abnormally long. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQujWWBH2WUcUFbZUEQLJoACeIpoDH2fU43PailNHXwtaGoYB0zsAoLZO k6pP9rNvHO6LaiBLmm5s3hYh =+QGF -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jul 28 14:00:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: Is a check on a valid SMIME signature possible within MS Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 27 Jul 2005, at 08:17, Norbert Schmidt wrote: MailScanner mailing list schrieb am 26.07.2005 15:04:39: > > Behalf Of Norbert Schmidt > > Sent: 26 July 2005 07:41 > > Subject: Is a check on a valid SMIME signature possible within MS > > > > > > > > Hi all together, > > > > I am in the process of evaluation on Mailscanner and am very much excited > > about the abilities. > > As our company is using S/MIME Signatures to verify the identity of > > senders that are allowed to send mail to certain mailinglists, I wonder > > wether it was possible to integrate these checks into MailScanner. > > > > Does anybody know about an extension, that could be helpfull?? > > How have you implemented these checks currently? Sounds like a job for the custom/generic virus scanner plugin. Check the signature yourself in an external bit of code and kill attachments (or the whole message) as necessary. --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 202bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Jul 28 14:04:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: MCP on a per domain basis Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You can switch MCP on and off with a ruleset just the same as you do with the spam functionality. On 26 Jul 2005, at 13:54, Gray, Richard wrote: > This page (http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/) > seems to suggest that there is no way for MCP to be used based on a > supplied ruleset. Am I right in thinking this? > > If so are there any plans for adding this as a feature? If not can > anyone point me to the right place? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQujXzhH2WUcUFbZUEQLwWACg3eTI/bMO5IkJ+6t9r/mc2CGnPI4AoMFH x4lCjmwkKZQdPGuASXcIBKCJ =gtkX -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Jul 28 14:07:43 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Sending mail to warn about mail not being sent. Hmmm..... > > > Julian, If you put the mail directly in sendmail's outgoing queue, it should work fine... unless there is something I don't see... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Jul 28 14:17:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28 Jul 2005, at 14:07, Denis Beauchemin wrote: > * PGP Bad Signature, Signed by a unverified key > Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Sending mail to warn about mail not being sent. Hmmm..... >> >> >> > Julian, > > If you put the mail directly in sendmail's outgoing queue, it > should work fine... unless there is something I don't see... I fundamentally do not approve of generating mail messages that explicitly bypass the scanning. Asking for trouble. All other mail messages generated by MailScanner are done so in an MTA-neutral way (or at least easily configurable). To drop a message straight into the outbound queue I have to generate the entire files myself, rather than just feeding an RFC-822 message to the MTA. I'm not going down this path just for something little like this. It's a lot of work, it's very hard to get right, and you should probably be monitoring using another tool anyway, such as Nagios, Nocol or Bigbrother. - -- - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQuja8hH2WUcUFbZUEQLeiwCcDEF3ewtg6coh+TOBcsieZzn1zkwAoNv7 osM+5v3x/kpsFnwF22EN9FhM =QKkx -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Thu Jul 28 14:22:18 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:30:26 2006 Subject: MCP on a per domain basis Message-ID: Thanks Julian, I got it sorted now. Clearly I was having a brain freeze yesterday. R > > You can switch MCP on and off with a ruleset just the same as > you do with the spam functionality. > > On 26 Jul 2005, at 13:54, Gray, Richard wrote: > > > This page (http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/) > > seems to suggest that there is no way for MCP to be used based on a > > supplied ruleset. Am I right in thinking this? > > > ----------------------- This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Thu Jul 28 14:10:54 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Ugo Bellavance >>Sent: Wednesday, July 27, 2005 1:34 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Feature request - Emergency mode >> >>Hi, >> >> Julian, >> >>Could it be possible to have an email sent to an admin when MailScanner >>enters in emergency mode (Max Normal Queue Size =). >> >>This way, an admin could be warned that the queue length is abnormally >>long. >> >>Thanks, >>-- >>Ugo > > > One thing to consider with this approach is that the email may not get > delivered in a timely fashion unless you make sure to drop it in the > outbound queue. Remember the reason you're sending the email is that the > incoming queue is backed up :( Yes, I thought of that. But I also thought that instead of using the local MTA, we could use another server. Yes, that is similar to what monit would do, but I was just wondering, since there is already a test in MailScanner that raises a flag when the treshold is hit, how easy it would be to call a function that would send an e-mail using an external mail server. > > Have you thought using monit to check the size of the mailq. You could write > a simple cron job script that changes the size of a file if the incoming > mailq gets larger than "Max Normal Queue Size =". Then use monit to check > for change in the size of that file. That is indeed a good idea. -- Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Jul 28 14:21:12 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 28 Jul 2005, at 14:07, Denis Beauchemin wrote: > > >>* PGP Bad Signature, Signed by a unverified key >>Julian Field wrote: >> >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>Sending mail to warn about mail not being sent. Hmmm..... >>> >>> >>> >>> >>> >>Julian, >> >>If you put the mail directly in sendmail's outgoing queue, it >>should work fine... unless there is something I don't see... >> >> > >I fundamentally do not approve of generating mail messages that >explicitly bypass the scanning. Asking for trouble. All other mail >messages generated by MailScanner are done so in an MTA-neutral way >(or at least easily configurable). To drop a message straight into >the outbound queue I have to generate the entire files myself, rather >than just feeding an RFC-822 message to the MTA. I'm not going down >this path just for something little like this. It's a lot of work, >it's very hard to get right, and you should probably be monitoring >using another tool anyway, such as Nagios, Nocol or Bigbrother. > > > I agree! Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From dstraka at CASPERCOLLEGE.EDU Thu Jul 28 14:00:14 2005 From: dstraka at CASPERCOLLEGE.EDU (Daniel Straka) Date: Thu Jan 12 21:30:26 2006 Subject: RBL's without SpamAssassin = how much spam is caught? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm running MS with "Spam List = ORDB-RBL SBL+XBL" and without SpamAssassin (my version of perl is too old for SA). Around 15-30 percent of mail is being identified as spam. Some users are still receiving quite a bit of male enhancement, prescription drug and software spam. 1. Would SA make a very big difference? If so how much %? 2. Are there other RBL's that work better than Spamhaus? 3. Can I use other RBL's in conjunction with Spamhaus? Thanks, Dan Straka Casper College (307)268-2399 ** Visit Casper College Online at www.caspercollege.edu ** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevin at KEVINSPICER.CO.UK Thu Jul 28 15:04:37 2005 From: kevin at KEVINSPICER.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: On Wed, 2005-07-27 at 13:33 -0400, Ugo Bellavance wrote: > Hi, > > Julian, > > Could it be possible to have an email sent to an admin when MailScanner > enters in emergency mode (Max Normal Queue Size =). The next feature I'm working on for MailScanner-MRTG is the ability to send an alert for anything MSMRTG monitors when customisable thresholds are exceeded. The threshold code is already in the latest unstable release (and mostly working I think!), I just need to get round to writing the alert bit. I'm primarily seeing this as a means to alert nagios, but I'm also planning to be able to send alerts via SMTP, so that you can send a message, for example, direct to an email-sms gateway. Kevin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Thu Jul 28 14:47:27 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:26 2006 Subject: Custom Logging by "Always Looked Up Last" Message-ID: Hi I'm using the "Always Looked Up Last" configuration parameter to do some custom logging. I could'nt use the "Detailed Spam Report = no" parameter, because if I set it, $message->{spamreport} is overwritten somthing like line 243 of MessageBatch.pm $message->{spamreport} = MailScanner::Config::LanguageValue($message, ($message->{isspam}?'spam':'notspam')); So I made a very quick&dirty patch, so I save the original spamreport for later use in "Always Looked Up Last" ----------------------------------------------------------------------------- diff -Naur .MailScanner-4.44.1.msidpatched/lib/MailScanner/MessageBatch.pm .MailScanner-4.44.1/lib/MailScanner/MessageBatch.pm --- .MailScanner-4.44.1.msidpatched/lib/MailScanner/MessageBatch.pm Sun Jun 26 13:11:42 2005 +++ .MailScanner-4.44.1/lib/MailScanner/MessageBatch.pm Thu Jul 28 09:04:36 2005 @@ -241,6 +241,8 @@ $counter += $message->IsSpam(); if (!MailScanner::Config::Value('spamdetail', $message)) { + # PERTLEOH: Copy the value for custom logging in LastLookup + $message->{spamreportdetailed}=$message->{spamreport}; $message->{spamreport} = MailScanner::Config::LanguageValue($message, ($message->{isspam}?'spam':'notspam')); } ----------------------------------------------------------------------------- -- Leonardo Helman Pert Consultores Argentina ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Jul 28 15:50:28 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:26 2006 Subject: RBL's without SpamAssassin = how much spam is caught? Message-ID: SpamAssassin would make a HUGE difference. I'd estimate that I catch about 98% of the spam that flows through my boxen. I like the RBL's you have. I also use spamcop. Some may frown on that, but it works well for me. You can use as many RBL's as you want. I run my RBL's at the MTA, so I reject them before they ever make it to get scanned. Now, if we could just get our wives to quit adding us to those male enhancements lists, the world would be good! :) Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Daniel Straka Sent: Thursday, July 28, 2005 8:00 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: RBL's without SpamAssassin = how much spam is caught? I'm running MS with "Spam List = ORDB-RBL SBL+XBL" and without SpamAssassin (my version of perl is too old for SA). Around 15-30 percent of mail is being identified as spam. Some users are still receiving quite a bit of male enhancement, prescription drug and software spam. 1. Would SA make a very big difference? If so how much %? 2. Are there other RBL's that work better than Spamhaus? 3. Can I use other RBL's in conjunction with Spamhaus? Thanks, Dan Straka Casper College (307)268-2399 ** Visit Casper College Online at www.caspercollege.edu ** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Jul 28 15:33:33 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:30:26 2006 Subject: Three-way match headache Message-ID: As Julian pointed out, any regexp that contains only numbers is supposed to match IP addresses, not domain names. Can anyone confirm this? As to the complication of the regexp: Most ISPs are (or should be) sending from one (or as few as possible) IP addresses anyway. Multiple receiving hosts (MXs) are more common, but not the concern here. Outside of asking or careful observation, the only way to know the "extra" addresses from which a domain sends is if you're fortunate enough that they have published an SPF record. Anyway, I think this way is nicer than having to rewrite the entire rule for each possible IP address. Consider a domain name that sends from three addresses. Using your proposed style of rule if it is implemented in MS: From: aa.aa.aa.aa andFrom: user@domain andTo: otherdomain yes From: bb.bb.bb.bb andFrom: user@domain andTo: otherdomain yes From: cc.cc.cc.cc andFrom: user@domain andTo: otherdomain yes Using the regexp method I proposed which MS is already capable of (assuming it works): From: user@domain andFrom: /^(?!(aa\.aa\.aa\.aa|bb\.bb\.bb\.bb|cc\.cc\.cc\.cc))$/ no From: user@domain andTo: otherdomain yes Which seems a bit easier to manage, in my opinion. Regards, ---------------------------------- Philip J. Hachey, BCS(High Hons) Programmer-Analyst City of Cornwall Chuck Foster Sent by: MailScanner mailing list 2005-07-28 04:54 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Three-way match headache Hmm, from what I can tell in RuleToRegexp, a /..../ expression is automatically text (ie. domain check) and not IP-based, unfortunately. But it was a nice idea, though with multiple incoming mail servers that could get to be quite a nasty regexp! Assuming Perl regexp "extended patterns" (I haven't tried) can be used, consider the following two lines in the order presented: From: user@domain andFrom: /^(?!ip\.ad\.dr\.es)$/ no From: user@domain andTo: otherdomain yes The regular expression in the first line basically says to act "no" if the message is from user@domain but NOT from the specified IP address. Good luck. From: ip.ad.dr.es and From: user@domain and To: otherdomain yes This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.4KB. ] [ Unable to print this part. ] From PHachey at CITY.CORNWALL.ON.CA Thu Jul 28 15:51:48 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:30:26 2006 Subject: RBL's without SpamAssassin = how much spam is caught? Message-ID: You'll likely have to experiment to see what works best for your site. On our site, of over 18,000 messages roughly 8000 messages were clean. Of the remaining 10,000 messages that were marked as spam, nearly all of them were marked as spam by SpamAssassin and 8000 appeared in RBLs (I'm using: SBL+XBL spamcop.net NJABL+DYN SORBS-DUL). This seems to suggest that SpamAssassin is quite useful and, with it turned on (doing it's own scoring based on Bayes, RBLs, etc.), RBL checking in MS isn't that useful. So you could still potentially catch a lot of spam with RBLs only, but it's not as sure-fire as SpamAssassin (or even *just* SpamAssassin). Regards, ---------------------------------- Philip J. Hachey, BCS(High Hons) Programmer-Analyst City of Cornwall Daniel Straka Sent by: MailScanner mailing list 2005-07-28 09:00 Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: RBL's without SpamAssassin = how much spam is caught? I'm running MS with "Spam List = ORDB-RBL SBL+XBL" and without SpamAssassin (my version of perl is too old for SA). Around 15-30 percent of mail is being identified as spam. Some users are still receiving quite a bit of male enhancement, prescription drug and software spam. 1. Would SA make a very big difference? If so how much %? 2. Are there other RBL's that work better than Spamhaus? 3. Can I use other RBL's in conjunction with Spamhaus? Thanks, Dan Straka Casper College (307)268-2399 ** Visit Casper College Online at www.caspercollege.edu ** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.4KB. ] [ Unable to print this part. ] From chuck.foster at STREAMSHIELD.COM Thu Jul 28 16:29:20 2005 From: chuck.foster at STREAMSHIELD.COM (Chuck Foster) Date: Thu Jan 12 21:30:26 2006 Subject: Three-way match headache Message-ID: You're right, I missed a check for that when I looked previously, doh! My intention was that if the regexp included no letters, then it would be treated as an IP-based address match pattern. Is this currently true in the code? On 28 Jul 2005, at 09:54, Chuck Foster wrote: Hmm, from what I can tell in RuleToRegexp, a /..../ expression is automatically text (ie. domain check) and not IP-based, unfortunately. But it was a nice idea, though with multiple incoming mail servers that could get to be quite a nasty regexp! This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorized signatory. This message has been scanned for viruses and potentially harmful content by StreamShield Protector. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jul 28 16:24:29 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:26 2006 Subject: Feature request - Emergency mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 7/28/2005 5:57 AM: > Sending mail to warn about mail not being sent. Hmmm..... > > On 27 Jul 2005, at 18:33, Ugo Bellavance wrote: > Sort of like trying to call the phone company when you're phone is out of order! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Jul 28 16:27:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:26 2006 Subject: No Virus Scanning Happening Since MS Upgrade to v4.43.8 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Quintin Giesbrecht spake the following on 7/27/2005 7:03 AM: > > Virus Scanning is Pointing to a rule (this must be new, because I just > had it set to YES) > > I changed it to YES, but viruses still come through. I have since > changed it back to the rule set. > > If I send an email from the MS box itself which contains a virus, it > gets scanned and blocked. Any other mail from any other server that > contains a virus does not get scanned and/or detected as a virus. > > Any ideas? Maybe check if something is wrong in the whitelist. Look at the log for that (those) messages and see if they are being scanned or skipped/whitelisted. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From christian.schmidt at CHEMIE.UNI-HAMBURG.DE Thu Jul 28 16:56:37 2005 From: christian.schmidt at CHEMIE.UNI-HAMBURG.DE (Christian Schmidt) Date: Thu Jan 12 21:30:26 2006 Subject: No Virus Scanning Happening Since MS Upgrade to v4.43.8 Message-ID: Hello Quintin, Quintin Giesbrecht, 27.07.2005 (d.m.y): > Virus Scanning is Pointing to a rule (this must be new, because I just > had it set to YES) > > I changed it to YES, but viruses still come through. I have since > changed it back to the rule set. Well, just changing an option to "yes" may sometimes not be enough. Perhaps you should reveal some more details concerning your configuration... > If I send an email from the MS box itself which contains a virus, it > gets scanned and blocked. How do you send this mail? Are you calling your sendmail (or postfix, exim, whatever) binary directly or are you connecting to your MTA via port 25? What does your configuration look like? > Any other mail from any other server that > contains a virus does not get scanned and/or detected as a virus. Maybe the "wrong daemon" is listening on the outward network interface? Regards, Christian Schmidt -- Um geistreich zu sprechen, habe man - wenn man es auf irgendeine Art ist - nur den Mut, alles auszusagen. An der Furcht stirbt das Genie. -- Jean Paul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Jul 28 20:29:11 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: Am I the only one seeing huge delays/non-deliveries to the list ATM? When posting from my gmail account.... I see nothing... most of the time. And I got an error from jiscmail too ("4.5.1 problem running AV" or somesuch). Makes one wonder whether gmail.com has been BL'd:/. This is posted via the jiscmail web interface. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Thu Jul 28 20:30:30 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:30:26 2006 Subject: Evidence of active exploit against email servers!! (sophos) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello: One of the aeroflex mail admins is using MailScanner w/ Sophos, and he thinks that he's found a problem w/ sopohos antivirus. Does anyone else have a problem? -Bill David Fry wrote: > gents, > > Okay - I do believe something is actively in the wild taking advantage > of the Sophos exploit. > > After having a couple of hiccups with our pop server and even as > I was installing the latest build of Sophos on that box ... I saw the > following on our mail gateway. > > ***************************************************** > Virus Scanning: Denial of Service attack detected! > Virus Scanning: Denial of Service attack detected! > Virus Scanning: Denial of Service attack detected! > ***************************************************** > > The frequency of the log message was every 6 minutes! > > Now here is the kicker. As soon as I reinstalled Sophos with the latest > build AND restarted MailScanner (which calls the SophosSAVI perl > module) ... the warning messages ceased!! > > So, I would highly encourage you to look at your logs. I do believe we > have a live one here. > > I have some 80+ messages in my MailScanner inbound queue - I suspect > the exploit is sitting in there. I am taking a look at that now - > mainly to make > sure I don't have any legitimate emails snagged there. > > I believe this is the first instance of an actual vulnerability > exploit with Sophos > itself. > > Keep an eye out gents! > > regards, > > > -david > David Fry wrote: > TITLE: > >Sophos Anti-Virus Unspecified Buffer Overflow Vulnerability > >SECUNIA ADVISORY ID: >SA16245 > >VERIFY ADVISORY: >http://secunia.com/advisories/16245/ > >CRITICAL: >Highly critical > >IMPACT: >System access > >WHERE: >>From remote > >SOFTWARE: >Sophos Anti-Virus 4.x >http://secunia.com/product/5391/ >Sophos Anti-Virus 3.x >http://secunia.com/product/164/ > >DESCRIPTION: >A vulnerability has been reported in Sophos Anti-Virus, which >potentially can be exploited by malicious people to compromise a >vulnerable system. > >The vulnerability is caused due to an unspecified error and can be >exploited to cause a heap-based buffer overflow. > >The vulnerability has been reported in Sophos Anti-Virus Small >Business Edition and in Sophos Anti-Virus versions prior to 3.96.0 >and prior to 4.5.4. > >SOLUTION: >The vendor has included a fix in the following versions: >* Version 3.96.0 of Sophos Anti-Virus (all supported Windows >platforms, all supported Unix platforms, NetWare, OS/2, and OpenVMS) >* Version 4.5.4 of Sophos Anti-Virus (all platforms) > >Fixes are reportedly expected to be available by 2005-07-29 for >Sophos Anti-Virus Small Business Edition on all Windows platforms, >and within the next 14 days for the other remaining versions. > >PROVIDED AND/OR DISCOVERED BY: >The vendor credits Alex Wheeler. > >ORIGINAL ADVISORY: >Sophos: >http://www.sophos.com/support/knowledgebase/article/3409.html > >---------------------------------------------------------------------- > >About: >This Advisory was delivered by Secunia as a free service to help >everybody keeping their systems up to date against the latest >vulnerabilities. > >Subscribe: >http://secunia.com/secunia_security_advisories/ > >Definitions: (Criticality, Where etc.) >http://secunia.com/about_secunia_advisories/ > > >Please Note: >Secunia recommends that you verify all advisories you receive by >clicking the link. >Secunia NEVER sends attached files with advisories. >Secunia does not advise people to install third party patches, only >use those supplied by the vendor. > >---------------------------------------------------------------------- > >Unsubscribe: Secunia Security Advisories >http://secunia.com/sec_adv_unsubscribe/?email=david.fry%40ifrsys.com > >---------------------------------------------------------------------- > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Jul 28 20:32:54 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Am I the only one seeing huge delays/non-deliveries to the list ATM? > > When posting from my gmail account.... I see nothing... most of the time. > And I got an error from jiscmail too ("4.5.1 problem running AV" or > somesuch). > > Makes one wonder whether gmail.com has been BL'd:/. > > This is posted via the jiscmail web interface. > > -- Glenn I'll check to see how long this reply takes to come back... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Jul 28 20:34:35 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> Am I the only one seeing huge delays/non-deliveries to the list ATM? >> >> When posting from my gmail account.... I see nothing... most of the >> time. >> And I got an error from jiscmail too ("4.5.1 problem running AV" or >> somesuch). >> >> Makes one wonder whether gmail.com has been BL'd:/. >> >> This is posted via the jiscmail web interface. >> >> -- Glenn > > I'll check to see how long this reply takes to come back... Only a few seconds... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu Jul 28 20:36:59 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: On Thu, 2005-07-28 at 14:34 -0500, Alex Neuman wrote: > Only a few seconds... Here I go :) -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Phone: 1850 927 280 Intl: +353 (0)59 9183072 Fax: +353 (0)59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu Jul 28 20:38:36 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: On Thu, 2005-07-28 at 20:36 +0100, Michele Neylon :: Blacknight wrote: > On Thu, 2005-07-28 at 14:34 -0500, Alex Neuman wrote: > > > Only a few seconds... > > Here I go :) No delay here -- Mr. Michele Neylon Blacknight Solutions Hosting, Co-location & Domain Registration http://www.blacknight.ie/ Phone: 1850 927 280 Intl: +353 (0)59 9183072 Fax: +353 (0)59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Thu Jul 28 21:03:26 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:30:26 2006 Subject: Version Performance Message-ID: On what hardware are you running this?? Thanks Ugo Bellavance Sent by: MailScanner mailing list 27/07/2005 15:38 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: Version Performance Leonardo Helman wrote: > Hi I have been seen a small drop in performance > between MS4-37.7/SA-3.02 to MS-4.44-1/SA-3.04 > > Under very heavy load we had been procesing about 15500 mails > per hour, but with the new setup that number gets only to 13400 > > There where no changes at MTA, or the machine. > I only change MS+SA+some perl modules > Compress-Zlib, ExtUtils-MakeMaker File-Spec File-Temp IO-stringy > MailTools MIME-Base64 Storable Time-HiRes > > All the surbls/rbls are the same. > > The other rules are all the same but the default ones. > > I'm triyng to see where the problem is. (modules? SA? MS?) Please start here: http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:perfor ance and here http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From samp at ARIAL-CONCEPT.COM Thu Jul 28 21:07:04 2005 From: samp at ARIAL-CONCEPT.COM (Sam Przyswa) Date: Thu Jan 12 21:30:26 2006 Subject: Problem with Postfix and virtual domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I installed MailScanner a lot of time without problems but it doesn't start with a Postfix and virtual domain (Postfix.Admin v2.1.0) it worked fine with the regular config before the virtuals domains configuration. I use the header_check and the /^Received:/ HOLD The system: Linux-Debian stable 2.4.29 Postfix 2.1.5 MailScanner 4.41.3 There is my postfix configuration: ------------------------------------------------------------------------------ alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = yes biff = no config_directory = /etc/postfix header_checks = regexp:/etc/postfix/header_checks home_mailbox = Maildir/ mailbox_size_limit = 0 masquerade_domains = west-interactive.fr mynetworks = 127.0.0.0/8 myorigin = west-interactive.fr <-- domain known by the system recipient_delimiter = + smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) transport_maps = hash:/etc/postfix/transport virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:104 <-- postfix group virtual_mailbox_base = /home/virtual_mail/ virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 102 <-- postfix user virtual_transport = virtual virtual_uid_maps = static:102 ------------------------------------------------------------------- The virtual domain config work fine, but when I try to start MailScanner with /etc/init.d/mailscanner start only one MailScanner instance is launched ans the start script stay freeze. What's wrong ? Thanks in advance for your help. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 650 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Thu Jul 28 21:07:30 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: My last post came back very quickly too. Faster than I'm used to seeing this list respond. (In the past I have seen delays) -Bill ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From deanm at SKYNETMOBILE.COM Thu Jul 28 22:06:56 2005 From: deanm at SKYNETMOBILE.COM (Dean Maunder) Date: Thu Jan 12 21:30:26 2006 Subject: _STARS(*)_ Problem Message-ID: Excellent, thank you very much. I look forward to the next release. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Thursday, 28 July 2005 10:47 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: _STARS(*)_ Problem I have just added it for you. It will be in the stable release due out this weekend (or the start of next week). You will be able to put _STARS_ in the subject line tag for spam and high-scoring spam, which will be replaced by a string of whatever character you have chosen in the "Spam Score Character" setting. It will have a max length of about 60 so you can't launch a denial-of- service attack by exploiting any bugs when other packages receive messages that have extremely long headers. On 28 Jul 2005, at 00:20, Dean Maunder wrote: > OK, is there any intent to support this in the future? We have > recently moved from having our mail hosted to hosting ourselves and > some of my users are complaining as they used to filter on the number > of 'ssss' in the subject. > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: Thursday, 28 July 2005 9:07 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: _STARS(*)_ Problem > > Dean M wrote: > >> Hi, >> I have recently installed MailScanner 4.43.8 and almost everything is >> working great! The problem is the Spam Score subject. I see Spam >> Score ssssss etc in the header, but if I try and use [Spam Score >> _STARS(s)_] in the subject I get exactly that attached to any spam >> messages, rather than [Spam Score ssssssss] Has anyone found the same >> problem? >> > > > MailScanner doesn't use SpamAssassin's markup generation, it does it's > own. All message tagging options are configured in MailScanner's > config files. > > Anything relating to message tagging that you set it spamassassin's > config files (local.cf, etc) will be ignored. (however, options like > use_bayes, etc will still be used as they affect how SA calculates > scores, and MS does use that part of SA). > > AFAIK, the _STARS_ bit is a spamassassin option, and isn't supported > by MailScanner at all. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Fri Jul 29 00:12:58 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:26 2006 Subject: Spam actions when destinations have different thresholds Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Evening Can someone point me in the right direction (I have looked in the archives,wiki and FAQ) Scenario: Rule for spam thresholds as follows (not correct syntax) To: abcd@domain.co.uk 5 To: efgh@domain.co.uk 7 Mailscanner is configured to tag the subject line for spam. An email is sent to both abcd@domain.co.uk and efgh@domain.co.uk in the SAME envelope. The score it achieves is 6. Some quick tests that I have done (and thanks to blacknight for looking as well) shows that it triggers on the first recipient. Any ideas how to address this. I was thinking of doing something with sendmail queues: inbound emails -> mqueue.in mqueue.in -> mqueue.split (moved by a queue runner and .split has a max recipent of 1) MailScanner then monitors mqueue.split. This is obviously going to have a hit on throughput (and bandwidth/disk space) but at the moment this is the only way I can see of doing this. cheers Matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu Jul 28 22:57:30 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:26 2006 Subject: Next Stable (was: "_STARS(*)_ Problem") Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 28 Jul 2005 10:47 pm, Julian Field wrote: > I have just added it for you. It will be in the stable release due > out this weekend (or the start of next week). Are you going to be updating the ClamAV+SA installation package with the new ClamAV? I've already done it manually (drop the clamav...tar.gz in the tree from your install package, edit the install.sh script with the new version string - voila), but just thought I'd ask. Cheers, James -- Time sharing: The use of many people by the computer. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jul 28 20:30:57 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/7/28, Glenn Steen : > Am I the only one seeing huge delays/non-deliveries to the list ATM? > > When posting from my gmail account.... I see nothing... most of the time. > And I got an error from jiscmail too ("4.5.1 problem running AV" or somesuch). > > Makes one wonder whether gmail.com has been BL'd:/. > > This is posted via the jiscmail web interface. > > -- Glenn > Answering myself ... the best kind of conversation...:-). This is from gmail... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at GMAIL.COM Fri Jul 29 06:55:52 2005 From: dl6mpg at GMAIL.COM (Uwe Krause) Date: Thu Jan 12 21:30:26 2006 Subject: List Ping Message-ID: Hi, >Am I the only one seeing huge delays/non-deliveries to the list ATM? no ... i receive this all the time i post from gmail account ! >("4.5.1 problem running AV" or somesuch). The same here .... >Makes one wonder whether gmail.com has been BL'd:/. Good question .... >This is posted via the jiscmail web interface. Me too, Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 29 07:42:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: Spam actions when destinations have different thresholds Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Hampton wrote: > Evening > > Can someone point me in the right direction (I have looked in the > archives,wiki and FAQ) > > Scenario: > > Rule for spam thresholds as follows (not correct syntax) > > To: abcd@domain.co.uk 5 > To: efgh@domain.co.uk 7 > > Mailscanner is configured to tag the subject line for spam. > > An email is sent to both abcd@domain.co.uk and efgh@domain.co.uk in > the SAME envelope. The score it achieves is 6. > > Some quick tests that I have done (and thanks to blacknight for > looking as well) shows that it triggers on the first recipient. > > Any ideas how to address this. I was thinking of doing something with > sendmail queues: > > inbound emails -> mqueue.in > mqueue.in -> mqueue.split (moved by a queue runner and .split has a > max recipent of 1) > > MailScanner then monitors mqueue.split. > > This is obviously going to have a hit on throughput (and > bandwidth/disk space) but at the moment this is the only way I can see > of doing this. I have got some code somewhere that shows you how to remove recipients individually from a sendmail message in MailScanner. You could use that in a Custom Function on "Spam Actions" to remove a set of users which you work out somehow. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQunPyBH2WUcUFbZUEQIQmQCeLsxG9KQYpQAl/ACFYChaDsLXwgsAnAwj Z6XVZdg5jxUbkUF2/dKlRq/e =JKYM -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 29 07:43:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: List Ping Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Contact helpline@jiscmail.ac.uk and make sure they know about this. Uwe Krause wrote: >Hi, > > > >>Am I the only one seeing huge delays/non-deliveries to the list ATM? >> >> > >no ... i receive this all the time i post from gmail account ! > > > >>("4.5.1 problem running AV" or somesuch). >> >> > >The same here .... > > > >>Makes one wonder whether gmail.com has been BL'd:/. >> >> > >Good question .... > > > >>This is posted via the jiscmail web interface. >> >> > >Me too, > > >Uwe > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQunQAhH2WUcUFbZUEQJTkgCffR14OXQcG+1BqSDM/UjtnCdPeCAAoIHW RlLRFYJ4+1o+Lv7tUC2x1g58 =qTN1 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Fri Jul 29 08:20:54 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:26 2006 Subject: Spam actions when destinations have different thresholds Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I have got some code somewhere that shows you how to remove recipients > individually from a sendmail message in MailScanner. You could use that > in a Custom Function on "Spam Actions" to remove a set of users which > you work out somehow. That would be very much appreciated........ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From norbert.schmidt at IS-TELEDATA.COM Fri Jul 29 08:24:46 2005 From: norbert.schmidt at IS-TELEDATA.COM (Norbert Schmidt) Date: Thu Jan 12 21:30:26 2006 Subject: kaspersky 5.5 Virusscan Message-ID: MailScanner mailing list schrieb am 28.07.2005 14:47:17: > Norbert Schmidt wrote: > > >MailScanner mailing list schrieb am > >27.07.2005 17:01:25: > > > > > > > >>>Hi everybody, > >>> > >>>I've installed kaspersky-5.5 on a debian/sage box together > >>>with mailscanner. > >>> > >>>It seems to me that mailscanner main-program ignores or does > >>>not understand the output of the wrapper-kaspersky script.... > >Dan wrote: > > > > > >>I to went through this. > >>The output and paths are different than the 4.5 wrapper. > >>Since my knowledge of the wrappers are not enough to modify > >>them I just downgraded to 5.0 and all works fine. > >> > >I see a "cat $Report" within the wrapper script. This means it sends the > >content to stdout, which would be stdin of the calling process, so which > >is the calling process??? > > > This is done in /usr/lib/MailScanner/MailScanner/SweepViruses.pm. Look > for sub ProcessKaspersky_4_5Output. > > Denis Hi Denis, hi Dan, hi all the rest... I finally got MS work together with Kaspersky 5.5. First I had to change some access rights for the kaspersky installation, so user postfix could call some subprogramms of kaspersky. Next I changed the ScanOptions within wrapper-kaspersky to "-i0" and took the -j3 and -q out of the call: "${PackageDir}/$Scanner $ScanOptions -o$Report "$@ Thanks for the help Norbert ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 5.6KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Fri Jul 29 09:39:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: Spam actions when destinations have different thresholds Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29 Jul 2005, at 08:20, Matt Hampton wrote: > Julian Field wrote: > > >> I have got some code somewhere that shows you how to remove >> recipients individually from a sendmail message in MailScanner. >> You could use that in a Custom Function on "Spam Actions" to >> remove a set of users which you work out somehow. >> > > That would be very much appreciated........ This code has some calls to a couple of bits of other code in it, but it is pretty obvious what it does. It's from our Custom Function to auto-delete spam for individual users at the gateway. It calls Address2Threshold which takes an email address and returns the Required SpamAssassin Score value for that email address. my($message) = @_; my($to, $action, $lowercase, $changed, %recips); return 'deliver' unless $message; return 'deliver' unless @{$message->{to}}; $action = 'deliver'; # Build the hash of recipients and say we have not changed anything $changed = 0; foreach $to (@{$message->{to}}) { $lowercase = lc($to); # To avoid occasional bug in Perl $recips{$lowercase} = 1; } foreach $to (@{$message->{to}}) { $lowercase = lc($to); #if (exists $ECSthresholds{$lowercase}) { if (defined(Address2Threshold($lowercase))) { delete $recips{$lowercase}; MailScanner::Log::InfoLog("ECSthresholds: Deleting user %s", $lowercase); $changed = 1; } } # If nothing has changed, just deliver the message unless ($changed) { MailScanner::Log::InfoLog("ECSthresholds: Returning action deliver %s", join(',',@{$message->{touser}})); return 'deliver'; } my(@newto, @newtodomain, @newtouser); my($user, $domain); # Have we deleted all the recipients? @newto = keys %recips; unless (@newto) { MailScanner::Log::InfoLog("ECSthresholds: Returning action delete " . "for all recipients: %s", join(',',@{$message-> {touser}})); return 'delete'; } # We know we have deleted some of the recipients but not all. # Delete the recipients from the message, add the new list back in, # then setup all the message data structures for the new recipient list. $global::MS->{mta}->DeleteRecipients($message); $global::MS->{mta}->AddRecipients($message, @newto); # Work out the user @ domain components foreach $to (@newto) { ($user, $domain) = MailScanner::Message::address2userdomain($to); push @newtouser, $user; push @newtodomain, $domain; } #Now push the new recipients details back into the message structures @{$message->{to}} = @newto; @{$message->{touser}} = @newtouser; @{$message->{todomain}} = @newtodomain; MailScanner::Log::InfoLog("ECSthresholds: Reducing recipient list to %s", join(',',@{$message->{touser}})); return 'deliver'; } > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQunrQBH2WUcUFbZUEQKwMACg0xO3ov1eeYpfAb3wXOOPPri5SDQAoKYy ze6UZv73y1KJadgf/MX8K29U =HsX5 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jul 29 09:40:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:26 2006 Subject: kaspersky 5.5 Virusscan Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29 Jul 2005, at 08:24, Norbert Schmidt wrote: > * PGP Bad Signature, Signed by a unverified key > MailScanner mailing list schrieb am > 28.07.2005 14:47:17: > > >> Norbert Schmidt wrote: >> >> >>> MailScanner mailing list schrieb am >>> 27.07.2005 17:01:25: >>> >>> >>> >>> >>>>> Hi everybody, >>>>> >>>>> I've installed kaspersky-5.5 on a debian/sage box together >>>>> with mailscanner. >>>>> >>>>> It seems to me that mailscanner main-program ignores or does >>>>> not understand the output of the wrapper-kaspersky script.... >>>>> > > >>> Dan wrote: >>> >>> >>> >>>> I to went through this. >>>> The output and paths are different than the 4.5 wrapper. >>>> Since my knowledge of the wrappers are not enough to modify >>>> them I just downgraded to 5.0 and all works fine. >>>> >>>> >>> I see a "cat $Report" within the wrapper script. This means it sends >>> > the > >>> content to stdout, which would be stdin of the calling process, so >>> > which > >>> is the calling process??? >>> >>> >> This is done in /usr/lib/MailScanner/MailScanner/SweepViruses.pm. >> Look >> for sub ProcessKaspersky_4_5Output. >> >> Denis >> > > Hi Denis, hi Dan, hi all the rest... > > I finally got MS work together with Kaspersky 5.5. > First I had to change some access rights for the kaspersky > installation, > so user postfix could call some subprogramms of kaspersky. > Next I changed the ScanOptions within wrapper-kaspersky to "-i0" > and took > the -j3 and -q out of the call: "${PackageDir}/$Scanner $ScanOptions > -o$Report "$@ Is this agreed as a change I should make to the main source tree? Does everyone have 5.5? Or are most/many people still running the previous version? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQunrjxH2WUcUFbZUEQLR9wCeJDJIk1qmx7mPst3aXY+cQL3aOHsAoNDe y+9pG2JAwhN3puIfDxq+m883 =dCwd -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jul 29 09:39:34 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:26 2006 Subject: Problem with Postfix and virtual domains Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, July 28, 2005 21:07, Sam Przyswa wrote: > > The virtual domain config work fine, but when I try to start MailScanner > with /etc/init.d/mailscanner start only one MailScanner instance is > launched ans the start script stay freeze. > > What's wrong ? I don't think this has anything to do with Postfix. MailScanner interacts before any of the major vitual domain bits are used by Postfix. Try running MS in debug mode (in MailScanner.conf) with something in your queue and check the output. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jul 29 10:32:49 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] (Sorry for the top post) Now, here's the strange thing: Why did this one go through, but not the 5-10 others I've sent the last couple of days? Aaargh. -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Glenn Steen Sent: den 28 juli 2005 21:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: List ping 2005/7/28, Glenn Steen : > Am I the only one seeing huge delays/non-deliveries to the list ATM? > > When posting from my gmail account.... I see nothing... most of the time. > And I got an error from jiscmail too ("4.5.1 problem running AV" or somesuch). > > Makes one wonder whether gmail.com has been BL'd:/. > > This is posted via the jiscmail web interface. > > -- Glenn > Answering myself ... the best kind of conversation...:-). This is from gmail... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jul 29 10:34:52 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:26 2006 Subject: List Ping Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Will do so directly after lunch... from my work address of course, I doubt that the'll see anything from my gmail account:-). BTW, thanks to all who responded! -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Julian Field Sent: den 29 juli 2005 08:43 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: List Ping -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Contact helpline@jiscmail.ac.uk and make sure they know about this. Uwe Krause wrote: >Hi, > > > >>Am I the only one seeing huge delays/non-deliveries to the list ATM? >> >> > >no ... i receive this all the time i post from gmail account ! > > > >>("4.5.1 problem running AV" or somesuch). >> >> > >The same here .... > > > >>Makes one wonder whether gmail.com has been BL'd:/. >> >> > >Good question .... > > > >>This is posted via the jiscmail web interface. >> >> > >Me too, > > >Uwe > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQA/AwUBQunQAhH2WUcUFbZUEQJTkgCffR14OXQcG+1BqSDM/UjtnCdPeCAAoIHW RlLRFYJ4+1o+Lv7tUC2x1g58 =qTN1 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From samp at ARIAL-CONCEPT.COM Fri Jul 29 13:48:40 2005 From: samp at ARIAL-CONCEPT.COM (Sam Przyswa) Date: Thu Jan 12 21:30:26 2006 Subject: Problem with Postfix and virtual domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Drew Marshall a écrit : >On Thu, July 28, 2005 21:07, Sam Przyswa wrote: > > > >>The virtual domain config work fine, but when I try to start MailScanner >>with /etc/init.d/mailscanner start only one MailScanner instance is >>launched ans the start script stay freeze. >> >>What's wrong ? >> >> > >I don't think this has anything to do with Postfix. MailScanner interacts >before any of the major vitual domain bits are used by Postfix. > >Try running MS in debug mode (in MailScanner.conf) with something in your >queue and check the output. > > MailScanner WHAS in debug mode, this cause the problem -------------------------------- # Set Debug to "yes" to stop it running as a daemon and just process # one batch of messages and then exit. Debug = yes -------------------------------- After removing the debug MailScanner work fine ! Thanks for your help. Sam. -- Sam Przyswa - Chef de projet Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - 0870 444 650 - Fax: 01 40 54 83 01 Skype ID: arial-concept Web: http://www.arial-concept.com - Email: Info@arial-concept.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Fri Jul 29 13:42:19 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:26 2006 Subject: Spam actions when destinations have different thresholds Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jules wrote: >This code has some calls to a couple of bits of other code in it, but >it is pretty obvious what it does. It's from our Custom Function to >auto-delete spam for individual users at the gateway. >It calls Address2Threshold which takes an email address and returns >the Required SpamAssassin Score value for that email address. > > Thanks for this. Still doesn't solve the issue of tagging or not. Do people see this as an issue - I can't see that I am the only one who is going to want to do this. I don't mind hacking the code but I guess this is probably some signifcant changes so I wanted some feedback before I started delving in to the deep dark depths of Julian's code. Currently I can only see two ways of doing it - forcing the incoming MTA to split the envelope (not ideal) or MS spawing multiple messages. Suggestions/Comments? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jul 29 14:17:46 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:26 2006 Subject: Problem with Postfix and virtual domains Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, July 29, 2005 13:48, Sam Przyswa wrote: > > MailScanner WHAS in debug mode, this cause the problem > > -------------------------------- > # Set Debug to "yes" to stop it running as a daemon and just process > # one batch of messages and then exit. > Debug = yes > -------------------------------- > > After removing the debug MailScanner work fine ! Ahh yes, always makes a difference :-) > > Thanks for your help. A pleasure Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Jul 29 08:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote on Thu, 28 Jul 2005 20:29:11 +0100: > And I got an error from jiscmail too ("4.5.1 problem running AV" or somesuch). I got two of these, too. The server seems to have some problems lately. A few days ago it sent errors "disk full". Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Glenn.Steen at AP1.SE Fri Jul 29 14:45:58 2005 From: Glenn.Steen at AP1.SE (Steen, Glenn) Date: Thu Jan 12 21:30:26 2006 Subject: List ping Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Uhunh. Ok, thanks for the info Kai. I've opened a ticket with them ... and had the nerve to suggest they switch to MS (in a post scriptum, but still:-), so we'll see where this goes. I noticed that most of my mails weren't going through since I am subscribed to the list thrice (This address, my gmail account and a yahoo thingy (which I should probably close:-)). Hitting "Send" in gmail places "a copy" of my "sent mail" in the "conversation", so one could argue this as being a Miss Feature of Gmail... Anyway, never seing my feeble contributions hitting the list kind of gave it away (not to mention ticked me off ... slightly:-). Cheers -- Glenn -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Kai Schaetzl Sent: den 29 juli 2005 09:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: List ping Glenn Steen wrote on Thu, 28 Jul 2005 20:29:11 +0100: > And I got an error from jiscmail too ("4.5.1 problem running AV" or somesuch). I got two of these, too. The server seems to have some problems lately. A few days ago it sent errors "disk full". Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Fri Jul 29 15:06:58 2005 From: mcalnek at PCPLACE.CA (Milton R. Calnek) Date: Thu Jan 12 21:30:26 2006 Subject: Spamassassin always scores 0. Message-ID: Hi, I need some help sorting this out. So far today, I've had 437 emails scaned by ms/sa with a score of 0 and 23 with a score not 0 (-100 for being on a whitelist and 3.037 from AV testing were common values for non-0 scores). I've had 135 connections blocked by spamhaus and 32 blocked by sorbs (blocked by sendmail). I'd expect more non-0 scores from spamassassin. I have reviewed my mailscanner.conf, I've lost track of what's been changed... I have downloaded, rebuilt, re-installed current srpms of ms and sa. So basic setup: Server RH9.0, mode Gateway. RPMS: mailscanner-4.42.9-1 sendmail-8.12.8-9.90 spamassassin-tools-3.0.2-2.0.rh9.rf spamassassin-3.0.2-2.0.rh9.rf perl-5.8.0-88.3 MailScanner-perl-MIME-Base64-3.05-5 perl-MailTools-1.67-1 perl-HTML-Parser-3.45-1 perl-MIME-tools-5.417-1 I'm guessing that this started after an upgrade from perl-5.6.x to 5.8.0. However, I have already rebuilt/re-installed ms/sa (and perl modules) from srpms. Any suggestions would be welcome. TIA My mailscanner.conf file is attached. Sample Log Jul 28 15:55:52 wilma sendmail[31720]: j6SLtgZG031720: from=, size=995, class=0, nrcpts=1, msgid=<200507282155.j6SLtgZG031720@wilma.pcplace.ca>, proto=SMTP, daemon=MTA, relay=xdsl-81-173-138-104.netcologne.de [81.173.138.104] Jul 28 15:55:52 wilma MailScanner[25798]: New Batch: Scanning 1 messages, 1575 bytes Jul 28 15:55:53 wilma MailScanner[25798]: MCP Checks completed at 1575 bytes per second Jul 28 15:55:53 wilma MailScanner[25798]: Spam Checks: Starting Jul 28 15:55:54 wilma MailScanner[25798]: Message j6SLtgZG031720 from 81.173.138.104 (epku.lester@comcast.net) to pcplace.ca is not spam, SpamAssassin (score=0, required 4) Jul 28 15:55:57 wilma MailScanner[25798]: Spam Checks completed at 1575 bytes per second Jul 28 15:55:57 wilma MailScanner[25798]: Virus and Content Scanning: Starting Jul 28 15:55:57 wilma MailScanner[25798]: Virus Scanning completed at 525 bytes per second Jul 28 15:55:57 wilma MailScanner[25798]: Uninfected: Delivered 1 messages Jul 28 15:55:57 wilma MailScanner[25798]: Virus Processing completed at 1575 bytes per second Jul 28 15:55:57 wilma MailScanner[25798]: Disinfection completed at 1575 bytes per second Jul 28 15:55:58 wilma MailScanner[25798]: Batch completed at 315 bytes per second (1575 / 5) Jul 28 15:56:01 wilma sendmail[31737]: j6SLtgZG031720: to=lynnj@rider.com, delay=00:00:13, xdelay=00:00:04, mailer=esmtp, pri=120527, relay=mail01.rider.com. [204.244.34.103], dsn=2.0.0, stat=Sent (<200507282155.j6SLtgZG031720@wilma.pcplace.ca> Queued mail for delivery) -- Milton Calnek mcalnek@pcplace.ca +1 306 359 6939 -- DISCLAIMER: The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "mailscanner.conf" Application/OCTET-STREAM (Name: ] [ "mailscanner.conf") 11KB. ] [ Unable to print this part. ] From mailscanner at LISTS.COM.AR Fri Jul 29 14:27:05 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:26 2006 Subject: Spam actions when destinations have different thresholds Message-ID: For this type of things, I modify Message.pm, just before the return in new if( $this->SplitMail() ) { return undef; } return $this; } The SplitMail generates n mails depending on the diferent user preferences (and the recipients) and returns true if all the people wants the same actions/subject modifications/.../... and false otherways. I'm using zmailer so, mayor parts of your SplitMails have to be very different. This generates n mails for each splitted one, so I'm trading users tastes for processing time (but the event of splitting it's not so common so I'm not n-plicating the mails received) Saludos -- Leonardo Helman Pert Consultores Argentina On Fri, Jul 29, 2005 at 01:41:57PM +0100, Matt Hampton wrote: > Jules wrote: > > >This code has some calls to a couple of bits of other code in it, but > >it is pretty obvious what it does. It's from our Custom Function to > >auto-delete spam for individual users at the gateway. > >It calls Address2Threshold which takes an email address and returns > >the Required SpamAssassin Score value for that email address. > > > > > > > Thanks for this. Still doesn't solve the issue of tagging or not. > > Do people see this as an issue - I can't see that I am the only one who > is going to want to do this. I don't mind hacking the code but I guess > this is probably some signifcant changes so I wanted some feedback > before I started delving in to the deep dark depths of Julian's code. > > Currently I can only see two ways of doing it - forcing the incoming MTA > to split the envelope (not ideal) or MS spawing multiple messages. > > Suggestions/Comments? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Fri Jul 29 14:18:02 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:26 2006 Subject: Version Performance Message-ID: this is frustrating DOESN'T MATTER THE HARDWARE. I have made a SOFTWARE upgrade, WITHOUT any change to the hardware or hardware parameters. Only software. MS4-37.1 -> MS 4.44.1 SA3.02 -> SA3.04 And I MEASURED a drop in the performance something like more or less 10% (email processed on a certain time) So (I think) it's a simple cuestion about anyone measuring performance before/after upgrading. Do any of you measure top quantity of mails per second processed? Something like "Upgraded, didn't change the hardware and get x% more/less" Saludos -- Leonardo Helman Pert Consultores Argentina On Thu, Jul 28, 2005 at 10:03:04PM +0200, Koen Teugels wrote: > > On what hardware are you running this?? > Thanks > > Ugo Bellavance > Sent by: MailScanner mailing list > > 27/07/2005 15:38 > > Please respond to > MailScanner mailing list > > To > > MAILSCANNER@JISCMAIL.AC.UK > > cc > > Subject > > Re: Version Performance > > Leonardo Helman wrote: > > Hi I have been seen a small drop in performance > > between MS4-37.7/SA-3.02 to MS-4.44-1/SA-3.04 > > > > Under very heavy load we had been procesing about 15500 mails > > per hour, but with the new setup that number gets only to 13400 > > > > There where no changes at MTA, or the machine. > > I only change MS+SA+some perl modules > > Compress-Zlib, ExtUtils-MakeMaker File-Spec File-Temp IO-stringy > > MailTools MIME-Base64 Storable Time-HiRes > > > > All the surbls/rbls are the same. > > > > The other rules are all the same but the default ones. > > > > I'm triyng to see where the problem is. (modules? SA? MS?) > Please start here: > http://wiki.mailscanner.info/doku.php?id=documentation:test_troublesho > ot:performance > and here > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > -- > Ugo > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [1]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([2]http://wiki.mailscanner.info/) > and the archives > ([3]http://www.jiscmail.ac.uk/lists/mailscanner.html). > Support MailScanner development - buy the book off the website! > > References > > 1. file://localhost/tmp/jiscmail@jiscmail.ac.uk > 2. http://wiki.mailscanner.info/ > 3. http://www.jiscmail.ac.uk/lists/mailscanner.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Jul 29 15:23:21 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:26 2006 Subject: Happy Sysadmin Day! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] http://www.sysadminday.com/ Have fun ! -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Fri Jul 29 16:26:16 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:26 2006 Subject: Happy Sysadmin Day! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: >http://www.sysadminday.com/ > >Have fun ! > > I forwarded that link to my COO and told her I was partial to the home entertainment center. She just came by my cube can gave me a cake. At least it is chocolate. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 29 16:33:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:26 2006 Subject: Spamassassin always scores 0. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Milton R. Calnek wrote: > Hi, > > I need some help sorting this out. > > So far today, I've had 437 emails scaned by ms/sa with a score of 0 and > 23 with a score not 0 (-100 for being on a whitelist and 3.037 from AV > testing were common values for non-0 scores). I'd start by verifying SA with it's command-line tools: spamassassin --lint (should run, and exit quietly) Also try feeding it the sample spam message that comes with SA's source: spamassassin < sample-spam.txt The sample spam should trigger GTUBE and get a really high score. > spamassassin-3.0.2-2.0.rh9.rf Hmm, distro-ported version.. You might want to check to make sure the rulefiles wound up being installed correctly. Find out your default rules dir by running: spamassassin --lint -D And check to make sure the SA rulefiles are there. Also check the site rules dir for init.pre, and it should NOT contain any of the default rules (20_*.cf, 50_scores.cf, etc should be in default, not site rules) Usually this is OK, but sometimes a distro port package maintainer goofs up the specfile and the files get mis-installed. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Fri Jul 29 17:36:10 2005 From: mcalnek at PCPLACE.CA (Milton R. Calnek) Date: Thu Jan 12 21:30:26 2006 Subject: Spamassassin always scores 0. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: Friday, July 29, 2005 9:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Spamassassin always scores 0. > > > spamassassin --lint > (should run, and exit quietly) It does. > > Also try feeding it the sample spam message that comes with SA's source: > > spamassassin < sample-spam.txt spamassassin < /usr/share/doc/spamassassin-3.0.2/sample-nonspam.txt Surprises on output: X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on wilma.pcplace.ca X-Spam-Level: X-Spam-Status: No, score=0.0 required=4.0 tests=none autolearn=unavailable version=3.0.2 > The sample spam should trigger GTUBE and get a really high score. spamassassin < /usr/share/doc/spamassassin-3.0.2/sample-spam.txt X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on wilma.pcplace.ca X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=997.2 required=4.0 tests=ALL_TRUSTED, DNS_FROM_AHBL_RHSBL,GTUBE autolearn=unavailable version=3.0.2 > > spamassassin-3.0.2-2.0.rh9.rf > > Hmm, distro-ported version.. You might want to check to make sure the > rulefiles > wound up being installed correctly. Find out your default rules dir by > running: > > spamassassin --lint -D > debug: diag: module installed: URI, version 1.21 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf So I've got both init.pre and the config files... I think. > And check to make sure the SA rulefiles are there. Also check the site > rules dir > for init.pre, and it should NOT contain any of the default rules (20_*.cf, > 50_scores.cf, etc should be in default, not site rules) > Not sure if what I've got is correct and if not, how do I correct it. -- Milton Calnek mcalnek@pcplace.ca +1 306 359 6939 -- DISCLAIMER: The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 29 17:49:53 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:27 2006 Subject: Spamassassin always scores 0. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Milton R. Calnek wrote: >>spamassassin --lint >>(should run, and exit quietly) > > It does. Good. > spamassassin < /usr/share/doc/spamassassin-3.0.2/sample-nonspam.txt > > Surprises on output: > > X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on > wilma.pcplace.ca > X-Spam-Level: > X-Spam-Status: No, score=0.0 required=4.0 tests=none > autolearn=unavailable > version=3.0.2 That's normal, no surprises there. Unless you've got bayes running, there should be no rules that hit. > > spamassassin < /usr/share/doc/spamassassin-3.0.2/sample-spam.txt > > > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on > wilma.pcplace.ca > X-Spam-Level: ************************************************** > X-Spam-Status: Yes, score=997.2 required=4.0 tests=ALL_TRUSTED, > DNS_FROM_AHBL_RHSBL,GTUBE autolearn=unavailable version=3.0.2 > That's normal. > >>spamassassin --lint -D >> > > > debug: diag: module installed: URI, version 1.21 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf That's good. > > > Not sure if what I've got is correct and if not, how do I correct it. Well, your setup looks OK so far. Are you using network tests? (if you don't know, run a message through spamassassin -D and see what "score set" it chooses.) SA with both bayes and network tests disabled has a pretty low hitrate without a lot of add-on rules. I'd strongly consider enabling network checks if you can afford the load. If you're load sensitive, and can't run network or bayes, you might want to consider adding a few rulesets from www.rulesemporium.com. I like random, adult, specific, fraud_post25x, and obfu0. I use the above in my setup, as well as several custom rules. And I also use bayes and network checks (dnsbls, uribls, razor, and dcc) on top of that. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Fri Jul 29 18:33:41 2005 From: mcalnek at PCPLACE.CA (Milton R. Calnek) Date: Thu Jan 12 21:30:27 2006 Subject: Spamassassin always scores 0. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: Friday, July 29, 2005 10:50 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Spamassassin always scores 0. > > Are you using network tests? (if you don't know, run a message through > spamassassin -D and see what "score set" it chooses.) spamassassin -D < 1 > 1.1 2>1.2 Tells me that I'm using score set 0 and score set 1. debug: Score set 0 chosen. ... debug: Score set 1 chosen. Not really sure what this means. > > > SA with both bayes and network tests disabled has a pretty low hitrate > without a > lot of add-on rules. I'd strongly consider enabling network checks if you > can > afford the load. > > If you're load sensitive, and can't run network or bayes, you might want > to > consider adding a few rulesets from www.rulesemporium.com. Gotta get the regular rules running before I'll worry about additional rules... but thanks for the pointer. Or is the problem that I don't have enough rules? And I want to get bayes running as well. This is from my maillog... Jul 29 00:50:19 ... from 201.29.117.228 (hellen@sexyhot.com.br) to pcplace.ca is not spam, SpamAssassin (score=0, required 4) Jul 29 11:05:24 ... from 142.165.20.172 (tracycarroll@sasktel.net) to pcplace.ca is not spam (whitelisted), SpamAssassin (score=-100, required 4, USER_IN_WHITELIST -100.00) I think it's reasonable that the sexyhot message would trip at least one test. Or am I mistaken... clearly the whitelist rules are tested. -- Milton Calnek mcalnek@pcplace.ca +1 306 359 6939 -- DISCLAIMER: The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Jul 29 18:53:57 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:27 2006 Subject: Spamassassin always scores 0. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Milton R. Calnek wrote: >spamassassin < /usr/share/doc/spamassassin-3.0.2/sample-nonspam.txt > > > Milton, I think you should upgrade SA to 3.0.4 (but it probably has nothing to do with the problems you seem to have). Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 29 19:32:40 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:27 2006 Subject: Spamassassin always scores 0. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Milton R. Calnek wrote: >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Matt Kettler >>Sent: Friday, July 29, 2005 10:50 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: [MAILSCANNER] Spamassassin always scores 0. >> >>Are you using network tests? (if you don't know, run a message through >>spamassassin -D and see what "score set" it chooses.) > > > spamassassin -D < 1 > 1.1 2>1.2 > > Tells me that I'm using score set 0 and score set 1. > > debug: Score set 0 chosen. > ... > debug: Score set 1 chosen. > > Not really sure what this means. It means that SA started off with net checks disabled, then did a test DNS lookup, found it was working, then enabled network checks and shifted to score 1. > Gotta get the regular rules running before I'll worry about additional > rules... but thanks for the pointer. Or is the problem that I don't > have enough rules? From mcalnek at PCPLACE.CA Fri Jul 29 20:20:51 2005 From: mcalnek at PCPLACE.CA (Milton R. Calnek) Date: Thu Jan 12 21:30:27 2006 Subject: Spamassassin always scores 0. Message-ID: > > Do you have skip_rbl_checks 1 in your spam.assassin.prefs.conf? It's commented out. What should it be? > > Without seeing the message, I couldn't tell you what should or should not > have hit. > I understand what you're saying. Maybe I'll have to intercept some mail. -- DISCLAIMER: The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 29 20:33:13 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:27 2006 Subject: Spamassassin always scores 0. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Milton R. Calnek wrote: >>Do you have skip_rbl_checks 1 in your spam.assassin.prefs.conf? > > It's commented out. What should it be? Commented out, or set to 0. (0 is the default) >>Without seeing the message, I couldn't tell you what should or should >> not have hit. > I understand what you're saying. Maybe I'll have to intercept some mail. This shouldn't be hard. Worst-case you should be able to grab a spam sent to your own account ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From sean at NISD.NET Fri Jul 29 21:40:21 2005 From: sean at NISD.NET (Sean Embry) Date: Thu Jan 12 21:30:27 2006 Subject: questions mailing quarantined files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, This is my set up: Mail enters and leaves via the Mail Scanner box. The Mail Scanner is the MX for my domain, and my internal systems use the MailScanner box as their smart host. The internal boxes are protected by an ACL that only allowes the MailScanner box to connect to them, restricted by an ACL. The problem: Someone receives a file on the MailScanner. The file gets quarantined for whatever reason. I want to be able to email that file in regardless of the quarantine, but I only want someone with root privs to be able to do that. EG: someone uses formail -s procmail -d [username]@my.internal.box.net < message (I'm doing that with an eye to setting up a web page where the user can retreive the file.) We used to be able to do this on the 4.12-2 box, but on our new 4.43.8-1 box this no longer works. It gets bounced just as if it were sent from the internet, whereas the old box was quite happy to allow it. Also, I've noticed on the old box, the headers for the internal forwards look thus: Return-path: Received: from orb.nisd.net (orb.northside.isd.tenet.edu [165.111.2.14]) by thor.nisd.net; Wed, 06 Jul 2005 13:42:07 -0500 Received: (from abuse@localhost) by orb.nisd.net (8.11.6/8.11.6) id j66IdMI10273 for abuse@thor.northside.isd.tenet.edu; Wed, 6 Jul 2005 13:39:22 -0500 Received: from xxx.xxx.edu (xxx.xxxx.edu [xxx.xxx.xxx.xxx]) by orb.nisd.net (8.11.6/8.11.6) with ESMTP id j66IdKm10259 for ; Wed, 6 Jul 2005 13:39:20 -0500 Our new headers appear thus: Return-path: Received: from neworb.nisd.net (neworb.northside.isd.tenet.edu [165.111.2.20]) by thor.nisd.net; Fri, 29 Jul 2005 12:35:15 -0500 Received: from neworb.nisd.net (neworb.nisd.net [127.0.0.1]) by neworb.nisd.net (8.13.1/8.13.1) with ESMTP id j6THZ2aH013183 for ; Fri, 29 Jul 2005 12:35:07 -0500 Received: (from abuse@localhost) by neworb.nisd.net (8.13.1/8.13.1/Submit) id j6THZ2PT013182 for abuse@thor.northside.isd.tenet.edu; Fri, 29 Jul 2005 12:35:02 -0500 Received: from xxxxx.com (xxxxx.xxxxx.xxxxxx.com [xxx.xxx.xxx.xxx]) by neworb.nisd.net (8.13.1/8.13.1) with ESMTP id j6THYooL013160 for ; Fri, 29 Jul 2005 12:34:56 -0500 This looks like the system is scanning the local mail too now, so each email is getting scanned twice. If that's the case, what should I do about that? Just to be clear, the only users that will ever be local on this box are system admins. And a last word: Happy Sys Admin day, and especially Julian for all the hard work. Thanks Julian! ($BEVERAGE of your choice awaits you when first we meet) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gregg at GBCOMPUTERS.COM Fri Jul 29 22:13:36 2005 From: gregg at GBCOMPUTERS.COM (Gregg Berkholtz) Date: Thu Jan 12 21:30:27 2006 Subject: SMTP Time Scanning Message-ID: I apologize if this is a FAQ, but Google tells me it's not. Can MailScanner do SMTP-time scanning (ie: via a tie-in with an MTA)? Thanks, Gregg Berkholtz ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Fri Jul 29 22:58:21 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:27 2006 Subject: SMTP Time Scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gregg Berkholtz wrote: >I apologize if this is a FAQ, but Google tells me it's not. Can >MailScanner do SMTP-time scanning (ie: via a tie-in with an MTA)? > >Thanks, >Gregg Berkholtz > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > No, MailScanner purposefully doesn't touch the SMTP stream, and only works with message queues and such. If you want to do SMTP-time scanning, and your MTA is sendmail, you can use a milter such as clamav-milter for virus scanning and spamassassin-as-a-milter (never used it myself so I don't know what it's called). I use clamavmilter to reduce the load on the server by dropping mail with viruses before they reach sendmail+mailscanner+spamassassin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Jul 29 23:38:03 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:27 2006 Subject: SMTP Time Scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans wrote: > > No, MailScanner purposefully doesn't touch the SMTP stream, and only > works with message queues and such. If you want to do SMTP-time > scanning, and your MTA is sendmail, you can use a milter such as > clamav-milter for virus scanning and spamassassin-as-a-milter (never > used it myself so I don't know what it's called). I use clamavmilter to > reduce the load on the server by dropping mail with viruses before they > reach sendmail+mailscanner+spamassassin. milter-spamc, and mimedefang are two popular milters. SMTP-time scanning has some advantages (able to do SMTP layer rejects of spam) but some disadvantages (doesn't deal as gracefully with "bursts" of inbound mail). Pretty much every tool out there for scanning has advantages and drawbacks. As a summary, in general there are 4 places mail scanning can occur, and scanning at each layer has the following general strengths/weaknesses: 1) smtp-time: (ie: milters, qmail-scanner) +can reject (properly) +scanning is done per message not per recipient -inbound mail rate must be limited by a number of processes, or else system load will explode. (most do this using spamd which has built-in child limiting) -usually have very limited per-user flexibility 2) mta-queue layer (mailscanner is the only one I'm aware of): +inbound mail can be queued quickly without waiting. +scanning can done per-message or per recipient (with some MTA queuing options) +bursts of high volume have little impact on system load -sustained high volume can cause mail queue to get large (Mailscanner does shift to emergency mode to alleviate this, but that bypasses scanning) -somewhat limited per-user flexibility (better than with milter, but still one SA user_prefs) -can't reject, can only generate post-delivery bounces (bad idea) 3) MDA layer (ie: procmail) +high degree of per-user flexibility, as passing -u to spamc allows separate user_prefs -multi-recipient messages must be re-scanned -can't reject, can only generate post-delivery bounces 4) MUA layer (ie: called from within kmail) +complete end-user control of scanning -isn't site-wide, must be installed on each client machine -no centralized scanner, thus no central statistics -messages must be downloaded to client before they can be scanned. -can't reject ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Jul 30 03:36:29 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:27 2006 Subject: Another Postfix Question Message-ID: Again, I'm a postfix newbie from the sendmail world :) Sporadically, I'm seeing something like this in my logs and am not quite sure what it means: Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from mta237.brandfeatures.com[64.192.118.237] Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file >/var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such file or directory Jul 29 21:33:47 avenger MailScanner[26705]: Cannot create + lock headers file /var/spool/postfix/hold/26705/EF4DD336C035.ED194.header, Jul 29 21:33:47 avenger MailScanner[26732]: MailScanner E-Mail Virus Scanner version 4.43.8 starting... Jul 29 21:33:48 avenger MailScanner[26700]: Could not open file >/var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header: No such file or directory Jul 29 21:33:48 avenger MailScanner[26700]: Cannot create + lock headers file /var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header, Jul 29 21:33:49 avenger MailScanner[26685]: Could not open file >/var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header: No such file or directory Jul 29 21:33:49 avenger MailScanner[26685]: Cannot create + lock headers file /var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header, Jul 29 21:33:50 avenger MailScanner[26680]: Could not open file >/var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header: No such file or directory Jul 29 21:33:50 avenger MailScanner[26680]: Cannot create + lock headers file /var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header, Ideas? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Jul 30 03:49:32 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:28 2006 Subject: tnef screwed up my queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This has reoccured today. Its fustrating because it stops mail from being processed altogether, the queue builds up. Also there is always a corrupt message associated with this. postfix/postfix-script: warning: damaged message: corrupt/2698C501BB [root@car-mbus-sw1 ~]# ls -lah /var/spool/postfix/hold/ total 200K drwx------ 18 postfix root 4.0K Jul 29 18:10 . drwxr-xr-x 16 root root 4.0K Feb 28 17:19 .. drwx------ 2 postfix postfix 12K Jul 30 12:11 0 drwx------ 2 postfix postfix 12K Jul 30 12:35 1 drwx------ 2 postfix postfix 12K Jul 30 12:21 2 drwx------ 2 postfix postfix 12K Jul 30 12:30 3 drwx------ 2 postfix postfix 12K Jul 30 12:33 4 drwx------ 2 postfix postfix 12K Jul 30 12:33 5 drwx------ 2 postfix postfix 12K Jul 30 12:26 6 drwx------ 2 postfix postfix 12K Jul 30 12:25 7 drwx------ 2 postfix postfix 12K Jul 30 12:12 8 drwx------ 2 postfix postfix 12K Jul 30 12:33 9 drwx------ 2 postfix postfix 12K Jul 30 12:06 A drwx------ 2 postfix postfix 12K Jul 30 11:43 B drwx------ 2 postfix postfix 12K Jul 30 12:22 C drwx------ 2 postfix postfix 12K Jul 30 12:19 D drwx------ 2 postfix postfix 12K Jul 30 12:14 E drwx------ 2 postfix postfix 4.0K Jul 30 11:36 F -rw-rw---- 1 postfix postfix 6.4K Jul 29 13:39 tnef-3559-1.doc Any ideas on how to troubleshoot this? Pete Peter Russell wrote: > I had exactly the same problem recently and posted it to the list. All > my tnef and file settings are default. this problem appears (to me) to > have occured only after an upgrade to 4.43.8 > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Jul 29 23:53:28 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:28 2006 Subject: questions mailing quarantined files Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/07/05, Sean Embry wrote: > > Hi, > > This is my set up: > > Mail enters and leaves via the Mail Scanner box. The Mail Scanner is the MX > for my domain, and my internal systems use the MailScanner box as their > smart host. The internal boxes are protected by an ACL that only allowes the > MailScanner box to connect to them, restricted by an ACL. > > The problem: > > Someone receives a file on the MailScanner. The file gets quarantined for > whatever reason. > I want to be able to email that file in regardless of the quarantine, but I > only want someone with root privs to be able to do that. > EG: someone uses > formail -s procmail -d [username]@my.internal.box.net < message > > (I'm doing that with an eye to setting up a web page where the user can > retreive the file.) > > We used to be able to do this on the 4.12-2 box, but on our new 4.43.8-1 box > this no longer works. > It gets bounced just as if it were sent from the internet, whereas the old > box was quite happy to allow it. > > Also, I've noticed on the old box, the headers for the internal forwards > look thus: > > Return-path: > Received: from orb.nisd.net > (orb.northside.isd.tenet.edu [165.111.2.14]) > by thor.nisd.net; Wed, 06 Jul 2005 13:42:07 -0500 > Received: (from abuse@localhost) > by orb.nisd.net (8.11.6/8.11.6) id j66IdMI10273 > for abuse@thor.northside.isd.tenet.edu; Wed, 6 Jul 2005 > 13:39:22 -0500 > Received: from xxx.xxx.edu (xxx.xxxx.edu [xxx.xxx.xxx.xxx]) > by orb.nisd.net (8.11.6/8.11.6) with ESMTP id j66IdKm10259 > for ; Wed, 6 Jul 2005 13:39:20 -0500 > > Our new headers appear thus: > > Return-path: > Received: from neworb.nisd.net > (neworb.northside.isd.tenet.edu [165.111.2.20]) > by thor.nisd.net; Fri, 29 Jul 2005 12:35:15 -0500 > Received: from neworb.nisd.net (neworb.nisd.net [127.0.0.1]) > by neworb.nisd.net (8.13.1/8.13.1) with ESMTP id j6THZ2aH013183 > for ; Fri, 29 Jul 2005 > 12:35:07 -0500 > Received: (from abuse@localhost) > by neworb.nisd.net (8.13.1/8.13.1/Submit) id j6THZ2PT013182 > for abuse@thor.northside.isd.tenet.edu; Fri, 29 Jul 2005 > 12:35:02 -0500 > Received: from xxxxx.com (xxxxx.xxxxx.xxxxxx.com [xxx.xxx.xxx.xxx]) > by neworb.nisd.net (8.13.1/8.13.1) with ESMTP id j6THYooL013160 > for ; Fri, 29 Jul 2005 12:34:56 -0500 > > This looks like the system is scanning the local mail too now, so each email > is getting scanned twice. If that's the case, what should I do about that? > Just to be clear, the only users that will ever be local on this box are > system admins. > > > And a last word: > Happy Sys Admin day, and especially Julian for all the hard work. Thanks > Julian! ($BEVERAGE of your choice awaits you when first we meet) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Whitelist localhost (the IP, not the name). Examples in abundace, and me to lazy to look them up for you.... Look at the wiki, MAQ, EXAMPLES, the book, the list archives, Julians pocket......:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 30 09:01:32 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:28 2006 Subject: tnef screwed up my queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > This has reoccured today. Its fustrating because it stops mail from > being processed altogether, the queue builds up. Also there is always a > corrupt message associated with this. > > postfix/postfix-script: warning: damaged message: corrupt/2698C501BB > > Any ideas on how to troubleshoot this? > Pete Pete, We have a similar problem though without the corrupt messages. We take care of this using a script polling the hold dir every 2 minutes.. (till we have a clear solution) [root@serv ~]# more /scripts/clear_tnef.sh #!/bin/bash /bin/ls /var/spool/postfix/hold/tnef* > /dev/null 2>&1 RETVAL=`echo $?` if [ $RETVAL -eq "0" ]; then # You could also rm -f in place of mv -f /bin/mv -f /var/spool/postfix/hold/tnef* /tmp/ else echo "Not done" > /dev/null 2>&1 fi The corresponding cron entry.. 00-59/2 * * * * /scripts/clear_tnef.sh > /dev/null 2>&1 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Jul 30 09:33:02 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:28 2006 Subject: Another Postfix Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: > Again, I'm a postfix newbie from the sendmail world :) > > Sporadically, I'm seeing something like this in my logs and am not quite > sure what it means: > > Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from > mta237.brandfeatures.com[64.192.118.237] > > Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file > >>/var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such file or > > directory > Just a wild guess, what do you get for this command? # postconf hash_queue_depth hash_queue_names Also what is the postfix version? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 30 13:28:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:28 2006 Subject: Version Performance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What would be really helpful would be if you could try some intervening versions as well, and see exactly what version change caused the slow-down. A lot of code changed between 4.37 and 4.44. Leonardo Helman wrote: >this is frustrating > >DOESN'T MATTER THE HARDWARE. > >I have made a SOFTWARE upgrade, WITHOUT any change >to the hardware or hardware parameters. > >Only software. > >MS4-37.1 -> MS 4.44.1 >SA3.02 -> SA3.04 > >And I MEASURED a drop in the performance something like >more or less 10% (email processed on a certain time) > >So (I think) it's a simple cuestion about anyone >measuring performance before/after upgrading. > >Do any of you measure top quantity of mails per second processed? >Something like "Upgraded, didn't change the hardware and get x% more/less" > >Saludos > >-- >Leonardo Helman >Pert Consultores >Argentina > >On Thu, Jul 28, 2005 at 10:03:04PM +0200, Koen Teugels wrote: > > >> On what hardware are you running this?? >> Thanks >> >> Ugo Bellavance >> Sent by: MailScanner mailing list >> >> 27/07/2005 15:38 >> >> Please respond to >> MailScanner mailing list >> >> To >> >> MAILSCANNER@JISCMAIL.AC.UK >> >> cc >> >> Subject >> >> Re: Version Performance >> >> Leonardo Helman wrote: >> > Hi I have been seen a small drop in performance >> > between MS4-37.7/SA-3.02 to MS-4.44-1/SA-3.04 >> > >> > Under very heavy load we had been procesing about 15500 mails >> > per hour, but with the new setup that number gets only to 13400 >> > >> > There where no changes at MTA, or the machine. >> > I only change MS+SA+some perl modules >> > Compress-Zlib, ExtUtils-MakeMaker File-Spec File-Temp IO-stringy >> > MailTools MIME-Base64 Storable Time-HiRes >> > >> > All the surbls/rbls are the same. >> > >> > The other rules are all the same but the default ones. >> > >> > I'm triyng to see where the problem is. (modules? SA? MS?) >> Please start here: >> http://wiki.mailscanner.info/doku.php?id=documentation:test_troublesho >> ot:performance >> and here >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >> -- >> Ugo >> -> Please don't send a copy of your reply by e-mail. I read the list. >> -> Please avoid top-posting, long signatures and HTML, and cut the >> irrelevant parts in your replies. >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> Support MailScanner development - buy the book off the website! >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email [1]jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki ([2]http://wiki.mailscanner.info/) >> and the archives >> ([3]http://www.jiscmail.ac.uk/lists/mailscanner.html). >> Support MailScanner development - buy the book off the website! >> >>References >> >> 1. file://localhost/tmp/jiscmail@jiscmail.ac.uk >> 2. http://wiki.mailscanner.info/ >> 3. http://www.jiscmail.ac.uk/lists/mailscanner.html >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 30 13:33:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:28 2006 Subject: Another Postfix Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Kercher wrote: >Again, I'm a postfix newbie from the sendmail world :) > >Sporadically, I'm seeing something like this in my logs and am not quite >sure what it means: > >Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from >mta237.brandfeatures.com[64.192.118.237] > >Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file > > >>/var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such file or >> >> >directory > >Jul 29 21:33:47 avenger MailScanner[26705]: Cannot create + lock headers >file /var/spool/postfix/hold/26705/EF4DD336C035.ED194.header, > >Jul 29 21:33:47 avenger MailScanner[26732]: MailScanner E-Mail Virus Scanner >version 4.43.8 starting... > >Jul 29 21:33:48 avenger MailScanner[26700]: Could not open file > > >>/var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header: No such file or >> >> >directory > >Jul 29 21:33:48 avenger MailScanner[26700]: Cannot create + lock headers >file /var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header, > >Jul 29 21:33:49 avenger MailScanner[26685]: Could not open file > > >>/var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header: No such file or >> >> >directory > >Jul 29 21:33:49 avenger MailScanner[26685]: Cannot create + lock headers >file /var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header, > >Jul 29 21:33:50 avenger MailScanner[26680]: Could not open file > > >>/var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header: No such file or >> >> >directory > >Jul 29 21:33:50 avenger MailScanner[26680]: Cannot create + lock headers >file /var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header, > > I think you have your "incoming work directory" set wrong. It should be /var/spool/MailScanner/incoming, you appear to have it set to /var/spool/postfix/hold. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From samp at ARIAL-CONCEPT.COM Sat Jul 30 13:46:46 2005 From: samp at ARIAL-CONCEPT.COM (Sam Przyswa) Date: Thu Jan 12 21:30:28 2006 Subject: Another Postfix Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field a écrit : > Mike Kercher wrote: > >> Again, I'm a postfix newbie from the sendmail world :) >> >> Sporadically, I'm seeing something like this in my logs and am not quite >> sure what it means: >> >> Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from >> mta237.brandfeatures.com[64.192.118.237] >> >> Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file >> >> >>> /var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such >>> file or >>> >> >> directory >> Jul 29 21:33:47 avenger MailScanner[26705]: Cannot create + lock headers >> file /var/spool/postfix/hold/26705/EF4DD336C035.ED194.header, >> Jul 29 21:33:47 avenger MailScanner[26732]: MailScanner E-Mail Virus >> Scanner >> version 4.43.8 starting... >> Jul 29 21:33:48 avenger MailScanner[26700]: Could not open file >> >> >>> /var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header: No such >>> file or >>> >> >> directory >> Jul 29 21:33:48 avenger MailScanner[26700]: Cannot create + lock headers >> file /var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header, >> Jul 29 21:33:49 avenger MailScanner[26685]: Could not open file >> >> >>> /var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header: No such >>> file or >>> >> >> directory >> Jul 29 21:33:49 avenger MailScanner[26685]: Cannot create + lock headers >> file /var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header, >> Jul 29 21:33:50 avenger MailScanner[26680]: Could not open file >> >> >>> /var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header: No such >>> file or >>> >> >> directory >> Jul 29 21:33:50 avenger MailScanner[26680]: Cannot create + lock headers >> file /var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header, >> > I think you have your "incoming work directory" set wrong. It should > be /var/spool/MailScanner/incoming, you appear to have it set to > /var/spool/postfix/hold. > ...check owner and group of directories and files, have you some error messages when you start MailScanner with /etc/init.d/mailscanner ? (if you use Debien) Sam. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jul 30 14:24:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:28 2006 Subject: tnef screwed up my queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please can you copy a TNEF Postfix message file on a web site and mail me a URL? I need something to try it with. I suspect I'm just missing a chdir somewhere. Dhawal Doshy wrote: > Pete Russell wrote: > >> This has reoccured today. Its fustrating because it stops mail from >> being processed altogether, the queue builds up. Also there is always >> a corrupt message associated with this. >> >> postfix/postfix-script: warning: damaged message: corrupt/2698C501BB >> >> Any ideas on how to troubleshoot this? >> Pete > > > Pete, > > We have a similar problem though without the corrupt messages. > > We take care of this using a script polling the hold dir every 2 > minutes.. (till we have a clear solution) > > [root@serv ~]# more /scripts/clear_tnef.sh > #!/bin/bash > > /bin/ls /var/spool/postfix/hold/tnef* > /dev/null 2>&1 > RETVAL=`echo $?` > > if [ $RETVAL -eq "0" ]; then > # You could also rm -f in place of mv -f > /bin/mv -f /var/spool/postfix/hold/tnef* /tmp/ > else > echo "Not done" > /dev/null 2>&1 > fi > > The corresponding cron entry.. > 00-59/2 * * * * /scripts/clear_tnef.sh > /dev/null 2>&1 > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Jul 30 15:17:24 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:29 2006 Subject: Another Postfix Question Message-ID: I did have my Incoming Work Dir set incorrectly. Not sure why I changed it...but it was working for the most part. I'll see how this goes. Thanks! Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Saturday, July 30, 2005 7:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Another Postfix Question Mike Kercher wrote: >Again, I'm a postfix newbie from the sendmail world :) > >Sporadically, I'm seeing something like this in my logs and am not >quite sure what it means: > >Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from >mta237.brandfeatures.com[64.192.118.237] > >Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file > > >>/var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such file >>or >> >> >directory > >Jul 29 21:33:47 avenger MailScanner[26705]: Cannot create + lock >headers file /var/spool/postfix/hold/26705/EF4DD336C035.ED194.header, > >Jul 29 21:33:47 avenger MailScanner[26732]: MailScanner E-Mail Virus >Scanner version 4.43.8 starting... > >Jul 29 21:33:48 avenger MailScanner[26700]: Could not open file > > >>/var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header: No such file >>or >> >> >directory > >Jul 29 21:33:48 avenger MailScanner[26700]: Cannot create + lock >headers file /var/spool/postfix/hold/26700/EF4DD336C035.15B2E.header, > >Jul 29 21:33:49 avenger MailScanner[26685]: Could not open file > > >>/var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header: No such file >>or >> >> >directory > >Jul 29 21:33:49 avenger MailScanner[26685]: Cannot create + lock >headers file /var/spool/postfix/hold/26685/EF4DD336C035.BE4AC.header, > >Jul 29 21:33:50 avenger MailScanner[26680]: Could not open file > > >>/var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header: No such file >>or >> >> >directory > >Jul 29 21:33:50 avenger MailScanner[26680]: Cannot create + lock >headers file /var/spool/postfix/hold/26680/EF4DD336C035.9FAE2.header, > > I think you have your "incoming work directory" set wrong. It should be /var/spool/MailScanner/incoming, you appear to have it set to /var/spool/postfix/hold. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Jul 30 15:18:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:29 2006 Subject: Another Postfix Question Message-ID: hash_queue_depth = 1 hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace This is on postfix-2.1.5-4.2.RHEL4 Thanks! Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy Sent: Saturday, July 30, 2005 3:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Another Postfix Question Mike Kercher wrote: > Again, I'm a postfix newbie from the sendmail world :) > > Sporadically, I'm seeing something like this in my logs and am not > quite sure what it means: > > Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from > mta237.brandfeatures.com[64.192.118.237] > > Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file > >>/var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such file >>or > > directory > Just a wild guess, what do you get for this command? # postconf hash_queue_depth hash_queue_names Also what is the postfix version? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sat Jul 30 16:40:11 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:29 2006 Subject: tnef screwed up my queue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Buggar! i have deleted and turned off tnef expansion (wil this stop this from happening? I will turn tnef back on and monitor when i go back to work on monday. Pete Julian Field wrote: > Please can you copy a TNEF Postfix message file on a web site and mail > me a URL? > I need something to try it with. I suspect I'm just missing a chdir > somewhere. > > Dhawal Doshy wrote: > >> Pete Russell wrote: >> >>> This has reoccured today. Its fustrating because it stops mail from >>> being processed altogether, the queue builds up. Also there is always >>> a corrupt message associated with this. >>> >>> postfix/postfix-script: warning: damaged message: corrupt/2698C501BB >>> >>> Any ideas on how to troubleshoot this? >>> Pete >> >> >> >> Pete, >> >> We have a similar problem though without the corrupt messages. >> >> We take care of this using a script polling the hold dir every 2 >> minutes.. (till we have a clear solution) >> >> [root@serv ~]# more /scripts/clear_tnef.sh >> #!/bin/bash >> >> /bin/ls /var/spool/postfix/hold/tnef* > /dev/null 2>&1 >> RETVAL=`echo $?` >> >> if [ $RETVAL -eq "0" ]; then >> # You could also rm -f in place of mv -f >> /bin/mv -f /var/spool/postfix/hold/tnef* /tmp/ >> else >> echo "Not done" > /dev/null 2>&1 >> fi >> >> The corresponding cron entry.. >> 00-59/2 * * * * /scripts/clear_tnef.sh > /dev/null 2>&1 >> >> - dhawal >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Sat Jul 30 17:25:36 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:29 2006 Subject: Spam actions when destinations have different thresholds Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Leonardo Helman wrote: >For this type of things, I modify Message.pm, just before >the return in new > > if( $this->SplitMail() ) { > return undef; > } > return $this; > } > >The SplitMail generates n mails depending on the diferent user >preferences (and the recipients) and returns true if all the >people wants the same actions/subject modifications/.../... >and false otherways. > > Is it possible that you could post some example code? This is exactly what I am after! >This generates n mails for each splitted one, so I'm trading users tastes >for processing time (but the event of splitting it's not so common >so I'm not n-plicating the mails received) > > Do you have a feel for the number of times this happens? Thanks for your reply. Matt > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgbmtom at SPAMCOP.NET Sat Jul 30 17:38:27 2005 From: cgbmtom at SPAMCOP.NET (Tom Carroll) Date: Thu Jan 12 21:30:29 2006 Subject: Another Postfix Question Message-ID: On my RHEL4 machine and I have those two lines completely commented out in my configuration and it is working flawlessly. Tom On Saturday, July 30, 2005 4:18 AM Mike Kercher wrote: > hash_queue_depth = 1 > hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, > trace > > This is on postfix-2.1.5-4.2.RHEL4 > > Thanks! > > Mike > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of Dhawal Doshy > Sent: Saturday, July 30, 2005 3:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Another Postfix Question > > Mike Kercher wrote: > > Again, I'm a postfix newbie from the sendmail world :) > > > > Sporadically, I'm seeing something like this in my logs and am not > > quite sure what it means: > > > > Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from > > mta237.brandfeatures.com[64.192.118.237] > > > > Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file > > > >>/var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such file > >>or > > > > directory > > > > Just a wild guess, what do you get for this command? > # postconf hash_queue_depth hash_queue_names > > Also what is the postfix version? > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Jul 30 17:49:41 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:29 2006 Subject: Another Postfix Question Message-ID: They are not specified in my main.cf either, which would lead me to believe they are defaults values within the code of postfix. Hopefully, it was a misconfiguration error on my part in my MailScanner.conf as Julian suggested. Mike -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tom Carroll Sent: Saturday, July 30, 2005 11:38 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Another Postfix Question On my RHEL4 machine and I have those two lines completely commented out in my configuration and it is working flawlessly. Tom On Saturday, July 30, 2005 4:18 AM Mike Kercher wrote: > hash_queue_depth = 1 > hash_queue_names = incoming, active, deferred, bounce, defer, flush, > hold, trace > > This is on postfix-2.1.5-4.2.RHEL4 > > Thanks! > > Mike > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dhawal Doshy > Sent: Saturday, July 30, 2005 3:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Another Postfix Question > > Mike Kercher wrote: > > Again, I'm a postfix newbie from the sendmail world :) > > > > Sporadically, I'm seeing something like this in my logs and am not > > quite sure what it means: > > > > Jul 29 21:33:46 avenger postfix/smtpd[26727]: disconnect from > > mta237.brandfeatures.com[64.192.118.237] > > > > Jul 29 21:33:47 avenger MailScanner[26705]: Could not open file > > > >>/var/spool/postfix/hold/26705/EF4DD336C035.ED194.header: No such > >>file or > > > > directory > > > > Just a wild guess, what do you get for this command? > # postconf hash_queue_depth hash_queue_names > > Also what is the postfix version? > > - dhawal > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Sun Jul 31 11:07:25 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:29 2006 Subject: List ping Message-ID: I've now determined (via telnet.... which this is sent with) that fili is OK, but kili is unable to run it's^H^Hs virus-scanner. How hard can this be to fix:-). Cheers everyone -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jul 31 12:15:52 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:29 2006 Subject: List ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just mailed the helpline myself, to see if I can extract any fix from them. I will post what I hear back from them. Glenn Steen wrote: >I've now determined (via telnet.... which this is sent with) that fili is OK, but kili is unable to run it's^H^Hs virus-scanner. How hard can this be to fix:-). > >Cheers everyone >-- Glenn > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jul 31 17:37:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:29 2006 Subject: Grinding to a halt processing Postfix messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you have been having a problem where MailScanner gives up processing messages after a few hours, causing it to just sit there and not process anything, I have a fix I would like you to try. Edit /usr/lib/MailScanner/MailScanner/Postfix.pm and look at line 1117. It should say: $filecount++ if -f $dir1name; Change it to say: $filecount++ if -f $dir1name && $dir1name =~ /$mta->{HDFileRegexp}/; (all of that should be on 1 line) Please let me know if this helps. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sun Jul 31 18:10:25 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:29 2006 Subject: Grinding to a halt processing Postfix messages Message-ID: MailScanner mailing list <> scribbled on Sunday, July 31, 2005 11:38 AM: > If you have been having a problem where MailScanner gives up > processing messages after a few hours, causing it to just sit > there and not process anything, I have a fix I would like you to try. > > Edit /usr/lib/MailScanner/MailScanner/Postfix.pm and look at > line 1117. > It should say: > $filecount++ if -f $dir1name; > Change it to say: > $filecount++ if -f $dir1name && $dir1name =~ > /$mta->{HDFileRegexp}/; (all of that should be on 1 line) > > Please let me know if this helps. This is on line 1099 for me with mailscanner-4.43.8-1 Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Jul 29 10:28:39 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:29 2006 Subject: List ping Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/7/28, William Burns : > My last post came back very quickly too. > Faster than I'm used to seeing this list respond. > (In the past I have seen delays) > > -Bill Thanks guys, then it's official... Jiscmail just hates me:-) Let's see if this gets through at all... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website!